An information security audit is an audit on the level of information security in an organization. Within the broad scope of auditing information security there are multiple types of audits, multiple objectives for different audits, etc. Most commonly the controls being audited can be categorized to technical, physical and administrative. Auditing information security covers topics from auditing the physical security of data centers to auditing the logical security of databases and highlights key components to look for and different methods for auditing these areas.
When centered on the IT aspects of information security, it can be seen as a part of an information technology audit. It is often then referred to as an information technology security audit or a computer security audit. However, information security encompasses much more than IT.
Famous quotes containing the words information and/or security:
“Phenomenal nature shadows him wherever he goes. Clouds in the staring sky transmit to one another, by means of slow signs, incredibly detailed information regarding him. His inmost thoughts are discussed at nightfall, in manual alphabet, by darkly gesticulating trees. Pebbles or stains or sunflecks form patterns representing in some awful way messages which he must intercept. Everything is a cipher and of everything he is the theme.”
—Vladimir Nabokov (1899–1977)
“To have in general but little feeling, seems to be the only security against feeling too much on any particular occasion.”
—George Eliot [Mary Ann (or Marian)