14.6. PRACTICAL EXPERIENCE
There is no substitute for practical experience auditing information systems, new technologies, and related processes. At some point, your training, professional affiliations, networking, certifications, reading, and other education must be applied to real-world situations in order to recoup your and your organization's investments of time and financial resources. Application of these skills is where your organization will reap the benefits of a significantly more secure IS control environment. As the numerous examples within this book attest, theory alone is no substitute for the reality of practical experience. The human factor is the great unknown in the deployment and controlling of all information technologies. Humans are what create an unpredictable IS environment. Our role as auditors and IS security professionals is to continuously evaluate IS controls to minimize the risk presented by the human factor. As you gain more and more practical experience, you will become progressively more comfortable and adept at auditing the logical security, physical security, and operational aspects of a variety of applications, database management systems, operating systems, and related processes. You will also become a valuable consulting resource for your organization when IS control and security issues arise, as in the case of development and implementation of new technologies, or resolution of recently identified IS control weaknesses or operational deficiencies. ...
Get Auditing Information Systems, Second Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
