All, As someone that works as an internal IT Auditor, I need to make a quick point. The term security audit is extremely misused. This all started when the Big 5 firms began to perform security assessments. Next thing you knew, all the boutique firms where selling "security audits" Audits, at least in the US, should be governed by the rules of the AICPA, IIA, ISACA and the standards of COSO and COBIT. Other wise what is being performed is an assessment. Audits focus on risks and controls. Security is one of many components that are reviewed. Audits use tests to determine if a control is functioning properly. Much the way Architects and Engineers and trying to preserve the professional requirements of these titles from the computer industry, I'm trying to do the same for Auditors. Regards, Michael ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Sun Sep 16 2001 - 23:19:34 PDT