O'Reilly logo

CISSP For Dummies, 4th Edition by Peter Gregory, Lawrence Miller

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Security Auditing and Due Care

Auditing is the process of examining systems and/or business processes to ensure that they’ve been properly designed and are being properly used. Audits are frequently performed by an independent third-party or an autonomous group within the organization. This helps to ensure that the audit results are accurate and are not biased because of organizational politics or other circumstances.

Audits are frequently performed to ensure an organization is in compliance with business or security policies and other requirements that the business may be subject to. These policies and requirements can include government laws and regulations, legal contracts, and industry or trade group standards and best practices.

Business-critical systems need to be subject to regular audits as dictated by regulatory, contractual, or trade group requirements.

Due care requires that an organization operate using good business practices — usually a set of standards formally or informally stated by industry trade groups. An organization can be liable if it fails to exercise due care (see Chapter 12 for more on due care).

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required