Chapter 3. Information Security Governance, Frameworks, and Standards
To audit a process, procedure, or technology, you must first measure the current state against the desired state; this enables you to identify the gaps. The terms “best practice” and “standards” are used to describe how a company should configure or manage its security controls, but if you put two security professionals in a room and asked them to describe the best way to accomplish a particular company’s goals, you would likely get a slew of different answers. With all of these best practices floating around, it becomes difficult to pick the “better” practice and it comes down to determining what fits the organization as a whole and that is where understanding information ...
Get Network Security Auditing now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
