Schaumburg, IL—Despite technological advancements, today’s digital ecosystem is not impenetrable and necessitates increased vigilance – especially as the internet continues to be more centralized. Virtual private networks (VPNs) remain one of the key tools that many rely on to secure digital communications, while biometrics are a fixture in identification and authentication. ISACA has updated two audit programs on VPN security and biometrics to equip audit professionals with the latest tools to effectively assess these technologies and their associated administrative controls.

While they provide benefits, VPNs also face several challenges, such as latency and bandwidth constraints, conflicts with modern zero-trust security models, and the potential for encrypted traffic to mask malicious activity. ISACA’s updated VPN Security Audit Program acknowledges the trending use of VPNs and provides auditors with a tool to evaluate VPNs to determine if the control environment is operating as designed. This audit program provides control objectives, controls and testing for audit components, such as:

• Pre-Auditing Planning—terminology/technology, personnel, scope and documentation
• Governance and Oversight—oversight, policies and security awareness
• Implementation and Configuration—VPN architecture, configuration, client configuration and endpoint configuration
• Operations—policy implementation, data classification, VPN inventory, IT assets, VPN authentication, VPN access and vendor VPN access
• Maintenance and Monitoring—VPN activity logging and monitoring, patch management and VPN capacity planning integration of VPN technologies with the service desk

While biometrics are a critical part of an enterprise’s physical and logical access controls, they also introduce risk to the enterprise. ISACA’s updated Biometrics Audit Program focuses on helping ensure enterprise policies, standards and procedures are in place to support secure biometric network architecture, resilience to major outages, intrusions or other failures, and the operational effectiveness of related security operations. 

ISACA’s Biometrics Audit Program lists potential key risks, including:

• User concern about intrusion into individual privacy
• Impersonation of individuals leading to legal liability as the result of stolen or modified biometrics (e.g., fingerprints, other sensitive data) stored in unprotected databases
• Violation of regulatory requirements, such as HIPAA and local, regional, and/or international data privacy laws

Each audit program is US$25 for ISACA members and US$45 for nonmembers. The VPN Security Audit Program can be accessed at https://store.isaca.org/s/store#/store/browse/detail/a2SVQ000001C5rN2AS and the Biometrics Audit Program can be accessed at https://store.isaca.org/s/store#/store/browse/detail/a2SVQ000001C5xp2AC. Additional audit programs and tools from ISACA can be found at www.isaca.org/resources/insights-and-expertise/audit-programs-and-tools.

About ISACA

ISACA^® (www.isaca.org) represents the global workforce advancing trust in technology. For more than 55 years, ISACA has empowered its global community of 185,000+ members with the knowledge, credentials, training and network they need to thrive in fields like information security, governance, assurance, data privacy, risk management and emerging tech. With a presence in 195 countries and with nearly 230 chapters worldwide, ISACA offers resources tailored to every stage of members’ careers—helping them to thrive in a rapidly changing digital landscape, drive trusted innovation and ensure a more secure digital world. Through the ISACA Foundation, ISACA also champions IT education and career pathways for underrepresented and underresourced communities, fostering a diverse and inclusive technology workforce.

LinkedIn: www.linkedin.com/company/isaca 
Facebook: www.facebook.com/ISACAGlobal 
Instagram: www.instagram.com/isacanews 

Contact:

communications@isaca.org
Emily Ayala, +1.847.385.7223
Bridget Drufke, +1.847.660.5554