Security Audit

A security audit and a security assessment are not the same! Many people associate both but a security assessment is just one step into the security audit process. The security assessment is another name used to define a vulnerability assessment. A security audit can be defined as an extensive and formal overview of an organization’s security systems and processes (both must be reviewed!). It covers the in-depth review of a technical scope (a network, a firewall policy, a Wi-Fi infrastructure, …) but also all the policies and standard operating procedures around it.

A security audit covers:

  • Looking for policy issues
  • Physical assessment
  • Access control enforcment
  • Vulnerability assessment
  • Design controls and processes
  • The review of operating procedures and policies
  • BCP (Business Continuity Plan) & DRP (Disaster Recovery Plan)
  • Configuration management