According to Annex A.6, auditors that
intend to examine security,
They must have the knowledge and
skills needed to examine security,
The following examples illustrate the
kind of knowledge and
1. Understand related management processes.
1.1. Understand crisis management processes.
1.2. Understand security management processes.
1.3. Understand resilience management processes.
1.4. Understand preparedness management processes.
1.5. Understand response management processes.
1.6. Understand emergency management processes.
1.7. Understand mitigation management processes.
1.8. Understand continuity management processes.
1.9. Understand recovery management processes.
2. Understand related management technologies.
2.1. Understand crisis management technologies.
2.2. Understand security management technologies.
2.3. Understand resilience management technologies.
2.4. Understand preparedness management technologies.
2.5. Understand response management technologies.
2.6. Understand emergency management technologies.
2.7. Understand mitigation management technologies.
2.8. Understand continuity management technologies.
2.9. Understand recovery management technologies.
3. Understand related management sciences.
3.1. Understand crisis management research.
3.2. Understand security management research.
3.3. Understand resilience management research.
3.4. Understand preparedness management research.
3.5. Understand response management research.
3.6. Understand emergency management research.
3.7. Understand mitigation management research.
3.8. Understand continuity management research.
3.9. Understand recovery management research.
4. Understand related management methods.
4.1. Understand crisis management methods.
4.2. Understand security management methods.
4.3. Understand resilience management methods.
4.4. Understand preparedness management methods.
4.5. Understand response management methods.
4.6. Understand emergency management methods.
4.7. Understand mitigation management methods.
4.8. Understand continuity management methods.
4.9. Understand recovery management methods.
5. Understand how to manage disruptive risk.
5.1. Understand how to anticipate disruptive events.
5.2. Understand how to avoid disruptive events.
5.3. Understand how to prevent disruptive events.
5.4. Understand how to protect against disruptive events.
5.5. Understand how to mitigate disruptive events.
5.6. Understand how to respond to disruptive events.
5.7. Understand how to recover from disruptive events.
6. Understand risk assessment methods.
6.1. Understand asset identification and valuation.
6.2. Understand risk identification, analysis, and evaluation.
7. Understand impact analysis methods.
7.1. Understand how to analyze impacts on people.
7.2. Understand how to analyze impacts on assets.
7.2.1. Understand impacts on physical assets.
7.2.2. Understand impacts on intangible assets.
7.3. Understand how to analyze impacts on the environment.
8. Understand risk treatment methods and measures.
9. Understand security management methods and practices.
9.1. Understand information security management.
9.1.1. Understand how to protect sensitive information.
9.1.2. Understand how to ensure integrity of information.
9.1.3. Understand how to prevent loss of information.
9.1.4. Understand how to deter theft of information.
9.2. Understand personal security management.
9.2.1. Understand how to protect personnel.
9.2.2. Understand how to deter bad behavior.
9.2.3. Understand how to prevent harmful results.
9.3. Understand physical security management.
9.3.1. Understand how to protect physical assets.
9.3.2. Understand how to prevent physical losses.
9.3.3. Understand how to deter physical access.
10. Understand intelligence gathering methodologies.
10.1. Understand performance monitoring methodologies.
10.2. Understand performance measuring methodologies.
11. Understand performance reporting methods.
11.1. Understand reporting of exercises.
11.2. Understand reporting of testing activities.
Please note that these are only
"examples". No attempt has
OTHER KNOWLEDGE AND SKILL EXPECTATIONS
Quality Management Auditing Knowledge and Skills
Records Management Auditing Knowledge and Skills
Environmental Management Auditing Knowledge and Skill
Occupational Health and Safety Auditing Knowledge and Skill
Information Security Management Auditing Knowledge and Skill
Transportation Safety Management Auditing Knowledge and Skill
Introduction to Auditing Standard
Plain English Auditing Definitions
Brief Overview of Auditing Standard
ISO 19011 Translated into Plain English
How to Plan and Perform Management Audits
How to Audit Security Management Audit Programs
How to Audit Continuity Management Audit Programs
Praxiom Research Group Limited firstname.lastname@example.org 780-461-4514
Updated on December 19, 2015. First published on May 24, 2012.
Legal Restrictions on the Use of this Page
Copyright © 2012 - 2015 by Praxiom Research Group Limited. All Rights Reserved.