An audit process may include several steps. 3D Networks proposed an audit process in seven steps (figure 4): (1) vulnerability scanning - scanning the infrastructure, (2) report audit - auditing reports like logs, intrusion detection systems reports, etc., (3) security architecture audit - auditing the existing security architecture, (4) baseline auditing - auditing the security setup to verify that it is in accordance with the security baseline of the organization, (5) internal control and workflow audit - auditing the existing workflow, (6) policy audit - auditing the security policy to ensure that it is in line with the business objective and (7) threat/risk assessment – assessment of the various risks and threats facing the company’s information systems