Risk-based auditing to achieve enterprise security

Here’s a new piece I wrote for SearchSecurity.com on using a risk-based auditing methodology to achieve enterprise security.

Some topics covered include:

• Why use a risk-based audit
• How to perform a risk assessment
• Tips on categorizing assets
• Classifying assets by criticality and confidentiality levels
• Calculating risk and risk ranking
• Developing an audit plan
• A six-step audit methodology
• A risk-based audit use case

Give it a read and let me know if you have any questions.