Wednesday, November 6, 2013

Penetration Testing Certification in 2013

First of all you should check this penetration testing guide. You'll find there all basic staff required to decide if you need penetration tests, define the scope and ensure successul ending. In the links they have their own further reading list which you might find interesting.

As for certification there are actually for certifications by SANS including GIAC Penetration Tester (GPEN). They have courses and exams and everything. For instance this one.

There are few more penetration testing certifications. And all have different perks and drawbacks. This certification has NSA approval. BackTrack is an online course and gives you CPE credits.

Some interesting books covering the topic:

The Basics of Hacking and Penetration Testing, Second Edition: Ethical Hacking and Penetration Testing Made Easy

Professional Penetration Testing, Second Edition: Creating and Learning in a Hacking Lab

Hacking with Kali: Practical Penetration Testing Techniques

The Basics of Hacking and Penetration Testing: Ethical Hacking and Penetration Testing Made Easy (Syngress Basics Series)

Advanced Penetration Testing for Highly-Secured Environments: The Ultimate Security Guide

Monday, November 4, 2013

SOX Compliance News November 5, 2013

      Protiviti made another Sarbanes-Oxley compliance survey 2013. You can download complete report and the presentation. Key findings are:
  • SOX compliance costs are rising, as are external audit fees. However, for most organizations the cost of SOX compliance remains at a manageable level.
  • The automation of controls remains an enticing option and perhaps the “final frontier” for achieving significant improvements and efficiencies. 
  • More companies are shifting SOX compliance oversight responsibilities away from project management offices (PMOs) to internal audit functions.
    For Dummies updated Sarbanes-Oxley cheatsheet. There are to chapters. How to limit corporate liability after Sarbanes-Oxley and Sarbanes-Oxley practices for good corporate governance. As you can imagine you will need much more information to achieve SOX compliance. But you have to start somewhere right?

   Great job opening at NVIDIA SOX Analyst with complex minimum requirements and tough responsibilities. Ready to accept the challenge?

   ITBusinessEdge provided minimalistic slideshow in six benefits in Sarbanex-Oxley compliance (using Protiviti research). One more incentive to read mentioned Protiviti report.

Wednesday, October 30, 2013

Certified Information Systems Auditor Jobs and News, October 29, 2013

Security solution architect is required by GE capital's retail finance office located in Stamford, CT. Main prerequisite is eligibility to comply with Section 19 of  the FDIA. Certified Information Systems Auditor designation is desired.

Iron Mountain is looking for Senior Information Security Analyst in Boston, MA. CISA certification is mandatory. The job is basically about providing security assurance for IM's customers.

New vacancy in Irvine, CA. The job title is weird (Security Engineer with Info Security), but the description sounds ok. CISA is required along with CISM and CISSP.

Here is another Internal Auditor position where CPA is mixed with CIA and information system audits experience.

And finally, Senior IT Audit job opening at Netspend (Austin, TX). Certified Information Systems Auditor certification and ITIL/Cobit knowledge is a must.