Conducting a Security Audit: An Introductory Overview

by Bill Hayes
Sept. 24, 2017 1 comment Symantec securityaudit

The word "audit" can send shivers down the spine of the most battle-hardened executive. It means that an outside organization is going to conduct a formal written examination of one or more crucial components of the organization. Financial audits are the most common examinations a business manager encounters. This is a familiar area for most executives: they know that financial auditors are going to examine the financial records and how those records are used. They may even be familiar with physical security audits. However, they are unlikely to be acquainted with information security audits; that is, an audit of how the confidentiality, availability and integrity of an organization's information is assured. They should be. An information security audit is one of the best ways to determine the security of an organization's information without incurring the cost and other associated damages of a security incident.

2flash 7 months, 4 weeks ago

A lot of things changed about this topic during the past years, but I really do appreciate this well-written article.