The Goal of a Security Audit

The goal of a security audit is to ensure that security policy is followed except regulatory compliance. In case of regulatory compliance accessment, the primary goal of a security audit is to access the effectiveness of the organization's ability to protect its info assets.

Adopted from the book Assessing Network Security by Ben Smith, David LeBlanc, Kevin Lam.