IT security audits and audit frameworks

Be prepared for your next IT security audit. Check out our resources on audit planning, tools, reports, mistakes, procedures, management standards, and how to work with auditors and audit validation.

New & Notable

Download this free guide

Instant Download: Free Guide to Password Security

Including insights from security pros Michael Cobb, Jeremy Bergsman and Nick Lewis, gain expert advice on how to improve your password policies to keep your enterprise safe. Explore machine learning-powered techniques, how to approach mobile password management, and more.

Corporate E-mail Address:
You forgot to provide an Email Address.
This email address doesn’t appear to be valid.
This email address is already registered. Please login.
You have exceeded the maximum character limit.
Please provide a Corporate E-mail Address.
- I agree to TechTarget’s Terms of Use, Privacy Policy, and the transfer of my information to the United States for processing to provide me with relevant information as described in our Privacy Policy.
Please check the box if you want to proceed.
- I agree to my information being processed by TechTarget and its Partners to contact me via phone, email, or other means regarding information relevant to my professional interests. I may unsubscribe at any time.
Please check the box if you want to proceed.

IT security audits and audit frameworks News

December 11, 2018 11 Dec'18
Second Google+ data exposure leads to earlier service shutdown

Another Google Plus data exposure -- this time potentially affecting more than 52 million users -- will cause the service to be shut down four months earlier than scheduled.
October 11, 2018 11 Oct'18
U.S. weapon systems cybersecurity failing, GAO report says

A U.S. Government Accountability Office report gave failing grades to military weapon systems cybersecurity, but some experts say the report should be a source of encouragement.
October 10, 2018 10 Oct'18
Google security audit begets product changes, German probe

A Google security audit uncovered a glitch in Google Plus that exposed data from nearly 500,000 accounts, causing the company to shutter the social network and spur a German data protection probe.
October 28, 2016 28 Oct'16
How Big Finance and the feds conquered SecOps with code

SecOps is among the most daunting frontiers of DevOps transformation, but banks and the U.S. federal government are forging ahead using Puppet IT automation.

View All News

IT security audits and audit frameworks Get Started

Bring yourself up to speed with our introductory content

Is information security gap analysis important for HIPAA compliance?

Security gap analysis is a strong, reliable technique for enterprises looking to assure HIPAA compliance. Expert Mike Chapple explains how to perform the analysis. Continue Reading
HIPAA and HITECH compliance: Who should perform assessments?

Here are some important criteria for hiring a partner to review your information security program, with a focus on HIPAA and HITECH compliance. Continue Reading
How can health organizations prepare for HIPAA audits?

The long-awaited HIPAA audits conducted randomly by HHS are finally supposed to happen in 2015, but with stricter requirements. Here's how organizations can get ready. Continue Reading

View All Get Started

Evaluate IT security audits and audit frameworks Vendors & Products

Weigh the pros and cons of technologies, products and projects you are considering.

Electronic voting systems in the U.S. need post-election audits

Colorado will implement a new system for auditing electronic voting systems. Post-election audits have been proven to help, but are they enough to boost public trust in the systems? Continue Reading
How can enterprises use SOC 2 reports to evaluate cloud providers?

Enterprises can use SOC 2 reports to evaluate cloud service providers. Expert Matthew Pascucci discusses the effectiveness of doing so, and what else companies can use. Continue Reading
Gartner on PCI DSS 3.0 changes: Bigger, harder and more expensive

Gartner analyst Avivah Litan discusses how Gartner clients are reacting to the changes in PCI DSS 3.0, and whether the increased rigor in the standard will prove beneficial to enterprises. Continue Reading

View All Evaluate

Manage IT security audits and audit frameworks

Learn to apply best practices and optimize your operations.

Embedded application security: Inside OWASP's best practices

OWASP released a draft of new guidelines for creating secure code within embedded software. Expert Judith Myerson discusses best practices, pitfalls to avoid and auditing tools. Continue Reading
The difference between security assessments and security audits

Security audits vs. security assessments solve different needs. Organizations may use security audits to check their security stature while security assessments might be the better tool to use. Expert Ernie Hayden explains the differences. Continue Reading
What's the best way to handle external security auditors?

Dealing with external security auditors can make IT professionals uncomfortable. Here are some ways to handle and make the most of the audit process. Continue Reading

View All Manage

Problem Solve IT security audits and audit frameworks Issues

We’ve gathered up expert advice and tips from professionals like you so that the answers you need are always available.

How can companies avoid failing the annual FISMA audit?

The annual FISMA audit is designed to ensure companies need to have consistent security standards. Here's how to prepare for the audits. Continue Reading
Audit concerns when migrating from traditional firewall to NGFW

Learn about a potential audit concern when transitioning from a traditional firewall to a next-generation firewall. Continue Reading
How descoping measures can help reduce regulatory compliance burden

Expert Mike Chapple explains how two descoping techniques can help many organizations reduce their regulatory compliance burden. Continue Reading

View All Problem Solve