Audits Vs. Assessments: What's The Difference And Which Is Right For You?

the Tea on Cybersecurity

Gain insights into the importance of both internal and external audits on your path to certification.

"The thing about security also is the threats are always changing. So you can't just keep doing what you've been doing and think you're going to be fine. You have to adapt to the changing threat landscape."

In the world of Cybersecurity, things are everchanging. This week Cybersecurity expert and CEO & Co-Founder of Trava Security Jim Goldman and Ben Phillips CPA and Director at KSM, discuss the differences between an audit and an assessment when it comes to information security internal risk assessments.

Understanding the difference between a cybersecurity audit and assessment is crucial whether you are a business owner, IT professional, or auditor. Jim and Ben shed light on the motivation behind each - whether they are customer-driven or regulatory - and offer thoughts on which is right for you. If you are seeking cybersecurity certifications like SOC2 or ISO, knowing the difference is an important part of the process - along with patience, lots of patience!

What you’ll learn in this episode:

  1. The differences between audits and assessments and why they should be conducted.
  2. How audits and assessments work together, and how often they should be conducted.
  3. Why are both internal and external audits important in the journey to getting certified?

Things to listen for:

[02:47] Various certifications and audits for data security.

[07:53] The main difference between an audit and an assessment

[09:40] Internal audit vs External audit.

[15:54] Information security assessment and preparation advice given.

[21:07] Differences between type 1 and type 2 SOC 2 reports.

The Tea on Cybersecurity

Cybersecurity—a word we hear all the time. Show of hands for those that actually understand what it means.

The Tea on Cybersecurity is here to help educate the newbs on what cybersecurity is, why it is important, and everything in between. The Tea on Cybersecurity is for everyone, but especially those small and medium-sized businesses that are starting their journey in building a cyber risk management program. Each show is about 15 minutes long to deliver you with the facts and less fluff.