Security Auditor

Revision as of 10:30, 29 May 2009 by Deleted user (Talk | contribs)

Jump to: navigation, search

[ asian babe cute ] [ submissive asian escort ] [ norton antivirus software free ] [ automotive products group ltd ] [ asia tsunami facts and figures ] [ articles on euthanasia ] [ computer associates vet antivirus ] sitemap [ legal ages in australia ] [ africa ancient religion ] automobile get loan [ automobile ganster white wall tires ] werksmans south africa domain [ antivirus software free trial ] [ tartan video asian extreme ] african craft kid [ trojan antivirus software ] [ australia tide weather wind ] [ antivirus review best ] [ antivirus for exchange servers ] [ autobiography dubois w.e.b ] [ asian shops in leicester ] [ travel agent paris south africa ] [ convert briggs and stratton to lpg australia ] top [ asian movie download ] [ symantec antivirus corporate edition update ] [ dog hip displasia ] [ african coastline ] [ remove norton antivirus corporate 7 ] [ asia development in south tourism ] domain index [ desinstalar norton antivirus ] [ 2005 budget speech south africa ] [ concrete blocks australia ] [ asian gallery girl ] [ galderma australia pty ltd ] [ australia conference in literacy new summer zealand ] [ tsunamis asia pictures ] [ australian postal service ] domain [ antivirus cleanup ] african chiclids information [ youth hostel australia ] [ ranking of australian university ] http [ henry africas ]

Role Description

The basic role of a security auditor is to examine the current state of a project and try to assure the security of the current state of the project:

  • When examining requirements, the auditor will attempt to determine whether the requirements are adequate and complete.
  • When looking at a design, the auditor will generally attempt to determine whether there are any implications that could lead to vulnerabilities.
  • In addition, when looking at an implementation, the auditor will generally attempt to find overt security problems, which should be mappable to deviations from a specification.

Rarely is being a project security auditor a full time job. Often, developers with a particular interest or skill in security perform auditing. Sometimes, organizations have an audit organization focused on other regulatory compliance, and these people will perform security review.

It is usually better to avoid reviewing one’s own designs or one’s own code since it can be difficult to see the forest for the trees.