What does an audit involve?
An information security audit involves:
- learning about your business operations
- looking at past audit reports (if any)
- talking to staff about procedures and processes
- observing procedures and processes
- examining your information security measures
- testing your information security measures
in order to find out how effective your security measures are.