The Supreme Audit Institution (SAI) of Albania organised a training covering information security, with particular emphasis on penetration tests, which was delivered by the representatives of SAI Norway between 15 and 19 September in Vlorë.
Organisations of the public sector and the services they offer are being digitalised at a fast rate, which, however, heavily increases risks in the field of information security and IT system breaches and intrusions. It is thus of significant importance for the auditors to understand and be aware of weaknesses and vulnerabilities of a certain organisation and to know how to appropriately address them. However, auditors should, in addition to auditing of security policies and testing of technical controls, execute penetration tests of the crucial systems for the purpose of verifying the quality of those controls in practice. Recommendations provided through such audits are of key importance for improving security of an auditee’s operations and for preventing malicious security events.
Participants were guided through various exercises in a simulated test environment to gain practical experience in the field of penetration testing and application of tools and techniques for undertaking a basic security test. The workshop included also in-depth discussions about the assessments of findings and the provision of recommendations for reducing the risks. Among the participants of the training were the representatives of SAI Albania, SAI Kosovo, SAI North Macedonia, SAI Norway, SAI Sweden, and SAI Slovenia whose auditor Ruti Rous attended the event.
