If you’re planning to take the CISA exam, you need to take ISACA‘s own CISA Self-Assessment exam (get it here).
The exam consists of 50 questions that allow exam candidates to “assess their knowledge of the CISA job practice areas and determine in which information security areas they may have strengths and weaknesses.”
This topic will be assorted rambles and comments regarding what I now call the “CisA” exam. Check out this post that started it all: Where is the IS in CISA?
I have heard enough about how security practices keep users from being productive. I constantly hear people complain about the evils of complex passwords (or any password on a smart phone), password expiration, encryption, web filters, lack of admin access on laptops, etc., and how they are such a drag on user productivity and the bottom line.
security curmudgen, from attrition.org, has several good questions about the whole Heartland-Visa-PCI incident, such as:
- According to Visa, was Heartland PCI compliant or not prior to the breach? And why has the answer changed?