Re: Security Auditing ?

["Adam Pal" <pal_adam () gmx net>]

Hi 

That depends from company to company and from department to department. You can have a look 
at ISACA for get an idea on what fields they focus on during the certification.
Personaly i dont think that an auditor should be also a pentester, thats 2 different fields imho. Sure, pentesting is 
also a kind of auditing, but mostly or in industry areas audits are relateted to standard compliance, i.e. ISO27001. A 
Pentest can be as mentioned before, a part of the whole audit, but for me the focus is the comparison with the 
standards.
Now you can say that you are mean security auditing and not standards auditing, well, this is a point when we will have 
to go deeper, define what each of us understand under "security", define your requirements, and then we will eventualy 
obtain a specification of "security auditing".

i hope i was able to help you a little

regards,
Adam Pal



-------- Original-Nachricht --------
> Datum: Mon, 1 Sep 2008 20:34:31 -0600
> Von: aditya.mukadam () gmail com
> An: security-basics () securityfocus com
> Betreff: Security Auditing ?

> Hello !
>
> First of all, thanks everyone for sharing knowledge ! Also, sorry for a
> very broad question below.
>
> As per industry standards/job market :-) ,  Security Auditor should have
> which certifications ? or , which certifications are recommended
> to be a Security Auditor ?
>
>  I understand that certification is not everything however the relevant
> experience is also needed.Which are the recommended areas in
> which a Security Auditor should have experience in ? Network Security,Pen
> test etc ?
>
> Thanks,
> Aditya Govind Mukadam

-- 
Psssst! Schon das coole Video vom GMX MultiMessenger gesehen?
Der Eine für Alle: http://www.gmx.net/de/go/messenger03