Security Auditing and Analysis
The purpose of a security audit is to make sure computing environments and security controls work as expected. When you review your computing environments, you should check for the following:
Are security policies sound and appropriate for the business or activity? The purpose of information security is to support the mission of the business and to protect it from the risks it faces. With respect to security, one of the most visible risks is that of data breach. An organization’s policies and supporting documents, which include the organization’s procedures, standards, and baselines, define the risks that affect it. The question an auditor seeks to answer is, “Are our policies understood and followed?” The audit ...
Get Fundamentals of Information Systems Security, 4th Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
