My Python Journey, Part 3

In my first Python post, I described the first steps of my python journey.

In my second Python post, I shared my thoughts about whether auditors could learn programming and Python (yes).

In this third post of the series, I want to describe how my audit management has supported my Python journey (spoiler: poorly).

Continue reading →

Advertisement

The Analytic Staircase for Auditors

Building a successful audit analytics program is like climbing a staircase.

The staircase is a set of steps that consist of several items having increasing levels of maturity.

The staircase steps not only help you build your program, but enable you to measure that maturity.

As you view the staircase graphic, mentally insert the word “analytics” before each step.

Continue reading →

5 Things We Need from ACL in 2018

Here’s the 5 things I’m hoping will change in 2018 regarding ACL.

They are all related to each other and feed off each other…

Interesting.

Continue reading →

Why Internal Auditors Should Care about Robotic Process Automation

What is Robotics Process Automation (RPA) and why should internal auditors care about it?

RPA is software that imitates human interaction with computer systems to accomplish tasks.

RPA can log into multiple systems, navigate through user interfaces or command line functions to add, update, or download data, create tickets, place orders, or basically anything else a human can do.

Except think (and some vendors would disagree with that).

Continue reading →

Audit Management Sometimes Sucks

When internal auditors (or those pretending to be such) do poor work and don’t follow the appropriate audit and IT standards, they are unprofessional. However, I put the blame at the feed of audit management.

Continue reading →

Careers After IT Auditing

Recently, a reader named Porak asked me what careers IT auditors can move to when they leave auditing (see the original question here).

I couldn’t find much on the Internet on this topic, but there’s a lot of options.

I’ve actually worked in quite a few of the areas mentioned below…

Continue reading →

Auditors, Do Data Analytics or Die

If you’re an auditor, you need data analytic skills or you will die.

Or put another way, if you don’t acquire them in the next 1-5 years, you will no longer be an auditor.

Pretty bold statement, isn’t it?

Continue reading →

FREE CISSP Cert Webcasts from ISC2

ISC2, the organization that awards the CISSP certification, provides 1 FREE webcast about the 10 CISSP security domains, as well as several FREE webcasts about the CISSP concentrations.

Continue reading →

Free CISSP Review Material, Practice Exams

I just found some more FREE CISSP review material and practice exams. One exam is 100 questions, the other 250.

Continue reading →

Master List of ACL Articles and Tips

To make these posts easier to find (and link to), here’s a list of all the ACL posts on this blog in alphabetical order, and by most popular.
I’ll add other posts as they are written.

Continue reading →

ACL Tutorials on YouTube

Free ACL tutorials are available on YouTube, along with a lot of videos with talking heads. The tutorials walk you through how to do a couple tests, but I found the video resolution to be rather poor. Maybe it’s my equipment, maybe it’s the result of a company trying to adapt some tutorials they already have to another delivery method.

Continue reading →

Free ACL Bootcamp Training – from ACL!

ACL is offering FREE training as part of their bootcamp series, which started in September 2011. The training consists of a video presentation that includes ACL demos. The best part is that you do NOT have to be a current ACL customer or even have a copy of ACL.

The purpose of the series, according to ACL, is to teach basic skills and deal with common problems that ACL users encounter. Each session lasts about 30-40 minutes, followed by a Q&A session. The bootcamp is led by Shane Grimm (see his blog comment here).

Continue reading →

Creating a Culture of Security

I read a blog post that quoted a security professional saying,  ‘culture is defined as the beliefs we accept without question.’ The blogger, also a security professional, went on to say that his goal is to generate a new security culture, a security culture that “everyone accepts and makes a natural part of their activities.”

That definitely got me going, so I left a comment that explained why I disagreed with that statement.

Continue reading →

New, Cheap ACL Training

ACL.com just launched virtual classroom training in North America. Check it out at www.acl.com/virtual_classroom (if that doesn’t work, try here, as they keep changing the URLs).

Sorry, but the virtual classroom was discontinued, according to ACL. See Nav’s comment about this.

Free training does still exist, so see my posts regarding  Free ACL Bootcamp Training and ACL Tutorials on YouTube. Also check out the most popular post on this blog, Teach Yourself ACL.

Continue reading →

Top 10 IT Jobs

According to CIO magazine, here’s the hot IT jobs (followed by comments by me in italics):

NOTE: IT Auditors, don’t pass over this article!

1. Security specialist/ethical hacker

One specialty, computer forensics, is hot. Forensic labs are almost always behind in their work. Is it due to a lack of good technicians or that forensic folks aren’t cheap? Either answer is good news.

Continue reading →

Security Awareness Perfect 7

Audry Agle, a former CISO, offers 7 practical ideas for increasing security awareness below. I’ve summarized some of the points and added comments of my own in italics:

1. Appeal to personal lives – Helping people deal with security issues at home tells them you care about THEM, not just company systems and data.

Continue reading →