1 (306) 502-1116

What’s the difference between a security assessment and a security audit?

Tillman Hodgson

For people outside of the cybersecurity industry, the terminology and complexity of data security issues can be daunting. At the end of the day, you don’t know what you don’t know, and that’s overwhelming and off-putting to many of us. At SeekingFire Consulting, we’ve long taken an educational approach to data security. We empower our […]

For people outside of the cybersecurity industry, the terminology and complexity of data security issues can be daunting. At the end of the day, you don’t know what you don’t know, and that’s overwhelming and off-putting to many of us. At SeekingFire Consulting, we’ve long taken an educational approach to data security. We empower our clients to tackle their information security needs and don’t want industry jargon or terminology to get in the way of that. With that in mind, let’s break down two common industry terms. 

What is a security assessment?

An information security assessment looks at the security you currently have and recommends improvements that can help you mitigate cybersecurity risk down the road. As risks and threats evolve all the time, you should conduct security assessments periodically to test your organization’s security posture. 

Following an assessment from SeekingFire, we provide a 3-year information security roadmap that helps our clients understand what to do and when to do it.

What is a security audit?

Essentially, an information security audit goes a step further than an assessment. While an assessment establishes the existence of specific security controls, an audit then tests those controls as well. 

If we think of this as a home security system, an assessment establishes that you have an alarm system installed and the components like cameras, sensors and locks. An audit tests that the alarm actually works.

A security audit is a substantial and formal review of your systems and processes. Not only does it look at your physical infrastructure (networks, firewalls etc.), but it also looks at things like policy and operating procedures. As a result, we will put your whole data security infrastructure to the test.

Depending on your industry, you may be legally required to have an external information security audit (we help many clients meet these regulations). 

How do I know which option is right for me?

We’ve said it before, and we will say it again; there’s no one size fits all when it comes to data security. If you’re unsure of what you need, the best thing you can do is talk to a qualified professional to discuss your unique situation. A vulnerability scan or a security assessment can often be a great place to start, but depending on your needs, you may require a more robust audit. At SeekingFire, we’ve been making the digital world a safer, more secure place since 2005. We’ve helped many clients across Western Canada, and we can help you too! Please get in touch with us for a no-obligation consultation.

Ready to learn more?

What is cybersecurity and why does it matter?

What is cybersecurity and why does it matter?

Cybersecurity is a word that we hear about in the news, but that doesn't often inspire deep curiosity and interest; it's not exactly "light reading." Cybersecurity refers to the protection of digital assets and data from unauthorized or criminal use. It includes the...

read more