IT audits and CISO
Assign topic to the user
Answer:
I am not sure if I have understood 100% your question, but the CISO (Chief Information Security Officer) generally performs activities related to the implementation and maintenance of the ISO 27001 standard, and these activities should be reviewed during the ISO 27001 internal audit.
But if your question is about IT audits (ethical hacking, penetration testing, etc), from my point of view it is not necessary to review the work of the CISO, you simply need to review the configuration of systems, open ports, services running, etc.
This article can be interesting for you “What is the job of Chief Information Security Office (CISO) in ISO 27001?” : https://advisera.com/27001academy/knowledgebase/what-is-the-job-of-chief-information-security-officer-ciso-in-iso-27001/
Finally, our online course can be also interesting for you because we giv e more information about the internal audit “ISO 27001:2013 Internal Auditor Course” : https://advisera.com/training/iso-27001-internal-auditor-course/
Comment as guest or Sign in
Jul 19, 2016