SBN

Roles and Responsibilities of Information Security Auditor

Most people break out into cold sweats at the thought of conducting an audit, and for good reason. Auditing the information systems of an organization requires attention to detail and thoroughness on a scale that most people cannot appreciate. There are system checks, log audits, security procedure checks and much more that needs to be checked, verified and reported on, creating a lot of work for the system auditor. Becoming an information security auditor is normally the culmination of years of experience in IT administration and certification.

It is for this reason that there are specialized certifications to help get you into this line of work, combining IT knowledge with systematic auditing skills. We will go through the key roles and responsibilities that an information security auditor will need to do the important work of conducting a system and security audit at an organization. Not all audits are the same, as companies differ from industry to industry and in terms of their auditing requirements, depending on the state and legislations that they must abide by and conform to.

This article will help to shed some light on what an information security auditor has to do on a daily basis, as well as what specific audits might require of an auditor.

Basic Duties List

Information security audits are conducted so that vulnerabilities and flaws within the internal systems of an organization are found, documented, tested and resolved. The findings from such audits are vital for both resolving the issues, and for discovering what the potential security implications could be. Security breaches such as data theft, unauthorized access to company resources and malware infections all have the potential to affect a business’s ability to operate and could be fatal for the organization.

In order to discover these potential security flaws, an information (Read more...)

*** This is a Security Bloggers Network syndicated blog from InfoSec Resources authored by Graeme Messina. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/tCjU-5Ovnq4/