Exam Objectives 5.5
Explain types and purposes of audits and assessments.
- Attestation: External validation of information
- Internal audits: Audits within an organization
- Compliance: Adherence to rules and regulations
- Audit committee: Oversight of internal audit functions
- Self-assessments: Internal evaluations for improvement
- External audits: Audits by independent entities
- Regulatory audits: Ensuring adherence to industry regulations
- Examinations: Detailed scrutiny of financial records
- Independent third-party audit: External impartial assessments
- Penetration testing: Assessing security through simulated attacks
- Physical: Testing involving real-world access attempts
- Offensive: Simulated attacks by ethical hackers
- Defensive: Evaluating an organization’s defense mechanisms
- Integrated: Comprehensive testing combining various approaches
- Known environment: Testing with extensive knowledge about the target
- Partially known environment: Testing with limited target information
- Unknown...