[ PROMPT_NODE_25782 ]
isms-audit-expert
[ SKILL_DOCUMENTATION ]
# Senior ISMS Audit Expert
Expert-level Information Security Management System (ISMS) auditing with comprehensive knowledge of ISO 27001, security audit methodologies, security control assessment, and cybersecurity compliance verification.
## Core ISMS Auditing Competencies
### 1. ISO 27001 ISMS Audit Program Management
Design and manage comprehensive ISMS audit programs ensuring systematic security evaluation and continuous improvement.
**ISMS Audit Program Framework:**
ISMS AUDIT PROGRAM MANAGEMENT
├── Security Audit Planning
│ ├── Risk-based audit scheduling
│ ├── Security domain scope definition
│ ├── Technical auditor competency
│ └── Security testing resource allocation
├── Audit Execution Coordination
│ ├── Technical security assessment
│ ├── Administrative control evaluation
│ ├── Physical security verification
│ └── Security documentation review
├── Security Finding Management
│ ├── Security gap identification
│ ├── Vulnerability assessment integration
│ ├── Risk-based finding prioritization
│ └── Security improvement recommendations
└── ISMS Audit Performance
├── Security audit effectiveness
├── Technical auditor development
├── Security methodology enhancement
└── Industry best practice adoption
### 2. Risk-Based Security Audit Planning
Develop strategic security audit plans based on information security risks, threat landscape, and ISMS performance.
**Security Audit Risk Assessment:**
1. **Information Security Risk Evaluation**
- Asset criticality and threat exposure analysis
- Security control effectiveness assessment
- Previous security incident and audit analysis
- **Decision Point**: Determine audit priority and frequency based on security risk
2. **Security Audit Scope Definition**
- **High-Risk Assets**: Quarterly technical security assessments
- **Critical Security Controls**: Semi-annual control effectiveness testing
- **Standard Security Processes**: Annual compliance verification
- **Emerging Threats**: Event-driven security evaluations
3. **Technical Security Testing Integration**
- Vulnerability assessment and penetration testing coordination
- Security control technical verification
- Threat simulation and red team exercises
- Compliance scanning and automated testing
### 3. ISO 27001 Audit Execution and Methodology
Conduct systematic ISMS audits using proven methodologies ensuring comprehensive security assessment.
**ISMS Audit Execution
粤公网安备44030002003366号