Search

  
Security Audit
GSS Glossary - Security Audit

Security Audit

A computer security audit is a process that can verify that certain standards have been met, and identify areas in need of remediation or improvement. Decades ago, identifying problem areas had to be done by a team of human auditors, but now software can analyse what's on a computer, and present a story that you do not need to be an expert to comprehend. It is important to use software that stays current with rapidly evolving security threats. Software cannot resolve the whole problem. Computer Users need to evaluate the reports, make changes to correct the problems, then rerun the reports. When success is achieved in resolving all the identified problems, we can raise the bar on the standards we are trying to achieve.

Computer security audits go beyond information technology audits, which audit what is on the computer system and how it is being used, to verify programs are working as intended, and the data is reliable, to also verify that none of the data is being tampered with, or can be tampered with, to show incorrect results.

Definitions provided by Wikipedia - The Free Encyclopedia



Security Audit Related Industry News

Government, industry debate cybersecurity remedies

Government, industry debate cybersecurity remedies A congressional subcommittee took federal agencies to task Tuesday for their poor progress in securing their computer systems. The rebuke came two days before industry technology experts are expected to release reports on ways to fix the private sector's own security woes. During an oversight hearing on federal agencies' progress in securing their systems, members of the House Committee on Government Reform's Subcommittee on Technology, Informa...... [more]

Security Is Now Top IT Concern

Security Is Now Top IT Concern Security has overtaken cost cutting as the top concern of IT managers with more than 75 percent of those polled in a new IDC study rating security as a very or extremely significant challenge. According to IDC, the heightened level of security as a top concern has also had a corollary effect on IT security spending. "Our latest survey findings indicate that IT spending on security and business continuity has increased at 59 percent of organizations in the last...... [more]

Spyware plague triples in three months

Spyware plague triples in three months Epidemic of Trojans, keystroke loggers and system monitors The number of infections from Trojans, keystroke loggers and system monitors tripled during the last three months of 2004, a security audit has revealed. According to the 2004 Spy Audit conducted by ISP Earthlink and online privacy firm Webroot Software, the instances of spyware infections on consumer PCs rose 230 per cent, while the instances of Trojans rose 114 per cent from October 2004 to Decem...... [more]

UK banks ignore security audit findings

UK banks ignore security audit findings Some UK corporates routinely ignore the findings of security audits treating them solely as a necessary step to satisfy corporate governance regulations, according to an experienced penetration tester. Tim Ecott, managing consultant at security integrator Integralis, explained that banks and other financial institutions are told they have to carry out a penetration test to comply with audits. In some cases - perhaps five per cent - Ecott and his team dis...... [more]

Many Web application security vulnerabilities are not as serious as they seem

Many Web application security vulnerabilities are not as serious as they seem When interpreting the results of a vulnerability assessment, you need to focus on what's important in your Web application security testing. There are three sides to the story when looking at Web application security testing: yours, the findings of your vulnerability assessment, and the truth. Whether you're using a commercial or open source scanner, you're undoubtedly going to glean a lot of information and come acro...... [more]

UK council breach affects 54,000 residents

UK council breach affects 54,000 residents The Newcastle city council in the UK has admitted that personal data and payment card details of up to 54,000 local residents has been downloaded from an insecure server to an IP address outside the country. The stolen data includes names, addresses and card details from transactions between February 2006 and April 2007, mainly for payment of council tax, business rates, parking fines or council housing rent. The incident is the latest in a string of h...... [more]

Sites shut down after hack on Fasthosts

Sites shut down after hack on Fasthosts The UK’s largest web hosting firm, Fasthosts, has temporarily shut down some of its customers' websites – hundreds of sites are reportedly affected – following a hacking attack on its database. The database contains the financial details, email addresses and passwords of over a million businesses for which Fasthosts hosts websites. Whether or how the thieves have used the stolen data is not yet known. On 29 November Fasthosts had to forcibly shut down a n...... [more]

Security Manager's Journal: Getting the best from an audit

Security Manager's Journal: Getting the best from an audit An independent information security audit can be nerve-wracking, but this time, I actually enjoyed it. I guess it's just a matter of perspective. It might help that I've been an auditor myself, and so I knew what the auditor was looking for and what he would put into his report. But that isn't the whole story. A bigger factor was that this time around, I was prepared. And I've come to see the audit not as a reproach to my work but as a...... [more]

The top tech resolutions for 2009

The top tech resolutions for 2009 New Year's is a great occasion for taking pause to reassess priorities, needs, and wants. As we enter what looks to be a trying 2009, such a pause is even more critical. IT resources will be limited and business pressures higher. But that doesn't mean you withdraw or go into reactive mode. In tough times, being clear on your priorities is even more important, as everything you do is more critical. So InfoWorld asked its CTO Council member and its cadre of expert...... [more]

New devices make hotspots a hacker's paradise

New devices make hotspots a hacker's paradise Airport lounges, train stations and hotels represent three of the easiest attack vectors for hackers, according to white hat hacker, Chris Gatford. Speaking at IDC's SecurityVision conference today, Gatford said the vast majority of public hotspot users put their organisation's data at risk by connecting without a VPN to the "Linksys global wireless network" - his term for open networks set up in peoples homes that are left unsecured. Gatford, direc...... [more]

Women did well on Defcon social engineering test

Women did well on Defcon social engineering test Of the 135 people Fortune 500 employees targeted by social engineering hackers in a recent contest only five of them refused to give up any corporate information whatsoever. And guess what? All five were women. That's one of the interesting data points that contest organizers gathered, following their widely publicized event, held at the Defcon hacking conference last month. Organizers are in Washington this week, briefing the U.S. Federal Bureau...... [more]

Most large companies hit by hack attacks, survey shows

Most large companies hit by hack attacks, survey shows Is this year turning out to be even worse for getting hacked than last year? That's what a survey of 350 IT and network professionals would indicate, with large companies in particular reporting this to be worse than last in terms of suffering at least one network intrusion of their user machines, office network or servers. The Sixth Annual Enterprise IT Security Survey, released Monday, found that 67% of large companies with 5,000 or more e...... [more]

Researcher to release Web-based Android attack

Researcher to release Web-based Android attack A computer security researcher says he plans to release code Thursday that could be used to attack some versions of Google's Android phones over the Internet. The attack targets the browser in older, Android 2.1-and-earlier versions of the phones. It is being disclosed Thursday at the HouSecCon conference in Houston by M.J. Keith, a security researcher with Alert Logic. Keith says he has written code that allows him to run a simple command line shel...... [more]

In the IT security world, policies and controls are king

In the IT security world, policies and controls are king Over a decade ago, Stephen Northcutt, one of the original founders of the SANS Institute, recruited me to help plan a course purely about security policies and procedures. At the time, I was all about hands-on hacking and defending, and I saw little value in a course purely focused on "paperwork." It took me a long time to realize that without the paperwork, you don't get any real security. Almost all security professionals can s...... [more]

 

If you need more information about Security Audit, please feel free to contact us with your Security Audit questions using our contact form.

 
© 2003-2012 Global Secure Systems Ltd | Privacy statement