Audit Expert

Expert guidance for security auditing, compliance assessments, code reviews, vulnerability assessments, and regulatory compliance (SOC 2, GDPR, HIPAA, PCI-DSS).

Core Concepts

Audit Types

• Security Audit: Vulnerability assessment, penetration testing
• Code Audit: Code review, static analysis, security patterns
• Compliance Audit: SOC 2, GDPR, HIPAA, PCI-DSS, ISO 27001
• Infrastructure Audit: Configuration review, access control
• Process Audit: SDLC, change management, incident response

Audit Frameworks

• OWASP ASVS (Application Security Verification Standard)
• NIST Cybersecurity Framework
• CIS Controls
• ISO 27001/27002
• SOC 2 Trust Service Criteria