Intrusion Detection and Information Security Audits

The rapid expansion and dramatic advances in information technology in recent years have without question generated tremendous benefits to business and organizations. At the same time, this expansion has created significant, unprecedented risks to organization operations. Computer security has, in turn, become much more important as organizations utilize information systems and security measures to avoid data tampering, fraud, disruptions in critical operations, and inappropriate disclosure of sensitive information. Such use of computer security is essential in minimizing the risk of malicious attacks from individuals and groups. To be effective in ensuring accountability, management and information technology security personnel must be able to evaluate information systems security and offer recommendations for reducing security risks to an acceptable level. To do so, they must possess the appropriate resources, skills, and knowledge. With the growing perverseness of information systems and the technologies used to support such tools, the growing need to keep the integrity of both the data and the system used to manage that data will become a major priority. Therefore, it is important for security personnel and management to keep abreast of the issues and trends in information systems and security, and the tools and techniques used to secure systems and data. In order to keep information safe and systems secured from outside attacks from computer criminals, information systems security and network vulnerability assessment must be conducted on a regular and ongoing basis to insure system security integrity. The aim of this article is to introduce to the information technology community, the conceptual overview of information security audits. Not only will this article present an overview of information security audits, but also information on popular intrusion detection and security auditing software used in industry.