Educause Security Discussion mailing list archives
Re: auditing courses
From: "Mehmedovic, Jenny" <jmehmedo () KU EDU>
Date: Thu, 28 May 2009 14:42:19 -0500
Well, speaking as a former auditor (and someone who likes to not only find problems but also suggest solutions), hopefully you will find yourself working with auditors who not only are problem-finders, but are also helpful & facilitative. Ideally, they should be folks who are in the auditing business because they are interested in helping YOUR business. Jenny Mehmedovic Assistant to the Provost University of Kansas (785) 864-9600 jmehmedo () ku edu -----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Theresa Semmens Sent: Thursday, May 28, 2009 1:26 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] auditing courses I have to jump into this conversation. I agree with Keith. If you are planning to do an assessment, then some auditing courses and seminars are a good choice. However, if you plan to audit, then you would be creating a conflict of interest with your position and its related duties. Assessment and audit are two different animals (my personal opinion). Assessment describes and defines what level you are at and helps you to determine how to get to the next level. Auditing looks for violations of policy and problems - you don't want to do that, you already know what your problems and issues are. Take advice from a former IS auditor - you would much rather not do the auditing. You want to be a helper and a facilitator. Auditor's, depending on their personality, can be their own worst nightmare. Just my two cents... Theresa Theresa Semmens, CISA NDSU Chief IT Security Officer PO Box 6050 North Dakota State University Fargo, ND 58108 Phone: 701-231-5870 FAX: 701-231-8541 Theresa.Semmens () ndsu edu "Opportunity is missed by most people because it is dressed in overalls and looks like work." Thomas Edison -----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Keith Schoenefeld Sent: Thursday, May 28, 2009 12:35 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] auditing courses -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 This isn't an answer to the question you asked, but I can't resist commenting. If possible in your organization, I'd recommend that you (as an Information Technology Security Engineer) stay as far away from auditing as possible. In my opinion, security engineers and officers should be not be auditors. It's Security's job to ensure that appropriate risk mitigation strategies are put in place when system guidelines and/or requirements are created, and an auditor's job to take those guidelines and requirements and examine whether a computer or set of computers adheres to those guidelines. We, as security engineers, analysts, and officers, spend way to much time trying to be the officer, the prosecutor, and the judge. - -- KS Youngquist, Jason R. wrote:
It?s budget time, and I?m looking for an auditing course to take. I?d like to be able to audit various departments within our organization to make sure information is being properly protected. I?ve looked at SANS Audit 410, but does anyone else have any recommendations for other auditing courses to take? Thanks. Jason Youngquist Information Technology Security Engineer, Security+ Technology Services Columbia College 1001 Rogers Street, Columbia, MO 65216 (573) 875-7334 jryoungquist () ccis edu http://www.ccis.edu
- -- Keith Schoenefeld Network Security Officer Office of Privacy and Information Assurance University of Illinois (217) 333-4332 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkoey1AACgkQdQwgufanQJomyQCfQc3UkXdkE6t0AZKZJm6C+88v d6UAn2eAWzUGSKqGl59s7WC8/OF647iW =k3v7 -----END PGP SIGNATURE-----
Current thread:
- auditing courses Youngquist, Jason R. (May 28)
- <Possible follow-ups>
- Re: auditing courses Melissa Guenther (May 28)
- Re: auditing courses Lazarus, Carolann (May 28)
- Re: auditing courses Todd Kucker (May 28)
- Re: auditing courses Singleton, Naomi (May 28)
- Re: auditing courses Keith Schoenefeld (May 28)
- Re: auditing courses Theresa Semmens (May 28)
- Re: auditing courses Valdis Kletnieks (May 28)
- Re: auditing courses Mehmedovic, Jenny (May 28)
- Re: auditing courses Plesco, Todd (May 29)