IT security audit

Job Overview

Guidelines for applying to CERT-In for Empanelment of IT Security Auditing Organisations

2.1 Technical Qualifications:

An applicant organisation, desirous of being empanelled as an IT Security Auditor, may be an

organisation/company/firm providing IT Security auditing services. An applicant organisation must

have the following minimum qualifications and experience:

a. Adequate knowledge and understanding of trusted computer information systems,

telecommunication and networking environment

b. Should have minimum 5 no. of technical manpower with skills to perform technical security testing,

especially vulnerability assessment & penetration tests, and should have the ability to analyse and

evaluate the results.

c. Should have personnel with information security related qualifications like:

Certified Information Systems Security Professional (CISSP), or

Certified Information Security Manager (CISM) of ISACA, ог

Certified Information Systems Auditor (CISA) of I5ACA, or

1.

il.

iv.

V.

VI. Any other formal IT Security related qualification

Diploma in Information Systems Audit (ISA or DISA) of ICAI or

Diploma in Information System Security Audit (DISSA), ICMAI or

d. Preferably three years of experience in IT Security Auditing work as per the broad scope outlined in

Para 1 above.

e. Should have carried out at least five IT Security Audits, preferably two of which should be in the last

12 months in line with the broad scope outlined in Para 1 above