|
According to ISO
19011 Annex A.7, auditors that intend
They must have the knowledge and
skills needed to examine The following examples illustrate the
kind of knowledge and 1. Understand ISO IEC information security standards. 1.1. Understand ISO IEC 27000 (concepts). 1.2. Understand ISO IEC 27001 (requirements). 1.3. Understand ISO IEC 27002 (code of practice). 1.4. Understand ISO IEC 27003 (implementation). 1.5. Understand ISO IEC 27004 (measurement). 1.6. Understand ISO IEC 27005 (risk management). 2. Understand information security management processes. 3. Understand information security management technologies. 4. Understand the scientific foundations of information security. 5. Understand how requirements are identified and evaluated. 5.1. Understand how customer requirements are handled. 5.2. Understand how other party requirements are handled. 6. Understand information security laws and regulations. 6.1. Understand record protection and retention concerns. 6.2. Understand intellectual property rights and concerns. 6.3. Understand telecommunication interception concerns. 6.4. Understand electronic and digital signature concerns. 6.5. Understand data privacy and protection concerns. 6.6. Understand workplace surveillance concerns. 6.7. Understand workplace ergonomic concerns. 6.8. Understand cryptographic control concerns. 6.9. Understand electronic commerce concerns. 6.10. Understand evidence collection concerns. 6.11. Understand penetration testing concerns. 6.12. Understand computer abuse concerns. 6.13. Understand data monitoring concerns. 6.14. Understand anti-terrorism concerns. 7. Understand information security threats and vulnerabilities. 8. Understand information security management controls. 8.1. Understand electronic control methods and practices. 8.2. Understand physical control methods and practices. 9. Understand information security risk management. 9.1. Understand risk assessment techniques. 9.1.1. Understand risk identification techniques. 9.1.2. Understand risk analysis techniques. 9.1.3. Understand risk evaluation techniques. 10. Understand information security methods and practices. 10.1. Understand how to protect sensitive information. 10.2. Understand how to protect the integrity of information. 11. Understand information security measurement methods. 12. Understand information security evaluation methods. 12.1. Understand how to evaluate management systems. 12.2. Understand how to evaluate security controls. 13. Understand performance management methods. 13.1. Understand how to measure performance. 13.1.1. Understand how to test performance. 13.1.2. Understand how to audit performance. 13.2. Understand how to monitor performance. 13.2.1. Understand how to review performance. 13.3. Understand how to record
performance.
Please
note that these are only examples. No attempt has been
made For
more information, see information security standards
developed |
 |
|
OTHER KNOWLEDGE AND SKILL EXPECTATIONS Quality Management Auditing Knowledge and Skills Records Management Auditing Knowledge and Skills Continuity Management Auditing Knowledge and Skills Environmental Management Auditing Knowledge and Skill Occupational Health and Safety Auditing Knowledge and Skill Transportation Safety Management Auditing Knowledge and Skill |
|
Introduction to Auditing Standard Plain English Auditing Definitions Brief Overview of Auditing Standard ISO 19011 Translated into Plain English How to Plan and Perform Management Audits |