Chapter 1. The Principles of Auditing
Do you want to know a secret? Security isn’t about hacking, nasty, malicious software, or the vulnerability of the day. Security is about maintaining a system and process that provide access to critical data without exposing your company or customers to excessive risk. Auditing is one of the most important aspects of maintaining that system, because it provides the opportunity to test assumptions about the security posture of networked systems and compare that posture with standards and regulations. Auditors ask the questions “How do you know that you are secure?” and “Can you prove that your security technology works?”
The purpose of this chapter is to introduce the key principles of auditing and to describe ...
Get Network Security Auditing now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.