Auditing is a recognized management technique providing managers with an overview of the present situation regarding specific resource(s) and services within an organization.

The Information Audit (IA) extends the concept of auditing holistically from a traditional scope of accounting and finance to the organizational information management system. Information is representative of a resource which requires effective management and this lead to the development of interest in the use of an IA.

An Information Security Audit is an audit on the level of information security in an organization. Within the broad scope of auditing information security there are multiple type of audits, multiple objectives for different audits, etc. Most commonly the controls being audited can be categorized to technical, physical and administrative. Auditing information security covers topics from auditing the physical security of data centers to the auditing of logical security of databases and highlights key components to look for and different methods for auditing these areas.

When centered on the IT aspects of information security, it can be seen as a part of an information technology audit. It is often then referred to as an Information technology security audit or a computer security audit.

Main aspects a Security Audit encompasses are :

  a. Meet with IT management to determine possible areas of concern.

 

  b. Review the current IT organization chart.

 

  c. Review job descriptions of data center employees.

 

  d. Research all operating systems, software applications and data center equipment      operating within the data center.

 

  e. Review the company’s IT policies and procedures.

 

  f. Evaluate the company’s IT budget and systems planning documentation.

 

  g. Review the data center’s disaster recovery plan.