1 (306) 502-1116

What’s the difference between a security assessment and a security audit?

Tillman Hodgson

For people outside of the cybersecurity industry, the terminology and complexity of data security issues can be daunting. At the end of the day, you don’t know what you don’t know, and that’s overwhelming and off-putting to many of us. At SeekingFire Consulting, we’ve long taken an educational approach to data security. We empower our […]

For people outside of the cybersecurity industry, the terminology and complexity of data security issues can be daunting. At the end of the day, you don’t know what you don’t know, and that’s overwhelming and off-putting to many of us. At SeekingFire Consulting, we’ve long taken an educational approach to data security. We empower our clients to tackle their information security needs and don’t want industry jargon or terminology to get in the way of that. With that in mind, let’s break down two common industry terms. 

What is a security assessment?

An information security assessment looks at the security you currently have and recommends improvements that can help you mitigate cybersecurity risk down the road. As risks and threats evolve all the time, you should conduct security assessments periodically to test your organization’s security posture. 

Following an assessment from SeekingFire, we provide a 3-year information security roadmap that helps our clients understand what to do and when to do it.

What is a security audit?

Essentially, an information security audit goes a step further than an assessment. While an assessment establishes the existence of specific security controls, an audit then tests those controls as well. 

If we think of this as a home security system, an assessment establishes that you have an alarm system installed and the components like cameras, sensors and locks. An audit tests that the alarm actually works.

A security audit is a substantial and formal review of your systems and processes. Not only does it look at your physical infrastructure (networks, firewalls etc.), but it also looks at things like policy and operating procedures. As a result, we will put your whole data security infrastructure to the test.

Depending on your industry, you may be legally required to have an external information security audit (we help many clients meet these regulations). 

How do I know which option is right for me?

We’ve said it before, and we will say it again; there’s no one size fits all when it comes to data security. If you’re unsure of what you need, the best thing you can do is talk to a qualified professional to discuss your unique situation. A vulnerability scan or a security assessment can often be a great place to start, but depending on your needs, you may require a more robust audit. At SeekingFire, we’ve been making the digital world a safer, more secure place since 2005. We’ve helped many clients across Western Canada, and we can help you too! Please get in touch with us for a no-obligation consultation.

Disclaimer

While we have made every effort to present accurate, unbiased and helpful information in this article, please note that it reflects the author’s opinion and is written for the purposes of general knowledge, information and discussion. This article is not intended as legal advice, nor should it be considered as advice specific to your individual data security situation. If you would like to discuss your cybersecurity needs in specific detail, please get in touch with us.

Ready to learn more?

Third Party Security: Who’s Minding Their Store?

Third Party Security: Who’s Minding Their Store?

Giant Tiger made the news this month with a security breach related to a third party. The discount retailer used another company to manage customer engagement and communications. Customer data, including contact information and home addresses were compromised, leaving Giant Tiger with the task of contacting customers to warn them of phishing emails and phone calls likely to ensue as a result.

read more
Stopping the Leaks: How to Play Safe on Today’s Internet

Stopping the Leaks: How to Play Safe on Today’s Internet

Sara finds an email in her inbox, notifying her that she has been the victim of a data leak through one of her social media accounts. Brad gets a similar email, letting him know that his private information is no longer secure after his favourite online store experienced a security breach. These types of notifications are almost commonplace as cybercriminals become increasingly sophisticated in their attacks on the networks that hold our data. In fact, there have been over 26 billion records exposed in what Canadian cybersecurity researchers are terming a “supermassive leak”. 

read more