Rabu, 09 Januari 2008

IT Auditor??? Why Not......

Hey... it'me again... this time around i'd like to give a new touch of my blog...English anyone....?
Does this a sign of my attitde....hmmm.. you name it.... but its actually strengthen my language dark side....(no...just kiddin').

all right, without further ado... here is a New DaM....

======================================
10 criteria of IT profession currently seeking by company world-wide...

1. Management, Planning, and Organization of IS (11%)

This domain describes the best IS management practices. Unlike CISSP, this domain does not restrict itself to only Information Security, but covers all aspects of information systems. To begin with, it defines the entire organizational structure of the Information Systems department, from Chief Information Officer to tape librarian, or data-entry operator. In the current scenario of downsizing and outsourcing, we may not find all the classical job definitions and practices in the organization, but we need to understand the best practices for managing the IS department, planning its activities and having an appropriate management structure in place.

2. Technical Infrastructure and Operational Practices (13%)

This domain covers all the technologies pertaining to hardware, software and networking. So, you have to study the types of databases, the TCP/IP protocols, telecommunications, the LAN and also various operational practices and how to audit these, along with the infrastructure. Understanding the technology is important to evaluate whether the implementation has been done appropriately.

3. Protection of Information Assets (25%)

This domain focuses on information security management. You have to study various vulnerabilities of the infrastructure as well as the security technologies that would protect these. These include logical access controls, networking access controls like firewalls, intrusion detection, encryption and environmental and physical exposure and controls.

4. Disaster Recovery and Business Continuity (10%)

Business continuity has become a major focus area as the availability of information systems has become critical to business. This domain requires a good understanding of the business continuity/disaster recovery planning process, which includes business impact analysis, recovery strategies, developing, implementing, testing and updating the plans, and how the plan should be audited.

5. Business Application System Development, Acquisition, Implementation, and Maintenance (16%)

This domain focuses on the core area of information systems development. You have to learn the traditional system development lifecycle, also the modern development strategies like object-oriented system development, component-based and Web-based system development; understand the information system management practices, project management practices, tools, process improvement models, and the auditing of the entire system development process.

6. Business Process Evaluation and Risk Management (15%)

This module links the business expectations and the risks, to the development and deployment of information systems. Areas like Business Process Reengineering, Risk Management, IT governance, application controls, various business application systems like e-Commerce, EDI, Artificial Intelligence, data warehouse, Decision Support Systems are covered here.

7. The IS Audit Process (10%)

This module familiarizes us with ISACA's code of ethics, auditing standards, guidelines, as well as audit methodology, Computer Assisted Audit techniques and Control Self-Assessment.

8. I guest i need to ask some guys out there, while i surfing the new... later any1.... (con't...)

Tidak ada komentar: