Process of Security Audits and their Importance

Process of Security Audits and their Importance

Name:

Institution:

Process of Security Audits and their Importance

Outline

Definition of the audit’s scope

• Creation of a security parameter
• Development of an asset list

Creation of a threats list

• Common threats
• Rare threats

Future threats

• Examination of the threat history
• Evaluation of security trends
• Analyzing competitor activities

Making of a prioritized list of assets and vulnerabilities

• Performance of a risk calculation
• Measurement of risk probability
• Forecast of harm/influence on systems

Implementation of network access controls

Implementation of intrusion Prevention

• Rate based
• Content based

Implementation of identity and access management

Creation of backups

• Offsite storage
• Onsite storage
• Build up of secure access to backups
• Scheduling of backups

Email Protection and the development of filtering capabilities

Prevention of physical intrusions

Annotated Bibliography

Basta, A., Zgola, M., & Bullaboy, D. (2012). Database Security. Boston, Mass: Course Technology/Cengage Learning.

The above authors offer insight into the installation of databases. It also covers the different ways that engineers can prevent any type of intrusions. Similarly, it contains real life examples of attacks and the preventative measures that were taken to avoid such vulnerabilities. It is well organized into various topics that enlighten on methods of boosting the integrity of systems under diverse environments. While the language used is a little technical, there are provisions for their translations and this makes it user friendly. As such, it tackles the origin and prevention of breaches to maintain confidentiality among communication systems. Furthermore, it has sections dedicated to malware and solutions to these attacks. Thus, it is educative on the best and most cost efficient auditing process that can be undertaken in any business entity. The authors are qualified instructors in the computer science field thereby providing authoritative opinions about the subject.

Jackson, C. (2010). Network Security Auditing. Indianapolis, IN: Cisco Press.

This book delves into detail about the procedure that auditing of systems entails and it specifically targets different types of networks. Furthermore, it offers useful guidelines on ways of risk management as well as the policies that organizations can adopt for them to promote compliance with the necessary regulations. It is written in a simple but concise manner that the reader would not have a problem understanding its content. Moreover, it contains relevant examples and further definitions of both web applications and database auditing. Jackson provides a summary at the beginning of each chapter and this informative approach makes it easier for the reader to comprehend the concepts. Some graphical data is included as well to illustrate the ideas under discussion. It also regularly poses some questions in order to make the reading interactive.

Smith, R. E. (2013). Elementary Information Security. Burlington, MA: Jones & Bartlett Learning.

Smith offers challenges to the reader for him/her to develop analytical skills about various security challenges. In the above book, he discusses the architecture of different systems and gives advice on the user’s actions regarding protecting it from attacks. It also dwells on the ethical issues involved during the auditing process as well as the security flaws that should be anticipated. Moreover, he includes a biometric authentication piece and an encryption analysis, which serve to broaden the reader’s view about how to conduct an audit. Contingency planning is dealt with at length to reinforce the earlier topics covered and this would be a valuable addition to the knowledge gained. Consequently, due to its detailed nature, it is enriching. It also contains photographic data that compliments the texts thereby improving comprehension of the content. The examples given are practical because they are applicable even in today’s environment.