 Audit ToolsAn information security audit is an audit on the level of information security in an organisation. Within the broad scope of auditing information security there are multiple type of audits, multiple objectives for different audits, etc. Most commonly the controls being audited can be categorised to technical, physical and administrative. Auditing information security covers topics from auditing the physical security of data centres to the auditing logical security of databases and highlights key components to look for and different methods for auditing these areas. When focussing on the IT aspects of information security, it can be seen as a part of an information technology audit. It is often then referred to as an Information technology security audit or a computer security audit. However, information security encompasses much more than IT. Encryption and IT audit In assessing the need for a client to implement encryption policies for their organisation, the Auditor should conduct an analysis of the client’s risk and data value. Companies with multiple external users, e-commerce applications, and sensitive customer/employee information should maintain rigid encryption policies aimed at encrypting the correct data at the appropriate stage in the data collection process. Auditors should continually evaluate their client’s encryption policies and procedures. Companies that are heavily reliant on e-commerce systems and wireless networks are extremely vulnerable to the theft and loss of critical information in transmission. Policies and procedures should be documented and carried out to ensure that all transmitted data is protected. Audit Tool Solutions and Services GFI LANguard Imperva Net IQ Pen Testing (See BII Services) |
