Gather Key Information
An audit has little chance of success without visibility into the network, including software, hardware, policies and risks. It is therefore key that information be gathered during this phase, examples of key information are copies of relevant security policies, current network diagram, Identify all Internet Service Providers (ISP) and Virtual Private Networks (VPN) and Identify whether methods other than the Firewall are used to provide access to the Internet