Computer Auditing and Security

I’ve worked for the past year on a computer security committee at work and just wanted to put a couple of items out here to spur my memory.

The Information Systems Audit and Control Association & Foundation has two certifications CISA-Certified Information Systems Auditor and CISM-Certified Information Security Manager. They also provide the intriguing Control Objectives for Information and related Technology CobiT. A lot of the content of the CobiT framework seems to parallel some of the efforts I’ve worked on to create a strategic plan for our corporate IT department.

Certified Information System Security Professional is another example of a trend in the computer world toward greated professionalization. I guess this means the industry is really maturing.

Information security seems to be particularly prone to this certification trend. The SANS Institute has its own certification: the GIAC, Global Information Assurance Certification.