Chapter 6. Policy, Compliance, and Management
A security policy is a document that provides the high-level direction and goals that a business utilizes to control and protect its assets and information. The security policy should be the foundation for which all security decisions are measured against and consulted before any product or technology is put into place. In general, a security policy tells you what activities are acceptable, required, or forbidden when interacting with business-owned resources. For the auditor, ensuring that a security policy meets the objectives of securing the business’s assets and compliance requirements requires assessing policy documents and comparing them against best practices. An auditor also interviews and ...
Get Network Security Auditing now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.