So far much of what I have discussed has been with regard to the IS auditor as an individual, what skills and attributes they need to bring to the role and what is expected of them if they are to be successful. Experience, analysis and judgement are important to all of these. However, for the auditor there is additional ‘weaponry’ to help in their defence against insecurity.

Yes, it is true that the ‘weapons’ are tools, methods and techniques of achieving secure operation, but they can be powerful if used with knowledge and skill.

If I had just said that the auditor could choose from a variety of standards and frameworks that are in common use in larger enterprises, that does not sound very powerful or interesting ...

Get Information Security Auditor - Careers in information security now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.