“Audit” is a word which generally sends shivers down the spine of even the most hardened chief executive. Most audits that we know today cover mainly financial affairs and physical security matters giving rise to financial audits and physical security audits respectively. These audits are often conducted by financial auditors. Information security audits on the other hand is concerned with the confidentiality, availability and integrity of an organization’s computer information network.