Security Assessment Audit Report
Subscriber Content
Best Practices for Conducting and Documenting an Information Security Audit
This sample report presents the results of an organization's information security audit.
This report states the level of security assessed, identifies security deficiencies and areas of strength and weakness, and develops a course of action to correct vulnerabilities and mitigate associated risks. All information security systems, which by their nature are dependent on their human operators, are vulnerable to some degree. A focus was placed on evaluating controls that directly correlated to threats and risks that may compromise the confidentiality, integrity and availability of the information technology environment that supports an organization’s business operations.