|
According to Annex A.6, auditors that
intend to examine security,
They must have the knowledge and
skills needed to examine security, The following examples illustrate the
kind of knowledge and 1. Understand related management processes. 1.1. Understand crisis management processes. 1.2. Understand security management processes. 1.3. Understand resilience management processes. 1.4. Understand preparedness management processes. 1.5. Understand response management processes. 1.6. Understand emergency management processes. 1.7. Understand mitigation management processes. 1.8. Understand continuity management processes. 1.9. Understand recovery management processes. 2. Understand related management technologies. 2.1. Understand crisis management technologies. 2.2. Understand security management technologies. 2.3. Understand resilience management technologies. 2.4. Understand preparedness management technologies. 2.5. Understand response management technologies. 2.6. Understand emergency management technologies. 2.7. Understand mitigation management technologies. 2.8. Understand continuity management technologies. 2.9. Understand recovery management technologies. 3. Understand related management sciences. 3.1. Understand crisis management research. 3.2. Understand security management research. 3.3. Understand resilience management research. 3.4. Understand preparedness management research. 3.5. Understand response management research. 3.6. Understand emergency management research. 3.7. Understand mitigation management research. 3.8. Understand continuity management research. 3.9. Understand recovery management research. 4. Understand related management methods. 4.1. Understand crisis management methods. 4.2. Understand security management methods. 4.3. Understand resilience management methods. 4.4. Understand preparedness management methods. 4.5. Understand response management methods. 4.6. Understand emergency management methods. 4.7. Understand mitigation management methods. 4.8. Understand continuity management methods. 4.9. Understand recovery management methods. 5. Understand how to manage disruptive risk. 5.1. Understand how to anticipate disruptive events. 5.2. Understand how to avoid disruptive events. 5.3. Understand how to prevent disruptive events. 5.4. Understand how to protect against disruptive events. 5.5. Understand how to mitigate disruptive events. 5.6. Understand how to respond to disruptive events. 5.7. Understand how to recover from disruptive events. 6. Understand risk assessment methods. 6.1. Understand asset identification and valuation. 6.2. Understand risk identification, analysis, and evaluation. 7. Understand impact analysis methods. 7.1. Understand how to analyze impacts on people. 7.2. Understand how to analyze impacts on assets. 7.2.1. Understand impacts on physical assets. 7.2.2. Understand impacts on intangible assets. 7.3. Understand how to analyze impacts on the environment. 8. Understand risk treatment methods and measures. 9. Understand security management methods and practices. 9.1. Understand information security management. 9.1.1. Understand how to protect sensitive information. 9.1.2. Understand how to ensure integrity of information. 9.1.3. Understand how to prevent loss of information. 9.1.4. Understand how to deter theft of information. 9.2. Understand personal security management. 9.2.1. Understand how to protect personnel. 9.2.2. Understand how to deter bad behavior. 9.2.3. Understand how to prevent harmful results. 9.3. Understand physical security management. 9.3.1. Understand how to protect physical assets. 9.3.2. Understand how to prevent physical losses. 9.3.3. Understand how to deter physical access. 10. Understand intelligence gathering methodologies. 10.1. Understand performance monitoring methodologies. 10.2. Understand performance measuring methodologies. 11. Understand performance reporting methods. 11.1. Understand reporting of exercises. 11.2. Understand reporting of testing activities. Please note that these are only
"examples". No attempt has |
 |
|
OTHER KNOWLEDGE AND SKILL EXPECTATIONS Quality Management Auditing Knowledge and Skills Records Management Auditing Knowledge and Skills Environmental Management Auditing Knowledge and Skill Occupational Health and Safety Auditing Knowledge and Skill Information Security Management Auditing Knowledge and Skill Transportation Safety Management Auditing Knowledge and Skill |
|
Introduction to Auditing Standard Plain English Auditing Definitions Brief Overview of Auditing Standard ISO 19011 Translated into Plain English How to Plan and Perform Management Audits How to Audit Security Management Audit Programs |