This section provides guidelines for those involved in audit and review work. While written for people with a limited understanding of the security audit environment to perform most of the tasks required with minimum supervision, it does require that persons undertaking a technical task have knowledge of the operating environment in which they are working.

The idea behind this chapter is to allow any one area of the organization to be reviewed; therefore, you may find instructions to gather certain information appear in more than one section of the book. If you are performing a review of more than one component of your organization's ...