Security audit
From Clinfowiki
Revision as of 18:19, 29 March 2015 by Raquel.Y.Ngo (Talk | contribs)
Contents
What is Security Audit?
Security Audit is a systematic measurable technical assessment evaluation of the security of a company’s information system on how well it conforms to a set of established criteria. A complete and thorough audit will include security assessment of the system’s physical configuration and environment, software, information handling processes, and user practices[1].
Why Perform a Security Audit?
- To ensure security systems are working
- To ensure an adequate level of protection
- To ensure own security isn't lacking
- To prove compliance with some legislative laws[2]
Where To Get Security Audit?
- Do it yourself - involves either developing own security tests or acquiring software that will do the tests
- Buy in - involves the use of external security consultants[2]
References
- ↑ Tech Target: Security Audit. http://searchcio.techtarget.com/definition/security-audit
- ↑ 2.0 2.1 IT Security: Security Audits for Dummies. http://www.itsecurity.com/features/feature-dummies-guide-security-audit/