Skip to main content

Using Information Security as an Auditing Tool

As cyber-attacks are gaining visibility within mainstream media, what once was knowledge for information security expertise is now a concern of everyday individuals. With solutions and information readily available, where does one start in the pursuit of information security? The understanding of the organization's system and network infrastructure is required, but what type of approach can be taken? Investigation leads to using information security as an auditing tool to analyze and report on an organization's strengths, weaknesses and needs. As a result, the organization inherently gains visualization of the current posture, its gaps and a method for continuous remediation.

Download file

37085 (PDF, 2.56MB)

14 Jul 2016
ByAdi Sitnica
Share
All papers are copyrighted

No re-posting of papers is permitted

Related Content

2026 Cybersecurity Workforce Research Report by SANS | GIAC

Research Paper

The cybersecurity workforce is at a turning point. AI is transforming how work gets done, regulators are redefining ‘qualified,’ and organizations are recognizing that the right skills, not headcount, are what drive success. As AI reshapes the cyber workforce, this report helps leaders make informed decisions and shows practitioners where skills and careers are heading.

  • 11 Mar 2026
  • SANS Institute, GIAC Certifications

SANS 2025 Security Awareness Report

Research Paper

Now in its 10th year, the SANS Security Awareness Report remains the definitive, practitioner-built resource for understanding and managing the human side of cybersecurity.

  • 12 Aug 2025
  • Lance Spitzner

Cybersecurity Solutions Healthcare Report 2025

Research Paper

Review and compare vendor capabilities, featuring SANS Institute as a top provider of security training and services tailored for healthcare.

  • 30 Jul 2025
  • KRAS

The Business Value of SANS: Proven Impact of Cybersecurity Training

Research Paper

New research from IDC reveals the tangible business value of rigorous, practitioner-led training from SANS

  • 26 Jun 2025
  • David Clemente, Leonardo Freitas, Ladislav Kinda

The Business Value of SANS: Proven Impact of Cybersecurity Training – Euros

Research Paper

New research from IDC reveals the tangible business value of rigorous, practitioner-led training from SANS: faster threat detection and response, reduced operational risk, stronger team cohesion, and millions in annual cost savings.

  • 24 Jun 2025
  • David Clemente, Leonardo Freitas, Ladislav Kinda

The Business Value of SANS: Proven Impact of Cybersecurity Training – Pounds

Research Paper

New research from IDC reveals the tangible business value of rigorous, practitioner-led training from SANS: faster threat detection and response, reduced operational risk, stronger team cohesion, and millions in annual cost savings.

  • 24 Jun 2025
  • David Clemente, Leonardo Freitas, Ladislav Kinda

A Startups Guide to Implementing a Security Program

Research Paper

Startups struggle to balance survival with the practical implementation of a security program. There...

  • 8 Oct 2020
  • Vanessa Pegueros

Putting it all together through Automation

Research Paper

Most problems faced in Information Security are typically time sensitive. For Forensic Engineers and...

  • 22 Apr 2019
  • Kenneth Ray

Information Security Best Practices While Managing Projects

Research Paper

To maximize long-term return on investment (ROI) with a project's delivery, taking information...

  • 25 Mar 2019
  • Dallas Smith

Logon Banners

Research Paper

Logon banners have been a common feature of operating systems and applications for many years....

  • 20 Mar 2019
  • Keelan Stewart

Security Considerations for Team Based Password Managers

Research Paper

Password management applications are a common and practical way to store complex passwords. They use...

  • 23 Jul 2018
  • Matthew Schumacher

Content Security Policy in Practice

Research Paper

The implementation of Content Security Policy to leverage web browser capability in protecting a web...

  • 6 Jul 2018
  • Varghese Palathuruthil

Agile Security Patching

Research Paper

Security Patch Management is one of the biggest security and compliance challenges for organizations...

  • 3 May 2018
  • Michael Hoehl

Speed and Scalability Matter: Review of LogRhythm 7 SIEM and Analytics Platform

Research Paper

Just how scalable, fast and accurate are SIEM tools when under load? To find out, we put the...

  • 13 Apr 2017
  • Dave Shackleford

Bill Gates and Trustworthy Computing: A Case Study in Transformational Leadership

Research Paper

The notion that IT security is a serious issue is non-controversial. The market for cybersecurity...

  • 20 Sep 2016
  • Preston S. Ackerman

Filling the Gaps

Research Paper

There should be an emphasis on the importance of regular internal and external auditing focusing on...

  • 18 Aug 2016
  • Robert Smith

Investing in Information Security: A Case Study in Community Banking

Research Paper

Small businesses, such as community banks, often do not have resources dedicated to information...

  • 12 Aug 2016
  • Wes Earnest

Introduction to Rundeck for Secure Script Executions

Research Paper

Many organizations today support physical, virtual, and cloud-based systems across a wide range of...

  • 11 Aug 2016
  • John Becker

Applying Data Analytics on Vulnerability Data

Research Paper

Organizations, by law, should exercise due care and due diligence in securing data at rest, in...

  • 23 Dec 2015
  • Yogesh Dhinwa

Framework for Innovative Security Decisions

Research Paper

Remember the Periodic Table of chemical elements (Dayah, Dynamic Periodic Table, 1997)? It...

  • 3 Nov 2015
  • Ergash Karshiev

Subscribe to GIAC’s Monthly Newsletter

Receive expert insights, priority access to certifications, essential updates on regulatory changes and industry developments.