A
computer security audit is a manual or systematic measurable technical assessment of a system or application. Manual assessments include interviewing staff, performing
security vulnerability scans, reviewing application and operating system
access controls, and analyzing physical access to the systems. Automated assessments, or
CAAT's, include system generated
audit reports or using software to monitor and report changes to files and settings on a system. Systems can include personal computers, servers, mainframes, network routers, switches. Applications can include
Web Services, Microsoft Project Central, Oracle Database. (examples only).