There are many folks in the PCI industry who will soon require a second security certification. For a lot of them, it will mean the pursuit of an auditor certification from this list:
- ISACA Certified Information Systems Auditor (CISA)
- GIAC Systems and Network Auditor (GSNA)
- Certified ISO 27001, Lead Auditor, Internal Auditor 1 IRCA ISMS Auditor or higher (e.g., Auditor/Lead Auditor, Principal Auditor) Note: “Provisional” auditor designations do not meet the requirement.
- IIA Certified Internal Auditor (CIA)
Online Business Systems is organizing a book club to help people get the Certified Information Systems Auditor (CISA) designation.
The price is right (free!) except for the cost of the book and for costs associated with the exam if you choose to take it. The book club doesn’t start until January, so you have plenty of time to purchase the book and start the reading.
And the book in question is the CISA Certified Information Systems Auditor All-in-One Exam Guide, Third Edition by Peter H. Gregory.
The requirement to possess at least one industry-recognized certification from each list is effective as of January 1, 2019 for new QSA Employees.
For QSA Employees qualified and added to the search tool prior to January 1, 2019, this requirement is effective July 1, 2019 (for example, upon annual requalification after June 30, 2019).
You can read more about the QSA certification requirements here.
Ad below this line: