Security Assessment and Audit by Wentz Wu, ISSAP, ISSEP, ISSMP CISSP, CCSP, CSSLP, CGRC, SSCP, CC, CISM, CISA, CRISC, CGEIT, PMP, ACP, PBA, RMP, CEH, ECSAWentz Wu

NIT SP 800-53A R4

NIT SP 800-53A R4 “defines the three assessment methods that can be used by assessors during security and privacy control assessments: (i) examine; (ii) interview; and (iii) test. The application of each method is described in terms of the attributes of depth and coverage, progressing from basic to focused to comprehensive.”

CISA Review Manual, 26th Edition

According to CISA review manual, 26th edition, IS audit is the formal examination, interview and/or testing of information systems to determine whether:
– Information systems are in compliance with applicable laws, regulations, and/or industry guidelines.
– IS data and information have appropriate levels of confidentiality, integrity and availability.
– IS operations are being accomplished efficiently and effective targets are being met.

Audit as Independent Assessment

Assessments conducted by independent parties are called audits. First-party audits are conducted by the internal audit function or department. Second-party audits are conducted by external parties such as first-tier customers per the contractual requirements. Third-party audits are conducted by external parties like the big four accounting firms or ISO certification bodies.

Wentz Wu

ISSAP, ISSEP, ISSMP CISSP, CCSP, CSSLP, CGRC, SSCP, CC, CISM, CISA, CRISC, CGEIT, PMP, ACP, PBA, RMP, CEH, ECSA

Security Assessment and Audit

NIT SP 800-53A R4

CISA Review Manual, 26th Edition

Audit as Independent Assessment

Like this:

Related

Leave a ReplyCancel reply

NIT SP 800-53A R4

CISA Review Manual, 26th Edition

Audit as Independent Assessment

Share this:

Like this:

Related

Leave a ReplyCancel reply

Discover more from Wentz Wu