what do I need to know and what should I in order to be a good one??
2006-08-14 01:53:39 · 1 answers · asked by what goes around comes around 3 in Business & Finance ➔ Careers & Employment
IT Audit is usually related to Security. Most companies sets policies for their employees in terms of computer securities. One simple example is password policy, etc.. Or how often the password to a system should be changed, and the contigencies when a password is lost. (Passwords kept in a sealed envelope, etc); or the System Administrator should not hold the root password to some unix system, etc.... What ports to close all the time, and what ports are allowed to open and for what purpose. Other more complex one would include hardening of a box, and access control, etc, it might even include, policies for allowing employees to access into certain computing rooms, or even the process one should follow when it comes for application for different type of access
IT Audit is checking from time to time, usually on a regular basis, validating if all these policies are followed and in place. Normally, a rating system should also be in place, to remind or alert the employees if they have been more relax with security. Strict measures should also be in place because the integrity of the audit results should not not compromise.
IT Audit covers a wide spectrum of area, of not just policies for the end users, to computers, departmental access policies, right up to network security control.
Some companies have even included some process of ethical hacking to test the integrity of the secured environment.
So, whether this is an interesting job, would largely depend on how one likes to challenge, in the aspect of, how well are you following the policies, checking for loop holes here and there... It's like playing the police. ... In fact, it now seems to me that the words, police and policy, perhaps comes from the same perspective.
Hope this helps.
2006-08-14 02:26:46 · answer #1 · answered by Pencil 3 · 0⤊ 0⤋