Use of computer security consultants, EDP auditors, and computer professionals

From HORSE - Holistic Operational Readiness Security Evaluation.
Jump to navigation Jump to search

Use of computer security consultants, EDP auditors, and computer professionals

As a rule, a computer security consultant has a background in security, as a result of either private or public security work or law enforcement experience. The leading professional organization for security professionals is the Information Systems Security Association.FN36

Three other important professional groups are the ACM Special Interest Group on Security, Audit and Control,FN37 the IEEE Security and Privacy Committee,FN38 and the IFIP Technical Committee on Security.FN39

EDP Auditors usually come from an accounting background and have familiarity with the controls used in computer systems. The leading professional organization is the EDP Auditors Association.FN40 The Association offers a CISA (certified information systems auditor) certificate.

Systems analysts, programmers, data processing managers, and a variety of other computer professionals are often the best source of information about how a specific computer system works. Many belong to the Association for Computing Machinery,FN41 Data Processing Management Association,FN42 the Association for Independent Computer Consultants,FN43 or the Association for Systems Management.FN44

Frequently, technical issues are significant in preparing the defense of a computer crime case. Establishing what was actually done in the computer system may require a careful explanation of how a sophisticated computer system works. It may also require an expert opinion as to whether certain actions that the defendant is alleged to have done are possible. In such a case, the defense may want to hire a computer professional with expertise in the area in dispute. The individual may be a technologist, or an accountant. In either case he or she should assist the attorney in describing what is sought in the discovery motion, in analyzing materials relating to the computer that are discovered, and in analyzing other aspects of the case.

Retrieved from "http://horseproject.wiki/index.php?title=Use_of_computer_security_consultants,_EDP_auditors,_and_computer_professionals&oldid=8459"