27 Explain types and purposes of audits and assessments

Introduction

This chapter covers the fifth objective of Domain 5.0, Security Program Management and Oversight, of the CompTIA Security+ exam.

In this chapter, we look at the world of audits, a critical component of organizational governance and accountability, considering the importance of attestation on both counts. Audits serve as essential tools for assessing compliance by evaluating the effectiveness of internal controls and identifying areas for improvement within an organization. This chapter focuses on both internal and external audits and the benefits of each and ends with an exploration of penetration testing, including passive and active reconnaissance.

This chapter will give ...

Get CompTIA Security+ SY0-701 Certification Guide - Third Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

CompTIA Security+ SY0-701 Certification Guide - Third Edition by Ian Neil

27

Explain types and purposes of audits and assessments

Introduction

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly