Information Security Auditing Certified Professional
Description
The certification is applicable to professionals involved in monitoring, controlling and assessing organizations’ information technology and business systems, as well as to those aspiring to higher IT management positions.
The exam is proctored, real time, closed book, web-based and has 40 items to be completed in 60 minutes. The minimum passing score is 60 out of 100.
Examination cost:FREE The examination is free. The certification will be recorded in the online personal transcript and will be publicly visible one month FOR FREE. During this time, you may choose to acquire the Certification Package.
Certification Package: $50 US The Certification Package includes:
- 5 years certification maintenance in the online transcript
- the paper certificate
- the printed official transcript
- usage rights for certification logo
Certification procedure
Examination topics
Audit Process
- Standards for IT auditing
- Audit objectives
- Planning and preparation
- Types of control
- Performing the assessment
- Issuing the Audit Report
Management Auditing
- Information security management
- Roles and responsibilities
- Information security policy and procedure
- Third party services
- Business Continuity and Disaster Recovery Plan
- Change management
- Legal or regulatory compliance
Systems Security Auditing
- Hardware acquisition, installation and maintenance
- Systems evaluation (structure, performance, management)
- Account administration evaluation
- System access control evaluation
- Media and storage backup evaluation
- Asset management
Application Security Auditing
- Software acquisition, installation and maintenance
- Software development (inputs, processing, outputs)
International Standards - ISO 17799/27001
- ISO 15408 (Common Criteria)
Study/Training Materials
In preparation for the exam, the following recommended study materials may be reviewed to build knowledge in certain topics:
Information Security and Auditing in the Digital Age: A Practical and Managerial Perspecive
by Amjad Umar | Publisher: Nge Solutions, 2003 / ISBN: 097274147X
Understanding and Auditing IT Systems
by Young-Woon Min | Publisher: lulu.com, 2009 / ISBN: 0557058120
Network Security Essentials: Applications and Standards
by William Stallings | Publisher: Prentice Hall, 2010 / ISBN-10: 0136108059
Competencies The certification validates competencies required to apply the standards, principles, security and control practices and techniques of auditing, such as developing and leading both short-term and long-term audit plans, perform audit functions, including information assurance assessments, intrusion detection and vulnerability assessments, monitoring network, systems and programs security.
Job positions
An Information Security Auditing Certified Professional may apply for jobs such as Information Security Auditor, Internal Auditor, Information Security Consultant, IT Consultant, Chief Information Officer, Information Security Manager, IT Manager, Audit Director, Information Security Director, IT Director.
