How to Become An Information Security (IS) Auditor
Introduction
Being a security auditor means working with companies while conducting audits of security systems relating to the IT infrastructure. The work can be difficult, as it is based in Information Security and compliance, so it definitely requires that the candidate has experience in IT administration and Information Security as a starting point, although this is not really the case for compliance auditors.
The Information Security audits that are performed are used for creating in-depth reports that reveal details about the current state of the organization’s security stance, and how things can be improved, as well as how things are running in general. This is helpful because planners and decision makers need to know how efficiently the IT systems are running, and whether the current security precautions that are in place can be improved upon to ensure better operational capacity and performance within the organization, as well as the overall integrity of the information systems that serve the company.
Work Experience
There are multiple ways to become an Information Security Auditor. Some people start out in entry level IT positions such as system technicians, system administrators, and so on. The then work their way into Information Security, and from there it is possible to transition into Risk Management and Auditing if they possess the required skills and abilities. Examples of entry level positions that could lead you into Information Security are positions like a System Administrator, Network Administrator, or Security Administrator.
These positions require that candidates deal with technical issues and administrative ones too. Most system admins will process new employees, grant and revoke access, and perform rights management for resource based access to the network. These are good foundations to build on, and can help to point you in the right direction if you are chasing down a career (Read more...)
*** This is a Security Bloggers Network syndicated blog from InfoSec Resources authored by Graeme Messina. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/45b3mnXdfBo/
