Types of IT Security Audit

The International Organization for Standardization developed ISO 27001 as a standard. It is the foundation for an organization’s Information Security Management System (ISMS). The standard is divided into two straightforward sections: clauses (requirements, and hence not optional) and annex A controls (optionally used to mitigate identified information security risks). Types of IT Security Audit