8.1. Introduction

Computer security has become a very important subject for companies and institutions, as well as individuals. Because of this, numerous legal texts have been enacted in most of the world’s countries to structure this area and define solutions and measures to adopt when securing computer systems, which constitute the backbone and a valuable asset for companies, as well as individuals.

A security audit is a necessary legal and economic legal requirement for the survival and existence of the company, as well as for its reputation and influence. It is a periodic task led by security experts to identify security vulnerabilities and faults, along with the appropriate solutions and recommendations. A new discipline has thus been developed, that of the security consultant or auditor.

An audit goes through three necessary stages. The first step concerns the organizational and physical aspect. It identifies structural and physical vulnerabilities. Then, the second step is devoted to the technical aspect. It consists of uncovering security faults at various levels and providing the necessary solutions for such problems. Finally, the intrusive test must be passed, which consists of bombarding our own system with a series of attacks to evaluate how robust it is.

In the domestic sphere, as well as at the company level, it is necessary to plan a security policy with the objective of limiting risks, attenuating attacks and increasing the efficiency of ...