Section 13.113 Audits and Assessments

Question 1

Audits

Answer 1

Systematic evaluations of an organization’s information systems, applications, and security controls to assetrain their efficiency and effectivness

Question 2

Internal Audits

Answer 2

Conducted by the organization’s own team

● Internal Audit Example
○ Review of data protection policies
○ Check policy relevance and compliance

Question 3

External Audits

Answer 3

Performed by third-party entities

External Audit Example
○ Evaluation of e-commerce PCI DSS compliance
○ Assess network security, data encryption, and access controls

Question 4

Significance of Audits

Answer 4

○ Identifying Gaps
■ Security policies, procedures, and controls

○ Ensuring Compliance
■ GDPR, HIPAA, PCI DSS

Question 5

Assessments

Answer 5

Performing a detailed analysis of an organisations security systems to identify vulnerabilities and risks

Performed before implementing new systems or significant changes

Question 6

3 Risk Assessment catagories

Answer 6

● Risk Assessments
● Vulnerability Assessments
● Threat Assessments