Definitions Edit

General Edit

An audit is

a detailed examination conducted by people external to the business unit to assess controls, measure performance and compliance, identify gaps, and make recommendations.[1]

Security Edit

An audit is an

[i]ndependent review and examination of records and activities to assess the adequacy of system controls, to ensure compliance with established policies and operational procedures, and to recommend necessary changes in controls, policies or procedures.[2]

Overview Edit

Most common forms of audits are compliance, operational, or vulnerability. An audit may be carried out by internal or external groups.

Integrated, dynamic auditing systems not only record information, but also act to restrict use or to alert security personnel when possible safeguard violations occur — not just violations from intruders but also from insiders. One feature might alert security personnel if users are accessing certain files after hours or if a user (or possible intruder) repeatedly but unsuccessfully attempts to access a certain computer]. The security officer might then closely monitor the user actions to determine what further actions should be taken (simply denying access might alert an intruder to use a more reliable or more covert method, confounding the security staff). Some sophisticated systems use expert systems that "learn" users' behavior.

Contract clause Edit

An audit clause

gives the data owner the ability to perform physical audits of the vendor's data storage facility and related controls. These clauses also might outline the vendor's responsibility for having a third-party test of the vendor's controls.[3]

References Edit

  1. Newfoundland-Labrador, Office of the Chief Information Officer, Information Management and Information Protection Glossary of Terms (full-text).
  2. CNSSI 4009, at 8; NIST Special Publication 800-32.
  3. Report on Cybersecurity Practices, at 28.

See also Edit

Ad blocker interference detected!

Wikia is a free-to-use site that makes money from advertising. We have a modified experience for viewers using ad blockers

Wikia is not accessible if you’ve made further modifications. Remove the custom ad blocker rule(s) and the page will load as expected.