Wikipedia

Talk:Information technology security audit

This is an old revision of this page, as edited by AlMac (talk | contribs) at 21:51, 7 July 2005 (Notes). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.

Start

This started as part of a section of Security breaches that AlMac thinks ought to have its own Wiki article. After this article seems to no longer have so many grievances against it, AlMac plan was to return to Security breaches and make Computer security audit a main article there, eliminating some of the redundant content. Additional main articles later. AlMac 7 July 2005 14:16 (UTC)

Computer security audit is both a noun and a process. There is not much point doing one audit then assuming the problem is fixed, because Computer security is a moving target. We need to check our systems, see what needs fixing, do the audit again, fix again, then when all identified problems ahve been fixed, raise the bar on the standards we are trying to achieve. Periodically there is evolution in the Computer insecurity threats out there, so we need to ugrade our audit tools to deal with the new threats. Also, any time something new is added to our systems, we need to run the audit process again, to make sure the new thing did not mess anything up.

In Wikipedia:Votes for deletion/Computer Security Audits, there was the cirticism that how to do audits is in here, while that does not belong in an Encyclopaedia. One reason I put some in was that I saw a grievance on another person's article in that the author was accused of writing nonsense, and needed to prove assertions. There are a lot of people who assert that Computer security is an Oxymoron, or too expensive to achieve. I wanted to include examples of technologies that make good Security doable. AlMac 7 July 2005 19:12 (UTC)

Similar sounding topics

AlMac studied the Auditing information security article before starting Computer Security Audits. AlMac conclusion was that Auditing information security is rather dated and for a narrow spectrum of the Computer security field. It describes a reality of large comapnies, like those traded on the stock market, that can afford to have a team of humans from some audit firm, perform certain tasks. Most small businesses, which are most enterprises period, cannot afford this, and certainly not home users.

Auditing information security is a valid topic, of great interest to many enterprises, but while the work they do is more intensive than Computer security audit focus, the former's market share is microscopic compared to the latter. This needs to be explained, like the Computer security and Computer insecurity articles point at each other.

  • Computer security article focuses on Design for Good Security in the first place, which most computer vendors should do, but far too many do not.
  • Computer insecurity article focuses on victims in the "Oh Hell, what a mess we are in, how do we get out of this?"

Similarly (except first need to clean up this language)

  • Auditing information security article focuses on what the giants of industry do to identify security issues in need of remediation.
  • Computer Security Audits (which may need a slightly different title) article focuses on what the little guy, and small business can do, to identify security issues that are easily repaired.

Now many enterprises do not think they need Security Audits, but one of the outputs of these automated tools is an education that can lead some companies to conclude that they do need professional help, because the remediation effort is more than can be handled by their staff. AlMac 7 July 2005 20:04 (UTC)

Notes

Note that AlMac is attempting to make repairs to satisfy various notices, as I hope to share my know-how in a form that will fit in with this community. I have lots more I intend to include in Security breaches and related articles, once I have resolved the complaints about lack of neutrality in my point of view, without becoming too wordy in space to many different POV.

AlMac is having a lot of trouble knowing when to use upper case lower case, singular plural, in this Wikopedia.

Several kind and supportive individuals have posted to AlMac talk page some areas for AlMac to study, so as to get better at meeting the community goals. Please keep these suggestions coming. I am working my way through them, in hopes that I can fix all the problems, and become a valued member of this community. AlMac 7 July 2005 20:10 (UTC)

Keep up the good work, get rid of all the lists and the article should be all right. I strongly suggest you read Wikipedia:Guide to layout and Wikipedia:How to edit a page, if you haven't already—they're very insightful, as are the other articles in the style book.
Be aware that Wikipedia is not an FAQ. Don't refer to the reader or yourelf directly; sentences like Company-A has personal information on you and me. are considered bad style. The article shouldn't be a how-to: Go to Steve Gibson Research site, scroll down to Shields Up, run tests are improper. A better version would be something like Software to detect vulnerabilities is available from organisations such as Gibson Research Corporation, and arguably anything more detailed in a how-to way might not be proper here on WP. Avoid (though not at all costs) external links inside the main article body, the proper place is in its own section the end of the article. Try to give more than one alternative if there is one.
Last but not least, of course the article does not have to be perfect. Others will improve on what you write, especially if you make a decent start. Once you get rid of
  • all
    • the freaking
      • lists
I'll try editing it, too. ;) Note that I'm a newbie, too. Cheers. --Moritz 7 July 2005 21:33 (UTC)
Retrieved from "https://en.wikipedia.org/w/index.php?title=Talk:Information_technology_security_audit&oldid=18355958"