#30daysofsecuritytesting – Task IX

Task: Discover the process and procedures around Security Auditing

This is hard one. I do my research already second day, but still did not managed to create my own picture of “what is Security Auditing?”

Confusion starts with Wikipedia, because there are two articles about the topic, both marked as no complete.

https://en.wikipedia.org/wiki/Information_security_audit

https://en.wikipedia.org/wiki/Information_technology_security_audit

Maybe someone wants to fix it?

Piece, what I found helpful and useful is this 10 step guide “if a security auditor isn’t in the budget”: http://www.itsecurity.com/features/it-security-audit-010407/