Audit remediation step by step
A good rule of thumb when doing remediation is that it should be as transparent as possible, so that it has a minimal impact on users.There may be times that remediation may have some impact on users. For example, implementing a much stricter password policy or disabling group accounts may have an effect on how users do their jobs. For the most part, patches and system updates should be transparent to users.The more transparent your remediation, the less problems you’re likely to have implementing it. As you plan your remediation process, always keep transparency in mind.
The first thing you should do in planning for remediation is review your compliance gap with your auditor.Your compliance gap describes the difference from where you are now and where you should be to be compliant.You should get a report and be briefed on the details of the problems. It is important to ask your auditor which risks he considers high priority. For example, if the auditor feels that you have urgent risks that could easily be exploited at any time, you would want to work on mitigating these first. In a few cases, an auditor will find a risk that is being actively exploited. In this case, the auditor should let you know as soon as he finds the problem and not wait until the rest of his assessment is done.This would then become your top priority, and you should follow your company’s procedure for dealing with attacks and call in your incident response team.
Here is the step by step for remediation taken from Tony Bradley book about PCI Security Compliances
1. Review Gap Analysis
3. Follow Change Control Procedures
- Document Impact
- Management Impact
- Management Sign-off
- Test Operational Functionality
- Plan Back-out Procedures
4. Perform Change
5. Verify Remediation
6. Reschedule Audit
Now that you have your results and understand what needs to be done to come into compliance, it’s time to prioritize our risks.With the help of your auditor and by doing your own research, you should work to determine which problem can be exploited easiest and can cause the most damage.These are the ones that should be fixed first