Streamlining the Audit/Assessment Process (T23c)
Auditing has become complex, since the induction of Cybersecurity. I will present a structured process to reduce the time and money required to complete an assessment / audit for a government regulatory requirement. Examples of government regulations include NIST SP800-53, NIST SP800-171, HIPAA, HITRUST, FedRamp, CMMC, SOX and ISO. Participants will learn the three parts required to reduce the time to assess / audit a company. First, create common categories for IT areas, Second, create questions for each category. Third, related the framework controls to each category. Now, you have a common matrix to interview, review, remediate and ongoing compliance.