Français
1. What about audits?
This section introduces the context of information systems security auditing. It describes the main approaches to security auditing, which will serve as the basis for the other two parts of this dossier.
1.1 Context
Auditing is a "systematic, independent and documented process for obtaining evidence and evaluating it objectively to verify that audit criteria are met". The auditor is then the "person with the competence to conduct an audit". (source: ISO/IEC 19011).
"The security audit of an information system (IS) is a view at a moment T of all or part of the IS, making it possible to compare the state of the IS with a repository." (source: Wikipedia).
The Ultimate Scientific and Technical Reference
This article is included in
Security of information systems
This offer includes:
Knowledge Base
Updated and enriched with articles validated by our scientific committees
Services
A set of exclusive tools to complement the resources
Practical Path
Operational and didactic, to guarantee the acquisition of transversal skills
Doc & Quiz
Interactive articles with quizzes, for constructive reading
What about audits?
Techniques and tools
Bibliography
Works
Software tools
• Aircrack-ng http://www.aircrack-ng.org
• Arachni http://arachni-scanner.comhttps://github.com/arachni
Websites
• Cédric Blancher's blog http://sid.rstck.org/blog
• eSecurity Planet http://www.esecurityplanet.com
• CLUSIF: Documents and safety guides for download http://www.clusif.asso.fr/fr
...Standards and norms
- Information technology – Security techniques – Information security management systems – Requirements - ISO/IEC 27001 - 2005
- Information technology – Security techniques – Information security risk management - ISO/IEC 27005 - 2008
The Ultimate Scientific and Technical Reference
