This post is in response to Xavier and Grant, who were kind enough to push back a bit on a previous post, Abandon ACL and Others? See their comments on that post.
I will respond to some of their points and reveal some more of my thinking as to why I believe that auditors need to become a LOT more technical.
Some may think I am just digging my hole a little deeper, but I’ve always loved the journey.
Here’s a list of all my posts to-date related to becoming or growing as an IT Auditor, all in one place for easy reference.
I’ll add other posts as they are written.
Filed under Audit, Employment, How to..., Security, Technology
If you’re an auditor, you need data analytic skills or you will die.
Or put another way, if you don’t acquire them in the next 1-5 years, you will no longer be an auditor.
Pretty bold statement, isn’t it?
Filed under Audit, Data Analytics, Employment, Free, Technology, Written by Skyyler
If you’re looking for FREE practice questions for the CISA exam, I found a good resource.
The site provides over 900 questions for you to test yourself.
Filed under Audit
Several of my friends passed the CISSP exam recently, and told me that it isn’t as technical as I told them it would be.
They said it was more of a security manager certification.
Filed under Certification, Security
If you’re planning to take the CISA exam, you need to take ISACA‘s own CISA Self-Assessment exam (get it here).
The exam consists of 50 questions that allow exam candidates to “assess their knowledge of the CISA job practice areas and determine in which information security areas they may have strengths and weaknesses.”
Filed under Audit, Certification, Free, Security
This post answers these questions: Why get the CISSP certification? What has it done for me? What else do I need to know?
Charles, one of my readers, asked me, “Do you have postings related to CISSP?” Not many, but here’s one….
Filed under Audit, Certification, Security, Technology
ISACA has a free glossary of IT, audit, and security terms that is not only helpful in studying for the CISA exam, but is a good reference guide for new and experienced auditors.
Filed under Audit, Free, Security, Technology
If you’re an IT auditor (or want to be one) and don’t have any audit certifications, which certification should you get, the CISA or the CIA? If you want to get both, which one do you get first?
Full disclosure: I have the CISA, but not the CIA. Back when the CIA was 4 exams, I studied for all the CIA exams except the financial exam, but ended up not taking any of the exams. I also have the CISSP.
Filed under Audit, Certification, Security, Technology
Here’s some links for Audit and IT Audit for dummies, one from the IIA, the other from ISACA. Most of them do not require being a member or logging in.
While these articles are not extensive, they will point new auditors in the right direction, and provide a refresher for the rest of us. Continue reading
When I was studying for the CISA, I created a 40-page study guide for myself that you can download for free.
If you decide to use it, here’s a couple points to keep in mind:
Filed under Audit, Certification, Free, Technology
Previously I’ve discussed why auditors are hated and how auditors can be lovable. But when I saw a Q & A in the ISACA journal about hating auditors, I had to dive in again. Here’s the gist of the article, with my comments in italics. Although there’s some similarity to the posts I’ve mentioned above, they take a slightly different tack through the audit seas.
Auditors that do the following are “hated”…
Filed under Audit
Back in September, two audit groups shook hands…
IIA and ISACA signed a formal memorandum of understanding (MOU), which means they’ll scratch each others’ back. The IIA’s president, Richard Chambers, explains what it means for the future in his blog.
Notice that both CEOS are listed at the bottom of the memo and that one of them is void of certifications…
Filed under Audit, Humor/Irony
This topic will be assorted rambles and comments regarding what I now call the “CisA” exam. Check out this post that started it all: Where is the IS in CISA?
Filed under Audit, Certification, Technology
Why do so many IT auditors who pass the CISA know so little about IS and security–and in my opinion aren’t worth hiring* for that and several other reasons?
Well, I think I figured it out. So what clarified my understanding? I took the CISA exam.
Filed under Audit, Certification, Technology
Thanks to TycoonBlogger (my favorite “blogging” blogger), I finally know what this blog is about.
Based on his Find out your blog’s personality type post, I found and ran the Typealyzer tool against my blog. It analyzes a blog and provides its Myers- Briggs Type. Here’s what it said about this blog:
The analysis indicates that the author of https://itauditsecurity.wordpress.com/ is of the type:
Filed under Blogging, Humor/Irony
I don’t like to pick bones with my fellow ISACAeans, but when I saw this in the Journal recently, I had to react. Can you pick out the problem?
Filed under Audit, Quote of the Weak
In Standard (Snake) Oil, I complained about companies that don’t audit according to standards because some treat control owner statements as pure gold, don’t insist evidence be tied back to actual systems, and don’t ask all the appropriate questions.
Here’s a few more questionable practices that I’ve challenged all too recently.
Filed under Audit
I’m getting discouraged. I’m starting to wonder how many audit departments follow auditing standards, say, from IIA or ISACA. After some of the IT audits and IT SOX audits I’ve seen in the past year, who knows.
Some companies take their control owner words as gold and don’t verify them.
“They wouldn’t give you the information if it wasn’t true! Audit the evidence you’re given and quit questioning everything!” said one audit director. Excuse me, but doesn’t ISACA requires auditors to maintain their professional skepticism. Perhaps ISACA means be skeptical of audit directors?
Filed under Audit
ITauditSecurity 