ABSTRACT
This chapter discusses the security audits entail an in–depth examination of security infrastructure, policies, people, and procedures. The purpose is to identify areas of weakness within the infrastructure and to provide recommendations for appropriate solutions. Audit or assessment to reconstruct security–related events should have specific requirements and goals in reviewing how users perform daily compliance based on sound security policies. The Unix Insider included an excellent column on security audits. There are two main types of audits: one perform internally, and one performed by an external party. Internal audits help ensure that organizations and departments are following the organization’s security policy. Third–party audits are performed for numerous reasons, such as to comply with or prepare for Securities and Exchange Commission or other regulatory guidelines, mergers and acquisitions’ due diligence, or annual reviews. A quick audit usually means that the auditor will review security policies, scan and probe network remotely, and conduct a brief onsite check for internal security issues.
