I wish to know what is the different between ISACA and ISO27001 Lead Auditor? I have taken the ISO27001 Lead Auditor course and passed the exam.
What is the acceptance of IT auditing in Malaysia? From my experience, it is very minimum and mostly on surface level. Another factor is there are no regulation or enforcement from authority. Correct me if I'm wrong.
Let me try to answer your questions.
ISACA's CISA is a professional certification on general IT auditing (ie. IS audit proess, IT Governance, Sys/Infra Mgmt, Service Delivery & Support, Info Assets Protection, and BC/DR).
Whereas ISO27001 Lead Auditor is focus on ISMS (information security management systems) based on the ISO/IEC 27001 standard.
As for IT auditing practice, we have regulatory compliance namely, SOx404 (for US based company), BNM's GPIS (for financial institution), etc.
Some companies are very particular about IT simply because it is their core support.
A success of their business depends on their IT support systems.
Hence, most companies pretty much focus on IT audit to provide them some kind of assurance & peace of mind.
This of course leads them to IT standards/frameworks such as COBIT, ISO27001, ITIL, etc as guidelines.
Others are more focus on technical audit whereby you have pen-test, network/systems vulnerability assessment, IT forensics, etc.
Hope that answers your questions. :)
tsteh18
2010-03-01 3:56:50 PM
Hi Bryan,
Thanks. So, mean for ISACA's CISA is not follow any standard and compliance from any bodies. It basically teach us the audit technique and knowledge on IT process for any organziation, right?
ISACA MUMBAI CHAPTER, successfully collaborated with MICROSOFT to come out with the 2010 edition of MICROSOFT PLATFORM SECURITY AND AUDIT HANDBOOK 2010
