Article

The Qualification in Computer Auditing was launched in 1988 and closed to new candidates in 2007. The Institute has been reviewing its portfolio of qualifications with specific focus on the needs of IT auditors and in April 2008 announced a proposal for a new Postgraduate Certificate in IT Auditing. Pending the results of our consultation period, we hope to launch the new Certificate in 2009.

The final exam for the Qualification in Computer Auditing will be held in November 2008. For reference, information is given below on the structure and content of this qualification.

Do you have questions about IIA certifications? If so, read through some common questions, and their answers, regarding The IIA's Certified Internal Auditor® (CIA®) exam and specialty exams.

Do I have to be a member of The IIA to take any of the certification exams or become certified?
How do I study for the exams?
How do I change from a practicing CIA, CCSA, CGAP, or CFSA status to a nonpracticing status and vice versa?
What are the Continuing Professional Education (CPE) reporting requirements for CIAs, CCSAs, CGAPs, and CFSAs?

The one-time pad or Vernam cipher is implemented through a key that consists of a random set of nonrepeating characters. Each key letter is added modulo 26 to a letter of the plaintext. In the one-time pad, each key letter is used one time for only one message and is never used again. The length of the key character stream is equal to the length of the message. For megabyte and gigabyte messages, the onetime pad is not practical, but it is approximated by shorter random sets of characters with very long periods.

An example of a one-time pad encryption is as follows:

Public key cryptography is the use of an asymmetric algorithm. Thus, the terms asymmetric algorithm and public key cryptography are interchangeable and mean the same thing. Examples of asymmetric algorithms are RSA, elliptic curve cryptosystem (ECC), Diffie-Hellman, El Gamal, LUC, and Knapsack. These algorithms are used to create public/private key pairs, perform key exchange or agreement, and generate and verify digital signatures. Note that Diffie-Hellman can only perform key agreement and cannot generate or verify digital signatures.

Secret key cryptography is the type of encryption that is familiar to most people. In this type of cryptography, the sender and receiver both know a secret key. The sender encrypts the plaintext message with the secret key, and the receiver decrypts the message with the same secret key. Obviously, the challenge is to make the secret key available to both the sender and receiver without compromising it. For increased security, the secret key should be changed at frequent intervals. Ideally, a particular secret key should only be used once.