CISSP For Dummies
Auditing is the process of having a third-party examine systems and/or business processes to ensure that they’ve been properly designed and are being properly used.
Audits are frequently performed to ensure that the business is in compliance with business or security policies and requirements that the business may be subject to. These policies and requirements can include government laws and regulations, legal contracts, and industry or trade group best practices.
Audits are frequently performed by third parties, which gives the audit customers the confidence that the audit results are accurate and not biased because of organizational politics, and so on. But audits are also commonly performed by internal auditors - people inside the organization - in order to ensure continued compliance with laws, regulations, and policies.
Business critical systems need to be subject to regular audits on a timetable to be dictated by regulatory, contractual, or trade group requirements.
Due care requires that an organization operate using good business practices - usually a set of standards formally or informally stated by industry trade groups. An organization can be held liable for failing to operate with due care.
Категории