Risk-based auditing to achieve enterprise security
April 29, 2010 by Marcos Christodonte II · Leave a Comment
Here’s a new piece I wrote for SearchSecurity.com on using a risk-based auditing methodology to achieve enterprise security.
Some topics covered include:
- Why use a risk-based audit
- How to perform a risk assessment
- Tips on categorizing assets
- Classifying assets by criticality and confidentiality levels
- Calculating risk and risk ranking
- Developing an audit plan
- A six-step audit methodology
- A risk-based audit use case
Give it a read and let me know if you have any questions.
