Internal Audit of Information Security and Data Protection

[rturpin2008]

Hi
I am applying for an information security coordinator job. I'm new to this field and with no background knowledge yet, though I'm trying to learn.

A question that was asked in a previous interview was:

If You Were An Auditor What Programme Would You Put In Place To Test The Controls Around The Information Security And Data Protection Processes And What Methodology Would You Use And Why​

Can anyone give me a hand with the answer incase I get asked it in future interviews.

Any help would be appreciated.

Thanks.

 

[Stijloor]

A Quick Bump!

Can someone help please?

Thank you very much!!

 

[Duke Okes]

The IIA haas guidance in IT audits.

 

[Jen Kirley]

The IIA haas guidance in IT audits.

The IIA has a course for IT auditors that might be of use.

 

[Duke Okes]

Might also look at ISO 27001, as well as the NIST website (some links below).

https://www.nist.gov/cyberframework

http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-100.pdf

http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-39.pdf

 

[Colin]

Have you looked in ISO 27002? - it has some reaally good stuff in there which would be helpful if asked the question again.

 

[Mike S.]

Hi
I am applying for an information security coordinator job. I'm new to this field and with no background knowledge yet, though I'm trying to learn.

Unless I am missing something, it sounds like you are applying for a job for which you are not qualified. Instead of trying to learn the answer to one interview question, perhaps you should try to get a broader education in the body of knowledge for that job.