A Security Audit for an information system involves an assessment of existing conditions and practices compared to a standard. There are a number of standards that might be adopted by an organization. One such standard is ISO 17799 and another is FISMA. More commonly, a third-party who is familiar with the standard conducts a review of how the organization provides for information assurance. Comparisons are made between what the standard purports to be a best practice with what the organization actually does. A formal report is prepared based upon on-site observations.
Its Relevance: Organizations need to be aware of the viability of their information assurance program. Falling short of meeting a standard is critical and must be noted. Adjusting to make the necessary changes is vital. Organizations are increasingly requiring that the companies with whom they do business be certified as having met a particular standard.
Return from "Security Audit " to Words [S - U]