CISSP archives - Regulatory Reality

September 21, 2012 3:44 PM

Are self-assessments the right way to go?

Posted by: David Schneier

assess, assessment, assessments, Audit, bank, banking, CISO, CISSP, compliance, compliance officer, compliant, credit union, credit unions, CU, disaster, disaster recovery, DR, enterprise risk, enterprise risk management, ERM, exam, examination, examinations, examiner, examiners, exams, framework, governance, GRC, guidance, information security, information security office, infrastructure, ISO, oversight, policy, procedure, regulation, regulations, regulations audit, regulatory, regulatory guidance, risk assess, risk assessment, risk assessments, risk management, risk-based, risks, technology

About a decade ago a family member chastised me for having an auto repair shop do my oil changes for me. She (yeah, you’re reading that right – “she”) pointed out how ridiculously easy it was to drain the old oil, replace it with the new stuff and check a wide variety of fluid levels,...

0 Comments

RSS Feed

Email a friend

Does an IT auditor need to be CISA certified?

Posted by:

David Schneier

assessment

Audit

audit plan

audit program

CISA

CISSP

regulations

Regulatory Compliance

risk

risk management

It's been a while since my last post as I'm in hunker-down mode as we prepare our next compliance software offering for release. But in the midst of my coding/testing insanity, a conversation occurred that brought up the value of certifications that I haven't been able to completely let go...

Regulatory Reality:

CISSP

Are self-assessments the right way to go?

Does an IT auditor need to be CISA certified?

About This Blog

Browse This Blog’s Tags

Security Architecture Insider

Archives

Blog Roll

Subscribe to Alerts