Chapter 9: Security Auditing
Formal Audits
Most often conducted to satisfy specific industry standards that are required by law for certain types of organizations.
Security Audit
Refers to the procedures by which all of an environment's security controls and systems are thoroughly reviewed to identify and report weaknesses within an organization.
Audit scope
The area or system on which the security audit will focus.
Internal Security Controls
The systematic measures and checks put into place to ensure that networks remain sound and secure.
Informal Audits
Conducted as a way to provide organizations evidence that their security policies and practices are effective and working properly.
Internal Audits
Conducted using a committee of individuals who are employees of the company itself.
External Audits
Conducted using a third-party group or a number of individuals from a source outside the organization itself.
Automated Audits
Conducted using tools that are either installed onto a machine or embedded within an application for the purpose of recording the typical behavior of a system.