© SidorArt/Shutterstock.
CHAPTER 3What Is the Scope of an IT Compliance Audit?
THE SCOPE OF AN information technology (IT) audit can vary depending on the specific risk and processes being examined, such as a network audit compared to an application audit. Nonetheless, there are common scope elements to all IT compliance audits, which include an examination of the related policies, adherence to those policies, and adequacy of vulnerability assessments.
A compliance review can determine if policies are being followed. The vulnerability assessment is used to measure the effectiveness of the policies. If everyone follows the policies, ...
Get Auditing IT Infrastructures for Compliance, 3rd Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
