ABSTRACT
An independent third-party security assessment can help a company define what its security needs are and provide a framework for enhancing and developing its information security program. An independent security assessment using an internal auditor or a third-party consultant can facilitate open and honest discussion that will provide meaningful information. Because the security assessment will provide a roadmap for the information security program, it is critical that a quality assessment be per-formed. The actual security assessment must measure the security posture of a company against standards. Security standards range from ones that address high-level operational processes to more technical and sometimes technology-specific standards. From a security assessment perspective, the key objective is to determine if the infrastructure supporting remote access is secure and reliable. Essentially, internal audit is in a position to do a continuous security assessment.
