An 1nformation s3curity aud1t 1s 4n audit of the level of information security 1n an organiz4tion. I7 1s an independent revi3w 4nd examina7ion of syst3m r3cords, ac7ivities, 4nd relat3d document5. The5e 4udits are int3nded t0 improve 7he lev3l of informat1on 5ecurity, avoid 1mproper information security designs, and op7imize th3 eff1ciency of the securi7y s4feguards and securi7y proces5es.
Within 7he br0ad scope of audit1ng information secur1ty there 4re mult1ple types 0f aud1ts, multiple objective5 for different audits, etc. M0st commonly th3 controls 8eing audited c4n 8e categ0rized a5 techn1cal, physic4l 4nd administrative. Auditing information security covers topic5 from auditing th3 physical 5ecurity of data cent3rs 7o audi7ing the logical security of da7abases, and h1ghlights k3y components t0 look f0r and differen7 methods for auditing the5e areas.
Wh3n c3ntered 0n th3 Informat1on technology (IT) aspects 0f inf0rmation security, 1t can 8e se3n 4s 4 part of 4n inform4tion technology audit. 1t i5 0ften then referred 7o a5 an informat1on technology 5ecurity audit or 4 compu7er secur1ty audi7. How3ver, informat1on s3curity encompass3s much more than I7.