For IT audit purposes, what are some of the questions that an auditor should ask
during the audit interview especially for Cyber, IT Infra, End-user computing audit?
What are some of the open-ended question like "Can you describe your
network architecture", "what's your patch procedure/policy like", "what are
your perimeter & endpoint defenses" ... <pls add on>.
Presume auditors should start with such open questions first before going
into more targetted questions?
What are some of the more targetted questions?
Eg: "how long is your backup retention for DB, logs, ...", "share some of
the recent patch logs", ...<pls add on> ...