An information security audit is an audit on the level of information security in an organization. Within the broad scope of auditing information security there are multiple types of audits, multiple objectives for different audits, etc. Most commonly the controls being audited can be categorized to technical, physical and administrative. Auditing information security covers topics from auditing the physical security of data centers to auditing the logical security of databases and highlights key components to look for and different methods for auditing these areas.
When centered on the IT aspects of information security, it can be seen as a part of an information technology audit. It is often then referred to as an information technology security audit or a computer security audit. However, information security encompasses much more than IT.
Famous quotes containing the words information and/or security:
“If you have any information or evidence regarding the O.J. Simpson case, press 2 now. If you are an expert in fields relating to the O.J. Simpson case and would like to offer your services, press 3 now. If you would like the address where you can send a letter of support to O.J. Simpson, press 1 now. If you are seeking legal representation from the law offices of Robert L. Shapiro, press 4 now.”
—Advertisement. Aired August 8, 1994 by Tom Snyder on TV station CNBC. Chicago Sun Times, p. 11 (July 24, 1994)
“If we could have any security against moods! If the profoundest prophet could be holden to his words, and the hearer who is ready to sell all and join the crusade, could have any certificate that to-morrow his prophet shall not unsay his testimony!”
—Ralph Waldo Emerson (1803–1882)