A systematic process is used for both assessments and audits.  Both are applied as a management tool as oppose to a technical-review tool.  Outcome of both is a report. They both often use similar methods and techniques to perform their appraisal.

Note:  This article focuses on

some of the similarities and distinguishing factors between

the terms assessment and audit when expressed in the software industry.

Auditor/assessor style (e.g., impartial, collaborative) is dependent on the appraisal-customer (internal vs external) and, the appraisal's purpose and potential impact/risks.

Audit/assessment duration and type of interaction (group vs 1-on-1) depends on purpose, scope and type of appraisal.

Note:  The differences shown above are typical -- self-triggered assessments/audits may be

any combination of that shown or special cases such as that for dry-run audits.

Share
Related Documents
  1. Security Focus : Newsletter Archive (1657)
  2. [Ebook] Exploiting Software How to Break Code (3205)
  3. [Ebook] Practical Unix & Internet Security, 3rd Edition (4082)
  4. [Ebook] Internet Security: A Jumpstart for Systems Administrators and IT Managers (3505)
  5. What is a Security stress testing? (1694)
  6. Software Quality Assrance Traceability Audit (1575)
  7. Project Audit Checklist (3240)
  8. Software Product Audit (1177)
  9. [Free] Belarc Advisor : Personal PC Audit for Test Environment (1288)
  10. Quality Control Audit Process (1357)
  11. The use of test plans as a quality instrument (1000)
  12. [Free] Watcher : testing tool and passive vulnerability scanner (2088)
  13. What is the difference between Inspection and Audit ? (1330)
  14. [Free] skipfish : web application security reconnaissance tool. (2313)
  15. [Video] seNetsparker - A free web app security testing tool (922)
  16. Creating a Web security testing policy (1883)
  17. Building web application security into your development process (1580)
  18. Security Testing for Web Application (2066)
  19. [Ebook] Security Engineering: A Guide to Building Dependable Distributed Systems (5277)
  20. Secure Software Advisory for security testing (1038)