Talk:Information technology security audit

Start
This started as part of a section of Security breaches that AlMac thinks ought to have its own Wiki article. After this article seems to no longer have so many grievances against it, AlMac plan was to return to Security breaches and make Computer security audit a main article there, eliminating some of the redundant content. Additional main articles later. AlMac 7 July 2005 14:16 (UTC)

Computer security audit is both a noun and a process. There is not much point doing one audit then assuming the problem is fixed, because Computer security is a moving target. We need to check our systems, see what needs fixing, do the audit again, fix again, then when all identified problems ahve been fixed, raise the bar on the standards we are trying to achieve. Periodically there is evolution in the Computer insecurity threats out there, so we need to ugrade our audit tools to deal with the new threats. Also, any time something new is added to our systems, we need to run the audit process again, to make sure the new thing did not mess anything up.

In Votes for deletion/Computer Security Audits, there was the cirticism that how to do audits is in here, while that does not belong in an Encyclopaedia. One reason I put some in was that I saw a grievance on another person's article in that the author was accused of writing nonsense, and needed to prove assertions. There are a lot of people who assert that Computer security is an Oxymoron, or too expensive to achieve. I wanted to include examples of technologies that make good Security doable. AlMac 7 July 2005 19:12 (UTC)

Similar sounding topics
AlMac studied the Auditing information security article before starting Computer Security Audits. AlMac conclusion was that Auditing information security is rather dated and for a narrow spectrum of the Computer security field. It describes a reality of large comapnies, like those traded on the stock market, that can afford to have a team of humans from some audit firm, perform certain tasks. Most small businesses, which are most enterprises period, cannot afford this, and certainly not home users.

Auditing information security is a valid topic, of great interest to many enterprises, but while the work they do is more intensive than Computer security audit focus, the former's market share is microscopic compared to the latter. This needs to be explained, like the Computer security and Computer insecurity articles point at each other.


 * Computer security article focuses on Design for Good Security in the first place, which most computer vendors should do, but far too many do not.
 * Computer insecurity article focuses on victims in the "Oh Hell, what a mess we are in, how do we get out of this?"

Similarly (except first need to clean up this language)


 * Auditing information security article focuses on what the giants of industry do to identify security issues in need of remediation.
 * Computer Security Audits (which may need a slightly different title) article focuses on what the little guy, and small business can do, to identify security issues that are easily repaired.

Now many enterprises do not think they need Security Audits, but one of the outputs of these automated tools is an education that can lead some companies to conclude that they do need professional help, because the remediation effort is more than can be handled by their staff. AlMac 7 July 2005 20:04 (UTC)

Opening section

 * The opening section, above the contents, are crying out to me for a sub-head like "Introduction" or "Overview". I not know how big the statement above start of "Contents" is appropriate here.
 * The first half of this top section seems to me to be lacking clarity. I need to both consolidate it, and solve that problem.

AlMac 8 July 2005 12:16 (UTC)

The introduction section should be long, and untitled, above the table of contents. It can be three paragraphs long. There is a style guide for this section here: Guide to writing better articles.--Fenice 8 July 2005 12:59 (UTC)

What the Audits NOT do

 * I think this section now has met the requirement to be prose rather than outline format, and now it needs to have links added, where appropriate, to other stuff in Wikipedia.
 * Also, I think each section may need polishing of the summary statements of what we learn from all this, how it fits into the larger picture.

AlMac 8 July 2005 12:16 (UTC)

What the Tools do
I have your guidance, I know what needs to be done, but I am out of time again for another session. I will have to get back to this later. AlMac 8 July 2005 12:16 (UTC)

More Content
This is not the whole story. It is just how far I got before being asked to clean up my style. AlMac 8 July 2005 12:16 (UTC)

Once this has been leaned up, perhaps it should be marked due to current security breaches in the news and what is needed to protect against being a victim of them. AlMac|(talk) 21:59, 22 July 2005 (UTC)

Failed vfd vote
Votes_for_deletion/Computer_Security_Audits. --Woohookitty 23:37, 19 July 2005 (UTC)

Capitalization
I have not forgotten about needing to clean up this article that I started here, and I am pleased to see that other editors have made some improvements while I have been pre-occupied. I think there's a lot of places where I have used capitalization in middle of sentences inappropriately, perhaps because when I first wrote parts of this I had not yet learned as much about Wikipedia standards and what's practical as I now know.

I plan to add a few more sections, then after we see the flow, may feel that they need moving to somewhat different placement. User:AlMac|(talk) 08:11, 17 January 2006 (UTC)

Types of risk assessment
You can take a qualitative or quantitative approach to risk assessment. It might be worth mentioning both and compare them.

Changed Tag
I was tempted to label this POV and mark it AfD, but I see a lot of good work. As such, the other tags should suffice.

On POV, the article tone assumes that it is a white paper of sorts, making the assumption the end-user is clueless and requires some sort of oversight. Tone is very bad. This on my watch list. --meatclerk 22:41, 23 July 2006 (UTC)

Reassessment Comments
To move the article above Start-class I would consider the follow at a minimum:
 * 1) Incorporate as many of the "see also" items into the article as would be logical; don't just shove them in anywhere.
 * 2) Consider including sources with inline references.

&sect; Music Sorter &sect;  (talk) 07:29, 17 November 2010 (UTC)

This is a content fork of Information security audit
See WP:REDUNDANTFORK. --Daviddwd (talk) 03:12, 25 September 2018 (UTC)

Merge with Information security audit
I see the existing comments on this talk page that this article is almost entirely redundant to Information security audit. Let's try to determine objectively which article title is the most commonly or authoritatively term used. Then we can marry the two. Both articles are equally terrible in quality (hodge-podge of opinion-based non-factual content with little or no citations) so quality is not a deciding factor. Stephen Charles Thompson (talk) 20:14, 21 October 2018 (UTC)
 * Suggest merge to Information security audit as that is the broader topic, a simpler title and the older article. Klbrain (talk) 10:34, 19 January 2020 (UTC)
 * ✅ Klbrain (talk) 10:24, 26 February 2020 (UTC)