Education and work experience.
Doctoral students; Master degree or above, 1 year working experience; Or bachelor degree, with 2 years working experience; Or graduated from college with 4 years working experience.
2. Professional work experience
At least 2 years working experience in information security or auditing.
3. Training qualification
Before applying for registration, successfully complete the training course for registered information security auditors organized by the training institution authorized by China Information Security Evaluation Center, and obtain the training certificate.
4. Passed the examination of registered information security auditor held by China Information Security Evaluation Center.
The eight knowledge categories of information security auditor's knowledge system are:
Information security guarantee: mainly including the framework, basic principles and practice of information security guarantee.
Information security standards and laws and regulations: mainly including information security related standards, laws and regulations and ethics.
Information security technology: mainly including cryptography foundation and application, network security, operating system security and application security.
Information security management: it mainly includes the basic concept of information security management, information security risk management, information security management system construction and information security level protection management mechanism.
Information security engineering: mainly including engineering knowledge and practice related to information security.
Overview of information security audit: mainly including audit background, audit classification and object, audit-related terms and definitions, information system/information security audit proposal and development, content, audit-related laws, regulations and guidelines, etc.
Organization and implementation of information security audit: mainly including information security audit methods, information security audit plans, information security audit evidence, information security audit working papers, information security audit reports, information security audit cases and exercises (audit risk judgment, audit plan preparation, audit checklist preparation, problems and security risk judgment, etc. ).
Audit practice of information security control measures: mainly including information security management control audit practice, information security engineering control audit practice, information security technology control audit practice, information security audit computer experiment and information security audit tool test case introduction.