After completing this video, the learner will understand the role of audits and assessments within the enterprise, including the use of routine audits and user rights & permission reviews.
- [Voiceover] Audits and assessments provide organizations…with the opportunity to evaluate their security controls…to ensure that they are functioning properly…and effectively protecting the confidentiality, integrity…and availability of information and systems.…Audits and assessments are similar in purpose and function.…Both involve evaluating security controls,…reporting on their effectiveness…and making recommendations for improvement.…The main difference between the two lies…in the purpose of the review.…
Assessments are generally performed by or requested by…an organization's IT staff.…Audits are generally performed…at the request of someone else, such as…a regulator, executive or board of directors.…When an organization undergoes an audit,…the auditors follow a formal standard…and perform planned tests that are designed to determine…how well an organization complies with the standard.…For example, let's take a look…at the Payment Card Industry Data Security Standard, PCIDSS.…
PCIDSS is a very long, detailed standard…
- Implementing security controls and policies
- Performing a risk assessment
- Understanding the five risk management actions
- Managing third-party relationships (vendors, etc.)
- Mitigating risk with change management, audits and assessments, and more
- Building an incident response program
- Understanding digital forensics
- Providing security and compliance training
- Ensuring physical security
- Planning for business continuity and disaster recovery
- Matching controls to security goals
Skill Level Intermediate
1. Controls and Risks
2. Third-Party Relationships
Vendor agreements3m 34s
3. Risk Mitigation Strategies
4. Incident Response
6. Awareness and Training
7. Physical Security and Environmental Controls
8. Business Continuity and Disaster Recovery
9. Matching Controls to Security Goals
- Mark as unwatched
- Mark all as unwatched
Are you sure you want to mark all the videos in this course as unwatched?
Take notes with your new membership!
Type in the entry box, then click Enter to save your note.
1:30Press on any video thumbnail to jump immediately to the timecode shown.