Section 13.113 Audits and Assessments Flashcards
Objective 5.5: Explain types and purposes of audits and assessments
Audits
Systematic evaluations of an organization’s information systems, applications, and security controls to assetrain their efficiency and effectivness
Internal Audits
Conducted by the organization’s own team
● Internal Audit Example
○ Review of data protection policies
○ Check policy relevance and compliance
External Audits
Performed by third-party entities
External Audit Example
○ Evaluation of e-commerce PCI DSS compliance
○ Assess network security, data encryption, and access controls
Significance of Audits
○ Identifying Gaps
■ Security policies, procedures, and controls
○ Ensuring Compliance
■ GDPR, HIPAA, PCI DSS
Assessments
Performing a detailed analysis of an organisations security systems to identify vulnerabilities and risks
Performed before implementing new systems or significant changes
3 Risk Assessment catagories
● Risk Assessments
● Vulnerability Assessments
● Threat Assessments
