ABSTRACT
Firewall reviews are often called audits. An audit is defined
as “a methodical examination and review.” As well, the
terms “review,” “assessment,” and “audit” are often synon-
ymous. It is interesting to note that when security groups
from the Big Five (PricewaterhouseCoopers, Ernst &
Young, Deloitte & Touche, Arthur Andersen, KPMG)
accounting firms perform a security review, they are spe-
cifically prohibited from using the term “audit.” This is due
to the fact that the American Institute of Certified Public
Accounts (https://www.aicpa.org), which oversees the Big
Five, prohibits the use of the term “audit” because there is
no set of official information security standards in which to
audit the designated environment.