Clik here to view.
Residual risk
Residual risk is like the dirt on the floor that cannot be picked up by the broom and dustpan. Rather than pursue residual risk down to the last iota, it is swept aside and will probably not be...
View ArticleClik here to view.
Implementation of audit recommendations
The purpose of internal and external audits is to identify potential opportunities for making improvements in control objectives and control activities. The handoff point between the completion of the...
View ArticleClik here to view.
Auditors’ preferences for controls
Auditors and security professionals usually prefer preventive controls over detective controls because they actually block unwanted events and prefer detective controls to deterrent controls because...
View ArticleClik here to view.
CISA All-In-One Exam Guide published
The CISA Certified Information Systems Auditor All-In-One Exam Guide, published by Osborne McGraw-Hill, is now available in bookstores and from online merchants. Written by Peter H. Gregory, this book...
View ArticleClik here to view.
Certification and Experience: Putting the Cart Before the Horse
When I earned my CISSP in 2000, and my CISA in 2002, I desired to earn these certifications as a way of demonstrating the knowledge and experience that I had already accumulated. To me, these...
View ArticleClik here to view.
I’m back, after a year off
After teaching the UW Information Systems Security certification course for two years, completing CISSP For Dummies (3rd edition), CISA All-In-One Exam Guide and CISSP Guide to Security Essentials, I...
View ArticleClik here to view.
Compliance risk, the risk management trump card
Organizations that perform risk management are generally aware of the laws, regulations, and standards they are required to follow. For instance, U.S. based banks, brokerages, and insurance companies...
View ArticleClik here to view.
Classification of data center reliability
The Telecommunications Industry Association (TIA) released the TIA-942 Telecommunications Infrastructure Standards for Data Centers standard in 2005. The standard describes various aspects of data...
View ArticleClik here to view.
Which security certification should you earn next?
A reader who recently received his CISA certification asked, “Which certification should I earn next: CEH or CRISC?” I see this question a lot, so I’d like to answer this in two different ways....
View ArticleClik here to view.
Hard copy vs online verification
Today, in an online forum, someone asked why ISACA still uses paper based certification applications instead of moving to online verification. The person argued that other organizations had gone to an...
View ArticleCISM vs CISSP
A reader recently asked me about the CISM versus the CISSP. Specifically, he asked, “How hard is the CISM for someone who passed the CISSP?” Having earned both certs (and a few more besides), and...
View ArticleMy CISSP Journey, Part 5: Earning the CISA
In the first four parts of this series, I describe my preparation for the CISSP exam, writing exam questions, proctoring exams, and writing study guides for two different publishers. My CISSP journey...
View ArticleMy CISSP Journey, Part 7: Mentoring Others
In this series, I’ve described my experience with the CISSP, including studying for the exam, writing exam questions and books, and earning CPEs. In this final part, I describe my work in helping...
View ArticleControl Self-Assessment Advantages and Disadvantages
In my book, CISA Certified Information Systems Auditor All-In-One Exam Guide, control self-assessment is defined as follows: “A methodology used by an organization to review key business objectives,...
View ArticleCheckbox CPEs
Those of us with security certifications like CISSP, CISA, CISM, and others are acutely aware of the need to get those CPE hours completed each year. Typically, we’re required to accumulate 40 hours...
View ArticlePeter H Gregory’s Study Guides Available For Top-Rated Certifications
January 4, 2022 SEATTLE, Washington – Peter H Gregory’s top-selling certification study guides cover several of the highest-ranked certifications in the Salary Survey 75 list, including the #1 and #2...
View ArticlePeter H Gregory’s Study Guides Available For 2023 Top-Rated Certifications
Gregory’s best-selling books cover five of the top ten certifications ranked by salary January 23, 2023 SEATTLE, Washington – Peter H Gregory’s best-selling certification study guides cover several of...
View Article
