Overview
Security audits are often used to determine compliance with regulations that specify how organizations must deal with information.
Security audits are often used to determine compliance with regulations such as the Health Insurance Portability and Accountability Act, the Sarbanes-Oxley Act, and the California Security Breach Information Act that specify how organizations must deal with information.
These audits are one of three main types of security diagnostics, vulnerability assessments, and penetration testing. Security audits measure an information system’s performance against a list of criteria. A vulnerability assessment is a comprehensive study of an information system, seeking potential security weaknesses. Penetration testing is a covert approach in which a security expert tests to see if a system can withstand a specific attack. Each approach has inherent strengths and using two or more in conjunction may be the most effective approach.
Do you have feedback on this resource?
Thank you for your feedback as we strive to curate and publish resources to help social impact organizations succeed with data.
Explore More
Related Resources
How to assess an organization’s data asset risk
In this guide, you will learn how to first identify your data assets, and then assess their associated risks.