security audit

A security audit is a systematic evaluation of the security of a company's information system by measuring how well it conforms to a set of established criteria.

CRM

TECHNOLOGIES
Security audit
+ Show More

A security audit is a systematic evaluation of the security of a company's information system by measuring how well it conforms to a set of established criteria. A thorough audit typically assesses the security of the system's physical configuration and environment, software, information handling processes, and user practices. Security audits are often used to determine regulatory compliance, in the wake of legislation (such as HIPAA, the Sarbanes-Oxley Act, and the California Security Breach Information Act) that specifies how organizations must deal with information.

According to Ira Winkler, president of the Internet Security Advisors Group, security audits, vulnerability assessments, and penetration testing are the three main types of security diagnostics. Each of the three takes a different approach and may be best suited for a particular purpose. Security audits measure an information system's performance against a list of criteria. A vulnerability assessment, on the other hand, involves a comprehensive study of an entire information system, seeking potential security weaknesses. Penetration testing is a covert operation, in which a security expert tries a number of attacks to ascertain whether or not a system could withstand the same types of attacks from a malicious hacker. In penetration testing, the feigned attack can include anything a real attacker might try, such as social engineering . Each of the approaches has inherent strengths, and using two or more of them in conjunction may be the most effective approach of all.

Learn more about audits at SearchCompliance.com.

This was first published in September 2005

Continue Reading About security audit

Dig deeper on Enterprise CRM software

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

File Extensions and File Formats

Powered by:

SearchCompliance

SearchHealthIT

SearchCloudComputing

SearchMobileComputing

SearchDataCenter

Close