AN ASSESSMENT IS AN evaluation of an object, such as the likelihood of a specific risk occurring or the quality of an organization's security process documentation. An audit is similar but is a more formal process that involves a systematic analysis against a defined standard to determine if the object meets a set of criteria. Both are designed to measure a target, like the technology risk facing an organization or the security posture of a system. For example, a risk assessment identifies the assets an organization possesses and then measures or estimates the likelihood and impact of risks that could affect those assets. A system audit, by contrast, determines if the system in question meets specific, ...