|
|
| *Ostroff, Fair and Company>>>Technology |
Doubts regarding Information securtity audit job.? |
i am currently working for a MNC as mainframe programmer i want to know whether at this point of time can i shift my career to IS audit job .what are the requirements like certification , courses etc needed for me to move to that career .,will my experience in mainframe programming b helpful . i want to shift my career without loosing the current job - so studying or preparing for the information security exams or courses in my part time.if there are any institutes conducting these courses by distance education or part time pls let me know . thanks 4 evryone who answer. This is potentially a huge growth industry, because while IT security audit has been around for decades, there is a large growth in regulations, and legal liability of companies at risk of breaches. You will probably need to specialize in a type of computer platform (mainframe, midrange, microsoft world, etc.), type of industry (what regulations applicable) and get some education background in financial forensics, since IT security includes both IT technical issues focused on outside threats, and accounting security to protect against insiders. There are a ton of institutes offering so many courses that a person could spend several lifetimes and not learn all the stuff offered, let alone apply it. I intend to make a partial post here, then dig up some web sites then return to edit some more, so you might hold off on accepting best answer, or extend # days for answers, so the door not get closed on me. I am easily distracted, but when I see that I got some thumbs up, I go check where, then may improve my answer, so feel free to encourage me. CERT = Computer Emergency Response Teams CSIRT = Computer Security Incident Response Teams There are a bunch of very similar names, with organizations like this in every nation. They have researched the nature of most computer security weaknesses, and attacks, then offer education to deal with it. http://www.cert.org/ http://www.sans.org/ Cyber Security for Consumers http://www.staysafeonline.info/... Data Loss Attrition http://attrition.org/dataloss/ I suggest you sign up for this list. There are postings on average of 2-5 a day. Any time there is a computer breach any place in the world, you see it here. This will give you good background on where the markets potentially exist for people to fix the problems, and there are lots of links to additional research information ... just going through the archives can be an education in itelf, Data Loss Chronology http://www.privacyrights.org/ar/chrondat... This is a directory of computer security breaches in recent years, organized by date of when it happened. Another place at least checking out, and reviewing their links Data Loss Data Base http://attrition.org/dataloss/dataloss.c... You can download this in various formats. It includes how much data got lost from which types of places and for what reasons (hackers, carelessness, theft, etc.) Data Loss Full Disclosure http://lists.grok.org.uk/pipermail/full-... This is a discussion list about where there are computer security holes ... I suggest you review the archives before deciding if you want to subscribe ... the traffic there is mind boggling Emergency Alerts http://www.emergencye.com/ ... if you subscribe to this place, they will let you know when there has been a food recall, epidemic coming your way, serious weather, national security alert, etc. FTC = Federal Trade Commission http://www.ftc.gov/infosecurity/... They publish guidelines about standards every company ought to adhere to, but these are basics. They do this because many companies do not in fact do the basics. Information Technology Security Responsibilities Unbeaten Path International http://www.unbeatenpathintl.com/itstanda... This place sells a variety of software, including comptuer security tools, to the IBM midrange computer marketplace (AS/400 iSeries etc.) and as a service to their customers, has this check list of the various different regulatory requirements that we all ought to be in compliance with. The list is not exhaustive, but it is a great start. IT Security News There are several "portals" you might want to visit occasionally to see what bad stuff has been going on, and what education is available to do something about it. http://inews.berkeley.edu:7077/it-securi... http://www.topix.net/tech/computer-secur... http://www.securitypark.co.uk/ http://www.securityfocus.com/ http://www.thei3p.org/news/today.html... Most every major computer publication has a section devoted to security topics. KNUJON http://www.knujon.com/ I use this place to put spammers in the slammer Check out the links to see types of junk currently prevalent on the Internet, with what the state of art is about doing anything about that Also see http://answers.yahoo.com/question/index;... NGA = National Governor's Association http://www.nga.org/portal/site/nga/menui... Most of their site has to do with Governance at the State level and Homeland Security at the local level, but it is an important site for you to be aware of, in case your interest turns to getting a government job NIST = National Institute for Standards and Technology http://csrc.nist.gov/checklists/... http://csrc.nist.gov/ATE/ This is a government agency, which among other things has established some standards for computer security, computer security education.. Open Source Vulnerabilities http://osvdb.org/ This is for people working with Linux, or other forms of software outside what used to be mainstream commercial software, but for many reasons is becoming part of mainstream RISKS http://catless.ncl.ac.uk/Risks to the general public ... I suggest you sign up to get the digest, which comes out approx weekly (not exactly) with stories about brain dead things being done that put all of our security at risk ... like the Data Loss info, it is good to know where the threats are out there, and potential markets for your new skills (not at the places that are too brain dead to appreciate that they need you) Sarbanes Oxley This is an area of US regulations affecting a large volume of US business, and also business in other nations where the companies do business in the USA. It does not cover all enterprises. Understanding its impact on US businesses is an important part of your new career. http://www.cio.com/article/31900/sarbane... Spyware Warrior http://www.spywarewarrior.com/ Most places that advertise that they are anti-spyware are actually spyware, and no one tool can protect against all spyware. You can get a great education studying this place. Universities Many universities offer classes in various computer security topics. Many universities have a lot of computer security breaches. Many of them are the same universities. I would think long and hard about seeking education from an institution that is incapable of doing what they allegedly teach. For example, Purdue has been in the news a lot recently due to another computer breach every few months. http://www.cerias.purdue.edu/tools_and_r... Yahoo Answers other relevant pages ... some other answers where the information perhaps somewhat overlaps your interests Consumers Victimized http://answers.yahoo.com/question/index;... e-Porn Prevention http://answers.yahoo.com/question/index;... e-scam phone-scam snail-mail-scam http://answers.yahoo.com/question/index;... http://answers.yahoo.com/question/index;... http://answers.yahoo.com/question/index;... IP Address http://answers.yahoo.com/question/index;... Theft by accident (due to poor record-keeping) http://answers.yahoo.com/question/index;... Source(s): I work in midrange (AS/400 etc.) and have been involved in computer security for several decades. http://wiki.midrange.com/index.php/gener... |
| Tags |
| Credit Corporations Other - Careers & Employment Technology Marketing & Sales Law & Legal Health Care Government & Non-Profit Food Service |
Finance Categories--Copyright/IP Policy--Contact Webmaster |