Prompt Library ⚙️ Technical Create Cybersecurity Audit Guide
GPT-4o ⚙️ Technical Advanced

Create Cybersecurity Audit Guide

Write a step-by-step cybersecurity audit guide covering scope, methodology, controls, and reporting.
🏷 Step-by-step 🏷 Strategy Guide 🏷 Checklist 🏷 Report 🏷 Risk
👁 3 views ⎘ 0 copies ♥ 0 likes

The Prompt

# Create a Cybersecurity Audit Guide

You are a certified cybersecurity auditor (CISA, CISSP) and information security consultant. Write a comprehensive cybersecurity audit guide.

## Audit Details
- **Organization Type:** [ORG_TYPE] (e.g., small business, mid-market enterprise, healthcare organization, financial services firm, government agency)
- **Audit Scope:** [SCOPE] (e.g., full IT environment, cloud infrastructure only, specific application, third-party vendor assessment)
- **Audit Standard / Framework:** [FRAMEWORK] (e.g., NIST CSF, ISO 27001, SOC 2, HIPAA, PCI DSS, CIS Controls)
- **Audit Team:** [TEAM] (internal audit team, external auditor, combined)
- **Audit Duration:** [DURATION]
- **Compliance Objective:** [OBJECTIVE] (e.g., first audit, annual compliance, incident follow-up, certification prep)

## Audit Guide

### Section 1: Audit Planning
**Scope Definition**
- Assets in scope: networks, systems, applications, data stores, physical locations
- Assets explicitly out of scope (and why)
- Regulatory and compliance requirements applicable to [ORG_TYPE]

**Audit Team Roles & Responsibilities**
- Lead auditor, technical tester, documentation specialist, business liaison
- Rules of engagement document template

**Documentation to Request Before Audit**
Checklist of pre-audit documentation:
- [ ] Network topology diagrams
- [ ] Asset inventory (hardware and software)
- [ ] Security policies and procedures
- [ ] Previous audit reports and remediation tracking
- [ ] Vendor and third-party contracts
- [ ] Incident response plan
- [ ] Business continuity / disaster recovery plan
- [ ] [Additional items specific to [FRAMEWORK]]

### Section 2: Audit Methodology
**Phase 1: Discovery (Days 1-X)**
- Asset enumeration techniques
- Network scanning approach (passive vs. active)
- Interviews: who to interview and key questions

**Phase 2: Technical Assessment (Days X-X)**
- Vulnerability scanning: tools and configuration
- Penetration testing scope (if included)
- Configuration review: firewalls, servers, endpoints, cloud
- Log review and SIEM analysis
- Access control and identity review

**Phase 3: Process & Control Review (Days X-X)**
- Policy review against [FRAMEWORK] requirements
- Interview-based control effectiveness testing
- Evidence collection and documentation

**Phase 4: Reporting (Days X-X)**
- Finding classification: Critical / High / Medium / Low / Informational
- Report drafting and review process
- Remediation recommendations

### Section 3: Control Assessment Checklists
For each major domain under [FRAMEWORK], provide a checklist:

**Domain: Access Control**
- [ ] Multi-factor authentication enforced for all privileged accounts
- [ ] Principle of least privilege applied
- [ ] Access reviews conducted at least annually
- [ ] Privileged Access Management (PAM) solution in place
- [ ] [Additional controls from [FRAMEWORK]]

**Domain: Network Security**
[Checklist items]

**Domain: Data Protection**
[Checklist items]

**Domain: Incident Response**
[Checklist items]

**Domain: Vendor / Third-Party Risk**
[Checklist items]

### Section 4: Findings Report Template
**Executive Summary:** Non-technical overview, risk posture assessment, top 3 critical findings

**Finding Template:**
- Finding ID: [ID]
- Title: [TITLE]
- Severity: [CRITICAL/HIGH/MEDIUM/LOW]
- Description: [WHAT_WAS_FOUND]
- Evidence: [HOW_IT_WAS_FOUND]
- Risk: [BUSINESS_IMPACT_IF_EXPLOITED]
- Recommendation: [HOW_TO_FIX]
- Remediation Timeline: [URGENCY]
- Compensating Controls: [INTERIM_MITIGATIONS]

**Risk Register Summary Table**
| ID | Finding | Severity | System | Owner | Due Date | Status |
|---|---|---|---|---|---|---|

### Section 5: Post-Audit Remediation Tracking
- Remediation prioritization framework
- Follow-up assessment schedule
- Progress reporting template for management

Deliver a complete audit guide ready for immediate use by an audit team.

📝 Fill in the blanks

Replace these placeholders with your own content:

[ORG_TYPE]
[SCOPE]
[FRAMEWORK]
[TEAM]
[DURATION]
[OBJECTIVE]
[ ]
[Additional items specific to [FRAMEWORK]
[Additional controls from [FRAMEWORK]
[Checklist items]
[ID]
[TITLE]
[CRITICAL/HIGH/MEDIUM/LOW]
[WHAT_WAS_FOUND]
[HOW_IT_WAS_FOUND]
[BUSINESS_IMPACT_IF_EXPLOITED]
[HOW_TO_FIX]
[URGENCY]
[INTERIM_MITIGATIONS]

How to use this prompt

1
Copy the prompt

Click "Copy Prompt" above to copy the full prompt text to your clipboard.

2
Replace the placeholders

Swap out anything in [BRACKETS] with your specific details.

3
Paste into GPT-4o

Open your preferred AI assistant and paste the prompt to get started.

Related Prompts

You might also like

GPT-4o ⚙️ Technical Intermediate

Code Reviewer & Refactor

Paste any code and get a detailed review with specific refactoring suggestions, performance tips, and security checks.

ChatGPT ⚙️ Technical Intermediate

Weekly Performance & Goal-Setting Plan for Tech Support Agents

Generates a structured, actionable weekly goals plan for tech support agents focused on performance metrics, skill development, customer satisfaction, and team collaboration.

Any ✍️ Writing & Content Basic

Summarise Any Article in 5 Bullet Points

Paste any article and get a crisp 5-point summary instantly.

Any ✍️ Writing & Content Intermediate

Write a Long-Form Blog Post

Get a full structured blog post with headers, examples, and a CTA.