Information security audit | EPFL Graph Search

Are you an EPFL student looking for a semester project?

Work with us on data science and visualisation projects, and deploy your project as an app on top of GraphSearch.

An information security audit is an audit of the level of information security in an organization. It is an independent review and examination of system records, activities, and related documents. These audits are intended to improve the level of information security, avoid improper information security designs, and optimize the efficiency of the security safeguards and security processes. Within the broad scope of auditing information security there are multiple types of audits, multiple objectives for different audits, etc. Most commonly the controls being audited can be categorized as technical, physical and administrative. Auditing information security covers topics from auditing the physical security of data centers to auditing the logical security of databases, and highlights key components to look for and different methods for auditing these areas. When centered on the Information technology (IT) aspects of information security, it can be seen as a part of an information technology audit. It is often then referred to as an information technology security audit or a computer security audit. However, information security encompasses much more than IT. The auditor is responsible for assessing the current technological maturity level of a company during the first stage of the audit. This stage is used to assess the current status of the company and helps identify the required time, cost and scope of an audit. First, you need to identify the minimum security requirements: Security policy and standards Organizational and Personal security Communication, Operation and Asset management Physical and environmental security Access control and Compliance IT systems development and maintenance IT security incident management Disaster recovery and business continuity management Risk management The auditor should plan a company's audit based on the information found in the previous step. Planning an audit helps the auditor obtain sufficient and appropriate evidence for each company's specific circumstances.

About this result

This page is automatically generated and may contain information that is not correct, complete, up-to-date, or relevant to your search query. The same applies to every other page on this website. Please make sure to verify the information with EPFL's official sources.

Related concepts (7)

Related courses (23)

Related lectures (415)

Related MOOCs (1)

Information security audit

Cyberattack

A cyberattack is any offensive maneuver that targets computer information systems, computer networks, infrastructures, personal computer devices, or smartphones. An attacker is a person or process that attempts to access data, functions, or other restricted areas of the system without authorization, potentially with malicious intent. Depending on the context, cyberattacks can be part of cyber warfare or cyberterrorism. A cyberattack can be employed by sovereign states, individuals, groups, societies or organizations and it may originate from an anonymous source.

Security hacker

A security hacker is someone who explores methods for breaching defenses and exploiting weaknesses in a computer system or network. Hackers may be motivated by a multitude of reasons, such as profit, protest, information gathering, challenge, recreation, or evaluation of a system weaknesses to assist in formulating defenses against potential hackers. Longstanding controversy surrounds the meaning of the term "hacker.

COM-506: Student seminar: security protocols and applications

This seminar introduces the participants to the current trends, problems, and methods in the area of communication security.

COM-301: Computer security and privacy

This is an introductory course to computer security and privacy. Its goal is to provide students with means to reason about security and privacy problems, and provide them with tools to confront them.

MSE-101(a): Materials:from chemistry to properties

Ce cours permet l'acquisition des notions essentielles relatives à la structure de la matière, aux équilibres et à la réactivité chimique en liaison avec les propriétés mécaniques, thermiques, électri

Humanitarian Action in the Digital Age

The first MOOC about responsible use of technology for humanitarians. Learn about technology and identify risks and opportunities when designing digital solutions.

Deformable Bodies: Axial Loading and Stiffness

Explores axial loading, stress, strain, and equilibrium states in deformable bodies, emphasizing stability and equilibrium types.

Redox Reactions: Half-Reactions, Potentials, and Applications MSE-101(a): Materials:from chemistry to properties

Explores redox reactions, electrode potentials, and their practical uses in electrochemistry.

Deformable Structures I

Introduces the analysis of deformable structures, focusing on equilibrium, stress, and strain in axial loading and stiffness.