Managing Security Risks: Quiz 4

A review of an organization's security controls, policies, and procedures against a set of expectations.

se___________ au____________

Purposes of internal security audits:

identify org__________ r_______

acc___________ controls

correct comp____________ issues

Common elements of internal audits

Establishing the sc_________ and goals

Conducting a r_________ assessment

Completing a con_____________ assessment

Accessing comp______________

Communicating re________________

sc___________ refers to the specific criteria of an internal security audit.

goals are an outline of the organization's security ob_______________.

Security audits must be performed to safeguard da______ and avoid penalties and fines from go_____________ agencies. The frequency of audits is dependent on local laws and federal compliance regulations.

Indicate how often an audit should be performed

Include an evaluation of organizational po________, pr_________, and procedures to make sure they are working as intended and being implemented by employees

Complete a risk assessment

A risk assessment is used to evaluate identified organizational risks related to bud________, con_______, internal proce________, and external stan_________ (i.e., regulations).

Conduct the audit

When conducting an internal audit, you will assess the security of the identified assets listed in the audit sc_________.

Create a mitigation plan

A mitigation plan is a strategy established to lo_______ the level of risk and potential costs, penalties, or other issues that can negatively affect the organization’s security posture.