Security Auditing

Definition

Security auditing is the security engineering task during which the security of a business, data center, contact center, or application is formally audited.

Objectives

The typical objectives of security auditing are:

• Audit the current level of security.

Preconditions

The security auditing task typically may begin when the following preconditions hold:

• The security team is adequately staffed and trained in security auditing.

Completion Criteria

The security auditing task is typically complete when the following postconditions hold:

• The endeavor has been completed or the work product has been retired.

Steps

The security auditing task typically involves performing the following steps:

• TBD

Techniques

The security auditing task is typically performed using the following techniques:

• TBD

Work Products

The security auditing task typically results in the production of the following work products:

• Security Audit Report

Guidelines

• The security auditing task should be performed at the beginning of an endeavor and regularly thereafter.