Audits and assessments provide organizations with an opportunity to evaluate their security controls to ensure that they are functioning properly and effectively—protecting the confidentiality, integrity and availability of information and systems. In this video, learn about the role of audits and assessments within the enterprise, including the use of routine audits and user rights and permission reviews.
- [Instructor] Audits and assessments provide organizations…with the opportunity to evaluate their security controls…to ensure that they are functioning properly…and effectively protecting the confidentiality,…integrity, and availability of information and systems.…Audits and assessments are similar in purpose and function.…Both involve evaluating security controls,…reporting on their effectiveness,…and making recommendations for improvement.…The main difference between the two…lies in the purpose of the review.…
Assessments are generally performed by…or requested by an organization's IT staff.…Audits are generally performed…at the request of someone else,…such as a regulator, executive, or board of directors.…When an organization undergoes an audit…the auditors follow a formal standard…and perform planned tests that are designed to determine…how well an organization complies with the standard.…For example, let's take a look at the Payment Card Industry…Data Security Standard, PCI DSS.…
PCI DSS is a very long, detailed standard…
To join one of Mike's free study groups for access to bonus tips and practice questions, visit certmike.com.
- The security triad: confidentiality, integrity, and availability
- Security principles
- Resource security
- Data security
- Security controls
- Assessing security controls
- Security policy
- Physical security
Skill Level Intermediate
Q: This course was updated on 05/18/2018. What changed?
A: New videos were added that cover software licensing. In addition, the following topics were updated: integrity, leveraging industry standards, data encryption, security control selection and implementation, audits and assessments, security policy framework, security policy training and procedures, and ethics.
Insights from a Cybersecurity Professionalwith Mike Chapple32m 15s Intermediate
1. The Security Triad
2. Security Principles
3. Resource Security
4. Data Security
5. Data Security Controls
6. Security Controls
Control frameworks3m 55s
7. Assessing Security Controls
8. Security Policy
9. Awareness and Training
10. Physical Security
- Mark as unwatched
- Mark all as unwatched
Are you sure you want to mark all the videos in this course as unwatched?
This will not affect your course history, your reports, or your certificates of completion for this course.Cancel
Take notes with your new membership!
Type in the entry box, then click Enter to save your note.
1:30Press on any video thumbnail to jump immediately to the timecode shown.
Notes are saved with you account but can also be exported as plain text, MS Word, PDF, Google Doc, or Evernote.