14.1. TRAINING

Training related to IS audit, controls, and security of new and existing technologies can be obtained from a variety of sources. For example, professional associations such as the Information Systems Audit and Control Association (ISACA), Institute of Internal Auditors (IIA), and AICPA sponsor one or more technologyrelated conferences and seminars each year. A host of other organizations sponsor conferences covering a wide variety of audit, control, and security-related subjects. Conferences and seminars offer several benefits. First, they provide highto midlevel training sessions on a variety of technical subjects. These training sessions are typically grouped into several categories, or "tracks." The length of the sessions usually ranges from two to eight hours. The overall length of conferences usually ranges from three to five days, while seminars are typically one to three days.

Second, conferences and seminars offer the ability to network with peers, scholars, and experts in the field of IS controls and security. The larger conferences often attract 500 to 1,500 attendees, including speakers, some of whom travel from around the globe. The experience level of attendees ranges from the beginning IS auditor to "gurus." Some attendees may be "reformed" hackers turned consultant or even consultants who wish they could be hackers. Other attendees include managers, executives, audit committee members, vendors who sell auditrelated products and services, and public ...

Get Auditing Information Systems, Second Edition now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.