When developing your IT audit plan, the basic rules of an audit is following an audit strategy that has design and risk factors evaluation properties. Compliance audits for different regulations will require alternate compliance criteria that will provide the comprehensive guide needed to meet the requirements. Common security frameworks such as NIST 800-53, NIST 800-171, ISO 27001/27002, ISO 27018, CIS, CCPA, or GDPR, etc. will demand and overwhelming review of distinctive security controls and regulatory legal requirements.
A la Carte:
Hourly Rate -Cost varies (Scope, Industry, Organization size, Complexity)
Determine security goals
Leverage a security framework
Evaluate security strategy