A computer security audit is a manual or systematic measurable technical assessment of your system or application. Manual assessments include interviewing staff, performing security vulnerability scans, reviewing application and operating system access controls, and analyzing physical access to the systems.
Automated assessments, or CAAT’s, include system generated audit reports or using software to monitor and report changes to files and settings on a system. Systems can include personal computers, servers, mainframes, network routers, switches. Applications can include Private and Public Networks, Web Services, Accounting Software, Microsoft Project Central and Internal Databases.
- Determining the feasibility of a particular set of attack vectors on your network
- Identifying higher-risk vulnerabilities that result from a combination of lower-risk vulnerabilities.
- Identifying vulnerabilities that may be difficult or impossible to detect with network scanning software
- Assessing the magnitude of potential business and operational impacts of successful attacks
- Testing the ability of network defenders to successfully detect and respond to the attacks
- Providing evidence to support increased investments in security personnel and technology