Audits and assessments provide organizations with an opportunity to evaluate their security controls to ensure that they are functioning properly and effectively protecting the confidentiality, integrity, and availability of information and systems. In this video, learn about the role of audits and assessments within the enterprise, including the use of routine audits and user rights and permission reviews.
- [Instructor] Audits and assessments…provide organizations with the opportunity…to evaluate their security controls…to ensure that they are functioning properly…and effectively protecting the confidentiality,…integrity, and availability of information and systems.…Audits and assessments are similar in purpose and function.…Both involve evaluating security controls,…reporting on their effectiveness,…and making recommendations for improvement.…The main difference between the two…lies in the purpose of the review.…
Assessments are generally performed by or requested by…an organization's IT staff.…Audits are generally performed…at the request of someone else,…such as a regulator, executive, or board of directors.…When an organization undergoes an audit,…the auditors follow a formal standard…and perform planned tests…that are designed to determine how well an organization…complies with the standard.…For example, let's take a look at the payment card industry…data security standard, PCI DSS.…
PCI DSS is a very long, detailed standard…
Find the companion study books at the Sybex test prep site and review the complete CISSP Body of Knowledge at https://www.isc2.org/cissp-domains/default.aspx.
Note: This course is part of a series releasing throughout 2018. A completed Learning Path of the series will be available once all the courses are released.
- Using security assessment tools
- Scanning for vulnerabilities
- Threat assessment techniques
- Performing penetration testing
- Reviewing monitor logs
- Performing code reviews
- Performing fuzz testing and misuse case testing
- Analyzing coverage
- Assessing disaster recovery sites and backups
- Testing BC/DR plans
- Collecting security process data and metrics
- Auditing and control management