What a Security Auditor Needs to Know About Privacy Compliance - Security Boulevard

What a Security Auditor Needs to Know About Privacy Compliance

Constant changes in the regulatory environment are putting more pressure on organizations to get data security and privacy right. Some regulations require audits to show compliance, but outside of that, any company that collects, processes or stores sensitive data could benefit from conducting regular security audits. An audit can help to identify gaps in processes and overall security posture as well as uncover any privacy compliance issues that will need to be addressed in order to avoid penalties.

What Is a Compliance Audit?

A security audit evaluates the organization’s information system against a predefined set of criteria. The audit may assess everything from the physical environment and controls to business processes and procedures, IT environment, hardware configurations and user practices.

An audit is typically less comprehensive than a vulnerability assessment, whose purpose is to find potential weaknesses in the IT system. It’s also different from penetration tests, which are sanctioned attacks on the organization by ethical hackers, known as penetration testers, to exploit the organization’s defenses the same way hackers would.

A compliance audit may be narrower in scope than a security audit, because it’s intended to examine policies and procedures as they relate to the laws and regulations that are relevant to the organization. These audits are conducted for different reasons, which may include:

*** This is a Security Bloggers Network syndicated blog from InfoSec Resources authored by Rodika Tollefson. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/HwpsjY1wYtU/