A security audit is a systematic evaluation of the security of a company's information system by measuring how well it conforms to a set of established criteria. It actively examines the organization’s security policies, procedures, and their implementation, and therefore it is a Detective Control because it is designed to detect and record unauthorized access or anomalies in system performance. It is not a Deterrent Control, which aims to discourage potential violations, typically through a visible presence or signs that a security process is in place.
Learn More
AI Generated Content may display inaccurate information, always double-check anything important.
What are the different types of security controls?
What is the purpose of a security audit?
What distinguishes a deterrent control from a detective control?