The importance of understanding and performing a good security audit cannot be overemphasized. Audits are one of the most important tools we have for being proactive in our security measures and keeping up with the enemy. It is vital that an organization be able to discover its own weak links and vulnerabilities before anyone else does. The importance of a good security audit, however, goes far beyond this. An organization with a security mind must be able to understand and identify risks, controls, and policies. We must have a sense of the organization, its components, what it relies on, and what could cause it harm. The Relational Security Assessment Model will cover this and is a good guide for developing the proper perspective. Even if a security professional has never performed a single formal audit, knowing the concepts behind risk evaluation and control assessment is vital for security development. |