The rapid growth of computers and internet, and its use for storage and use of data has also meant ever increasing worries about the safety and integrity of data because of growing cyber crimes, presence of hackers and corruption of data through malware. All this has led to development of numerous disciplines and systems meant to safeguard interests of organizations. Information System Audit and Information Security Audit are two such tools that are used to ensure safety and integrity of information and sensitive data. People are often confused by the difference between these two tools and feel they are same. But there are differences that will be highlighted in this article.
Information systems audit is a large, broad term that encompasses demarcation of responsibilities, server and equipment management, problem and incident management, network division, safety, security and privacy assurance etc. On the other hand, as the name implies, information security audit has a one point agenda and that is security of data and information when it is in the process of storage and transmission. Here data must not be confused with only electronic data as print data is equally important and its security is covered in this audit.
Both audits have many overlapping areas which is what confuses many people. However, from a physical point of view, information system audit is related to the core, whereas information security audit is related to the outer circles. Here core can be taken as system, servers, storage and even printouts and pen drives, whereas outer circles mean network, firewalls, internet etc.
If one were to look from a logical point of view, it would emerge that while information systems audit deals with operations, and infrastructure whereas information security audit deals with data on the whole.
• Information systems audit is a broader term that includes information security audit
• System audit includes operations, network segmentation, server and device management etc, whereas security audit focuses on security of data and information.