Here’s my list of IT/security basics that I think IT auditors ought to know. If you can’t understand and audit these items, you do not know enough about technology to avoid having the wool pulled over your irises (not matter how good an auditor you are). The list is in no particular order.
If you’re a CISA or CISSP and you don’t know the following, I think you have some work to do.
While I realize many bloggers do “Quote of the Week,” it was Audit Monkey who gave me the idea. Here’s my very first quote:
Who uses special characters in passwords? Nobody does that.
The lead security study group (group 17) from the International Telecommunication Union provides a paper containing general suggestions for writing secure applications. In the paper, each item is hyperlinked to additional information.