Categories
Welcome Center
Education & Development
Discussions
Certification Preparation
Recent Posts
Groups
Free Resources
Ebooks
Free Workshops
Trending Certifications Infographic
Infosec Training
IT & Security Training
Live Boot Camps
Security Awareness Training
About Infosec Institute
Home
Education & Development
Jobs and Careers
Auditing
mallard20
I got a big problem here and need the help of fellow forum members. I originally took a position of Information Security Technician and now report to the Internal Auditor. Once I started reporting to him/her, he kinda changed my work as auditing the IT department only. I don't mind that at all, I am just lost at exactly what is expected of me and how to do what is expected of me. I am currently enrolled in Audit 507 at SANS in July in DC. I guess what I am trying to ask is, Is there anyone else out there whose sole role is auditing what the IT department does? Can you do security and the auditing or do they go hand in hand? And help would be greatly appreaciated. Thanks in advance.
Find more posts tagged with
Save $250 on 2025 certification boot camps from Infosec!
Book now with code EOY2025
Button
Comments
dynamik
The company should have a security policy that determines what you need to audit. There is so much that you can audit that there's no way anyone here can just give you a generic answer as to what to do. If you don't have such a policy, you need to sit down with all the big players involved to determine what is important to them and the company.
I'm not sure what you mean when you ask if you can do security and auditing. Auditing is a subset of security, but it is just a piece of the puzzle.
mallard20
I say that because at first they wanted me to do security and auditing, however the internal auditor said how could I possibly audit what I did.
dynamik
Yea. If you overlooked something when you initially did it, you would probably overlook it again in the audit. Ideally, you should have someone else audit the tasks you perform.
It depends on your situation. One person could do the security tasks and one person could do the auditing, or perhaps you could divide the security responsibilities and audit each other's tasks.
cacharo
What type of auditing are you talking about?
Does your company currently hold any certifications? i.e. ISO, SAS70, etc
JDMurray
Start by looking at the Web site for
The Institute of Internal Auditors (IIA)
. See if your boss will get you a membership in the IIA and start attending the monthly meetings and workshops of your local chapter. There is nothing like learning about auditing from a whole bunch of other auditors. If you can, have your boss expense your membership costs in the
Information Systems Audit and Control Association (ISACA)
and
Information Systems Security Association (ISSA)
too. Lots of auditors in those Information Security organizations too.
There's also a lot of information about the
different types of auditing
in the Wikipedia.
mallard20
Thanks so much for all of your input. I will be taking a look at those websites. Hopefully, I will have a broader outlook once I attend SANS.
Quick Links
All Categories
Recent Posts
Activity
Unanswered
Groups
Best Of
INFOSEC Boot Camps
$250
OFF
Use code
EOY2025
to receive $250 off your 2025 certification boot camp!
BROWSE BOOT CAMPS
