What Is a Security Audit?
Security audit is a new concept. It refers to the systematic and independent inspection and verification of relevant activities or behaviors in a computer network environment by professional auditors in accordance with relevant laws and regulations, the entrustment of property owners and the authorization of management authorities. Make the appropriate evaluation. Security audit is a systematic method of assessing the security of a company's information system by testing its compliance with a set of established standards.
- Information security audit mainly refers to the identification, recording, storage and analysis of relevant information on security-related activities in the system. Information security audit records are used to check what security-related activities have occurred on the network and who (which user) is responsible for this activity. [1]
- Security audit involves four basic elements: control objectives,
- Safety
- Auditing is called "audit" in English. The audit is performed to determine the effectiveness and reliability of the information. It also provides an internal control evaluation system. The goal of the audit is to perform evaluations in a test environment and express the evaluation opinions of people / organizations / systems, etc. Due to the limitation of the actual situation, the audit requires that only reasonable and no major error guarantee statements are provided, and the audit is often done through statistical sampling. You can also understand auditing in this way. Auditing refers to checking and verifying the accuracy and completeness of targets, used to check and prevent false data and deceptive behaviors, and whether they meet established standards, benchmarks and other auditing principles. Governments and organizations at all levels in various countries generally have specialized independent audit departments, audit committees, and audit offices. Previous audit concepts were mainly used in financial systems. Financial audits are performed using true and fair financial statements. Traditional auditing is mainly to obtain information about the financial statements of the company or enterprise of the financial system and financial records. With the development of scientific and technological information technology, the financial systems of most enterprises, institutions and organizations run on the information system, so while information means has become a technology of financial audit, financial audit has also indirectly driven the general information system. audit. [2]