Updating of security procedures and scheduling of security audits

29 Mar

This document provides infomation about security policies.

According to Ira Winkler, president of the Internet Security Advisors Group, security audits, vulnerability assessments, and penetration testing are the three main types of security diagnostics.Failure of management to implement appropriate controls may expose the institution to potential loss from fines, penalties, and customer litigation.These examination procedures (commonly referred to as the work program) are intended to help examiners determine the effectiveness of the institution's information security process.The reality is that IT (which most of these compliance and security audits ultimately falls upon since they concern systems) perceives preparing for compliance as time that could be devoted to other projects that the department regards as more important.Also, IT departments are known to share a certain "gallows humor" about audits — that is, compliance auditors must find at least several things wrong whenever they audit in order to "stay in business."Consequently, enduring an IT security or compliance audit has all of the appeal of visiting your doctor for an annual physical.