Initial commit
This commit is contained in:
Zhongwei Li
72
commands/audit.md
Normal file
72
commands/audit.md
Normal file
@@ -0,0 +1,72 @@
|
||||
---
|
||||
description: Perform comprehensive system audit and compliance check
|
||||
argument-hint: [audit-type] [compliance-framework]
|
||||
---
|
||||
|
||||
# System Audit Command
|
||||
|
||||
Perform comprehensive system audit and compliance check with detailed reporting and recommendations.
|
||||
|
||||
## Context
|
||||
- Audit type: $1 (security|compliance|performance|all - default: all)
|
||||
- Compliance framework: $2 (GDPR|HIPAA|SOC2|ISO27001|PCI-DSS - default: SOC2)
|
||||
- System configuration: @config/
|
||||
- Security policies: @security-policies/
|
||||
|
||||
## Audit Process
|
||||
|
||||
### 1. **Security Audit**
|
||||
- Vulnerability assessment and penetration testing
|
||||
- Access control and authentication review
|
||||
- Data protection and encryption validation
|
||||
- Network security and firewall configuration
|
||||
- Incident response and monitoring capabilities
|
||||
|
||||
### 2. **Compliance Assessment**
|
||||
- Regulatory compliance validation
|
||||
- Policy adherence verification
|
||||
- Documentation and evidence collection
|
||||
- Gap analysis and remediation planning
|
||||
- Risk assessment and mitigation strategies
|
||||
|
||||
### 3. **Performance Audit**
|
||||
- System performance and scalability analysis
|
||||
- Resource utilization and efficiency review
|
||||
- Capacity planning and optimization opportunities
|
||||
- Monitoring and alerting effectiveness
|
||||
- Disaster recovery and business continuity
|
||||
|
||||
### 4. **Operational Audit**
|
||||
- Process documentation and standardization
|
||||
- Change management and version control
|
||||
- Backup and recovery procedures
|
||||
- Training and knowledge management
|
||||
- Vendor and third-party risk assessment
|
||||
|
||||
## Compliance Frameworks
|
||||
- **GDPR**: Data privacy and protection compliance
|
||||
- **HIPAA**: Healthcare data security requirements
|
||||
- **SOC 2**: Security, availability, and confidentiality
|
||||
- **ISO 27001**: Information security management
|
||||
- **PCI DSS**: Payment card industry security standards
|
||||
|
||||
## Expected Outcome
|
||||
- Comprehensive audit report with findings
|
||||
- Compliance status and gap analysis
|
||||
- Risk assessment and prioritization
|
||||
- Remediation roadmap and timeline
|
||||
- Evidence documentation and artifacts
|
||||
|
||||
## Audit Findings
|
||||
- **Critical**: Immediate action required
|
||||
- **High**: Address within 30 days
|
||||
- **Medium**: Address within 90 days
|
||||
- **Low**: Address within 6 months
|
||||
- **Informational**: Best practice recommendations
|
||||
|
||||
## Remediation Plan
|
||||
- Immediate fixes for critical findings
|
||||
- Short-term remediation (30 days)
|
||||
- Medium-term improvements (90 days)
|
||||
- Long-term strategic initiatives (6+ months)
|
||||
- Ongoing monitoring and maintenance
|
||||
Reference in New Issue
Block a user