Security Audit

Posted in Human Resources Terms, Total Reads: 1524

Definition: Security Audit

It refers to the systematic evaluation of systems and infrastructure powered by information technology to measure how secure the physical configuration, software, information handling processes, user practices and environmental conditions are according to established criteria.

These, conducted together with vulnerability assessments (that seeks out weaknesses) and penetration testing (that conducts trial attacks), help establish the security credentials of a system.

Once a list of relevant assets (computers, peripherals, security devices, servers etc.) is made, a list of threats must be made for each asset. Threats must then be classified by type (passwords, access conditions, backups, dependencies, physical integrity) and by severity (low to high) to arrive at an understanding of risk, which is the product of the intensity of a possible harm multiplied by its probability. The system’s own history must be assessed, looking out for patterns. Benchmarking with the competition may also prove useful. Corrective measures must then be undertaken.


Hence, this concludes the definition of Security Audit along with its overview.

Browse the definition and meaning of more terms similar to Security Audit. The Management Dictionary covers over 7000 business concepts from 6 categories.

Search & Explore : Management Dictionary

Share this Page on:
Facebook ShareTweetShare on Linkedin