Talk:Information security audit

Is the Network Auditing link valid?
It links directly to a company selling IT products. I think this qualifies as spam. Vote to remove?

The audit process (section)
This section is presented as a sequence of events but the contents are not in a proper sequence. For example, there are activities listed as part of Audit planning & preparation, such as "Review the data center’s disaster recovery plan" that should be part of performing the review. How could someone review a DRP without first establishing audit objectives? This information is contrary to the CISA standards published by ISACA. It does not help that there are no authoritative references cited. This section is a hot mess, a compilation of unqualified personal opinion. Stephen Charles Thompson (talk) 19:51, 21 October 2018 (UTC)

The audited systems
This section is little more than an incomplete list of things that make up an enterprise IT system. The entire section could be summed up by simply saying: "all things related to an enterprise IT system." It does nothing to help the reader understand what information system auditing is. Stephen Charles Thompson (talk) 20:54, 21 October 2018 (UTC)

Specific tools used in network security (section)
This section is a rambling unfocused musing on what network security is and names a few specific software products related to network security. This lends nothing to understanding what auditing is, unless the goal of the section is to produce an incomplete and unqualified list of things to possibly consider when auditing IT. Stephen Charles Thompson (talk) 20:49, 21 October 2018 (UTC)