Thinking About Security—An Audit
A security audit has three basic parts, each with many issues to think about. First, you need to develop a plan, a set of security aspects to be evaluated. Second, you need to consider the tools available for evaluating the security aspects and choose ones that are suitable for your system. The third part of a security audit is knowledge gathering—not only how to use the system, but what the users are doing with the system, break-in methods for your system, physical security issues, and much more. The following sections look at each of these three pieces of the audit and offer some direction about where to go for more information.
A Security Plan
The plan can be as complex as a formal document or as simple as ...