Security audits
A security audit is a comprehensive assessment of your organization’s information system; typically, this assessment measures your information system’s security against an audit checklist of industry best practices, externally established standards, or federal regulations. This security audit training is a beginner level course for anyone interested in security audits or a career as an auditor. Upon completion of the course, the student will be familiar with the concept and purpose of auditing along with control frameworks focused on security.
A security audit works by testing whether your organization’s information system is adhering to a set of internal or external criteria regulating data security. Internal criteria include your company’s IT policies and procedures and security controls. External criteria include federal regulations like the Health Insurance Portability and Accountability Act (HIPAA) and Sarbanes-Oxley Act (SOX), and standards set by the International Organization for Standardization (ISO) or the National Institute for Standards in Technology (NIST). A security audit compares your organization’s actual IT practices with the standards relevant to your enterprise and will identify areas for remediation and growth.
SORGEX
The Art & Science of Protecting People & Profits