Penetration Testing mailing list archives
RE: Industry Definitions... possible? was Re: Security Audit
From: "Steve Goldsby" <sgoldsby () integrate-u com>
Date: Mon, 17 Sep 2001 06:06:10 -0500
I simplify to my clients like this: - A security assessment is a measurement of your organization against best practices - A security AUDIT is a meansurement and validation of your posture against your own implemented practices. Best, Steve -----Original Message----- From: MCOHEN () calfed com [mailto:MCOHEN () calfed com] Sent: Friday, September 14, 2001 2:48 PM To: pen-test () securityfocus com Subject: RE: Industry Definitions... possible? was Re: Security Audit All, As someone that works as an internal IT Auditor, I need to make a quick point. The term security audit is extremely misused. This all started when the Big 5 firms began to perform security assessments. Next thing you knew, all the boutique firms where selling "security audits" Audits, at least in the US, should be governed by the rules of the AICPA, IIA, ISACA and the standards of COSO and COBIT. Other wise what is being performed is an assessment. Audits focus on risks and controls. Security is one of many components that are reviewed. Audits use tests to determine if a control is functioning properly. Much the way Architects and Engineers and trying to preserve the professional requirements of these titles from the computer industry, I'm trying to do the same for Auditors. Regards, Michael ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/ ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
Current thread:
- RE: Industry Definitions... possible? was Re: Security Audit MCOHEN (Sep 16)
- RE: Industry Definitions... possible? was Re: Security Audit Steve Goldsby (Sep 17)
- RE: Industry Definitions... possible? was Re: Security Audit zamler (Sep 18)
- RE: Industry Definitions... possible? was Re: Security Audit Steve Goldsby (Sep 17)