Safari Books Online is a digital library providing on-demand subscription access to thousands of learning resources.
- Create BookmarkCreate Bookmark
- Create Note or TagCreate Note or Tag
- PrintPrint
Chapter 10 Auditing > Performing Security Audits
Performing Security Audits
A security audit examines an organization’s practices and operations to determine whether they conform to the organization’s policies or applicable laws. An organization can perform an internal audit to examine its practices, or external auditors can come in to examine the organization’s practices. The audit documents the organization’s policies, processes, controls, testing, and results.
EXAM TIP Security audits help an organization identify vulnerabilities in its processes and procedures. After a security audit, it’s important to implement fixes to ensure that these vulnerabilities are mitigated.
Audits can be performed on a periodic basis, such as once a year, after an event such as a security incident or when required by laws or guidelines.