Note: Many topics at this site are reduced versions of the text in "The Encyclopedia of Networking and Telecommunications." Search results will not be as extensive as a search of the book's CD-ROM.

Security auditing is the practice of evaluating the security of networks and systems. It may be done by professional security consulting and auditing services, or it can be done in-house. Auditing may involve evaluating the security of buildings and equipment locations, running background checks on people, evaluating work processes, monitoring systems, scanning computers for security weaknesses, and running intrusion detection systems that can signal possible break-ins.

This topic continues in "The Encyclopedia of Networking and Telecommunications" with a discussion of the following:

• Security consulting and auditing services, the third-party perspective
• The security auditor
• Security Auditing Tools
• Scanners
• IDS (intrusion detection systems)
• Standards for evaluating security
• U.S. National Institute of Standards and Technology (NIST)
• FIPS (Federal Information Processing Standards)
• Orange Book-- the TCSEC (Trusted Computer System Evaluation Criteria) standard
• The ISO's Common Criteria, the current standard

The following Web sites provide more information:

Copyright (c) 2001 Tom Sheldon and Big Sur Multimedia.
All rights reserved under Pan American and International copyright conventions.