Tag Archives: isaca
Or put another way, if you don’t acquire them in the next 1-5 years, you will no longer be an auditor.
Pretty bold statement, isn’t it?
The site provides over 900 questions for you to test yourself.
Several of my friends passed the CISSP exam recently, and told me that it isn’t as technical as I told them it would be.
They said it was more of a security manager certification.
If you’re planning to take the CISA exam, you need to take ISACA‘s own CISA Self-Assessment exam (get it here).
The exam consists of 50 questions that allow exam candidates to “assess their knowledge of the CISA job practice areas and determine in which information security areas they may have strengths and weaknesses.”
This post answers these questions: Why get the CISSP certification? What has it done for me? What else do I need to know?
Charles, one of my readers, asked me, “Do you have postings related to CISSP?” Not many, but here’s one….
Full disclosure: I have the CISA, but not the CIA. Back when the CIA was 4 exams, I studied for all the CIA exams except the financial exam, but ended up not taking any of the exams. I also have the CISSP.
If you decide to use it, here’s a couple points to keep in mind:
Previously I’ve discussed why auditors are hated and how auditors can be lovable. But when I saw a Q & A in the ISACA journal about hating auditors, I had to dive in again. Here’s the gist of the article, with my comments in italics. Although there’s some similarity to the posts I’ve mentioned above, they take a slightly different tack through the audit seas.
Auditors that do the following are “hated”…
Back in September, two audit groups shook hands…
IIA and ISACA signed a formal memorandum of understanding (MOU), which means they’ll scratch each others’ back. The IIA’s president, Richard Chambers, explains what it means for the future in his blog.
Notice that both CEOS are listed at the bottom of the memo and that one of them is void of certifications…
Well, I think I figured it out. So what clarified my understanding? I took the CISA exam.
Thanks to TycoonBlogger (my favorite “blogging” blogger), I finally know what this blog is about.
Based on his Find out your blog’s personality type post, I found and ran the Typealyzer tool against my blog. It analyzes a blog and provides its Myers- Briggs Type. Here’s what it said about this blog:
The analysis indicates that the author of https://itauditsecurity.wordpress.com/ is of the type:
In Standard (Snake) Oil, I complained about companies that don’t audit according to standards because some treat control owner statements as pure gold, don’t insist evidence be tied back to actual systems, and don’t ask all the appropriate questions.
Here’s a few more questionable practices that I’ve challenged all too recently.
I’m getting discouraged. I’m starting to wonder how many audit departments follow auditing standards, say, from IIA or ISACA. After some of the IT audits and IT SOX audits I’ve seen in the past year, who knows.
Some companies take their control owner words as gold and don’t verify them.
“They wouldn’t give you the information if it wasn’t true! Audit the evidence you’re given and quit questioning everything!” said one audit director. Excuse me, but doesn’t ISACA requires auditors to maintain their professional skepticism. Perhaps ISACA means be skeptical of audit directors?