The major factors that I shall have to consider as a security auditor are:
i. The installation quality of the system including power source, environment and temperature assurance.
ii. To make sure that the access to the system servers and system room is restricted only to the designated persons.
iii. To check whether proper data and system backup procedures are followed.
iv. Since the system is connected to the public network for public website, have to check if there is proper firewall or security appliance used to restrict system access from external network.
v. To make sure that the system team has well-defined guidelines and work description for each individual.
vi. To make sure that the system is regularly monitored for system errors or alerts and are well- documented along with the remedies employed.
vii. To checked whether the system hardware is well-maintained and the software are properly tuned with necessary patches and upgrades.
viii. To make sure that the e-commerce activities are properly recorded and the necessary reports are regularly generated and filed.