Talk:Certified Information System Auditor
From Wikipedia, the free encyclopedia
 |
This article is part of WikiProject Education, a collaborative effort to improve Wikipedia's coverage of education and education-related topics. Please participate by editing the article, and help us assess and improve articles to featured and 1.0 standards, or visit the WikiProject page for more details. |
| Portal | |
| ??? | This article has not yet received a rating on the quality scale. |
| ??? | This article has not yet received a rating on the importance scale. |
[edit] Suggesting updates for CISA exam questions
Is a 5 place password a security measure?
What most trips me up is the word "Security". From a computer security perspective, a 5 place password has rapidly passed away as a meaningful defense against password cracking. Password guessing and cracking tools on common laptops can generate every ASCII symbol for all 5 places in substantially less than 1 second. Only in the context of multi-factor authentication, where a 5 place password is one factor, would I consider a 5 place password a "security" measure.
I understand that the question is supposed to discuss a control in a more abstract sense. But, the NIST paper that mentioned password length has not been updated since 1970. Is it not time to update this test question in favor or modern reality?
Don Turnblade, MS, CISSP, CISM, CISA
[edit] Citation flag
I've taken off the 'needs citations' flag. Because the only thing missing I could see was a citation for the DoD recognition, which I added (though that seemed a bit tenuous as reason for the flag in the first place?). If anyone wants it back, could you let us know what you don't feel is adequately cited. Thanks. Eldaec 19:03, 16 October 2007 (UTC)
