Information Security Audit

Why Trust Techopedia

What Does Information Security Audit Mean?

An information security audit occurs when a technology team conducts an organizational review to ensure that the correct and most up-to-date processes and infrastructure are being applied. An audit also includes a series of tests that guarantee that information security meets all expectations and requirements within an organization. During this process, employees are interviewed regarding security roles and other relevant details.

Advertisements

Techopedia Explains Information Security Audit

Every organization should perform routine security audits to ensure that data and assets are protected. First, the audit’s scope should be decided and include all company assets related to information security, including computer equipment, phones, network, email, data and any access-related items, such as cards, tokens and passwords. Then, past and potential future asset threats must be reviewed. Anyone in the information security field should stay apprised of new trends, as well as security measures taken by other companies. Next, the auditing team should estimate the amount of destruction that could transpire under threatening conditions. There should be an established plan and controls for maintaining business operations after a threat has occurred, which is called an intrusion prevention system.

In the audit process, evaluating and implementing business needs are top priorities. The SANS Institute offers an excellent checklist for audit purposes.

Advertisements

Related Terms

Margaret Rouse
Editor

Margaret jest nagradzaną technical writerką, nauczycielką i wykładowczynią. Jest znana z tego, że potrafi w prostych słowach pzybliżyć złożone pojęcia techniczne słuchaczom ze świata biznesu. Od dwudziestu lat jej definicje pojęć z dziedziny IT są publikowane przez Que w encyklopedii terminów technologicznych, a także cytowane w artykułach ukazujących się w New York Times, w magazynie Time, USA Today, ZDNet, a także w magazynach PC i Discovery. Margaret dołączyła do zespołu Techopedii w roku 2011. Margaret lubi pomagać znaleźć wspólny język specjalistom ze świata biznesu i IT. W swojej pracy, jak sama mówi, buduje mosty między tymi dwiema domenami, w ten…