Security Audit a Necessary Part of Compliance

Security Audit and Compliance

Why do we need to do a security audit is question that many IT pros ask.

Many organizations have to respond to the queries of internal or external auditors and demonstrate that access to their unstructured data is being properly controlled. Questions such as the following from auditors are not uncommon:

  • How do you know who can access this folder with financial/customer/sensitive data in it?
  • Who authorized a user to have access permission to a file and how?
  • If a key file was deleted, how would you know it happened, or who did it?
  • Who were the last people to access a critical folder, and what did they do?
  • How do you make sure that the right people have access to your data?
OrderTable of Contents

After years of regulation and embarrassing data breaches, the highest levels of management now comfortably discuss IT controls and audit results. However, their quality expectations are rising. Where IT once performed audits annually, many now support quarterly, monthly, and ad hoc exercises. Each audit expands the scope of the technologies assessed, measured, and proven compliant. Broader scope means more complexity and more work. With the Security Audit Program you can increase timeliness and accuracy of audit data while reducing IT audit effort, disruption, and cost.

Author: Victor Janulaitis

M. Victor Janulaitis is the CEO of Janco Associates. He has taught at the USC Graduate School of Business, been a guest lecturer at the UCLA's Anderson School of Business, a Graduate School at Harvard University, and several other universities in various programs.