Certified Information Systems Auditor CISA (Part 5 of 5): Protecting Assets

The objective of this course is to ensure enterprise security policies, standards procedures and controls will ensure confidentiality, integrity and availability of information assets. This course will cover standards and procedures, evaluate design and monitoring of systems, data classification, physical access, environmental controls and safeguards as well as retrieval and disposal of information assets. This course contains the following lessons:

Lesson 1:

• The Myth of Perfect Security
• Inventory and Classification of Information Assets
• Controls
• Privacy Management Issues
• Critical Success Factors to Info Sec Management
• Info Sec and External Parties
• Risks Related to External Parties
• Customers and Security
• Addressing Security and Third-Party Agreements
• Human Resources Security
• Human Resources Security Continued
• Computer Crime Issues and Exposures
• Computer Crime Issues and Exposures Continued
• Types of Computer Crimes
• Web-Based Technologies
• Security Incident Handling and Response.

Lesson 2:

• Logical Access Controls
• Logical Access and Points of Entry
• Logical Access Control Software
• Identification and Authentication
• Multifactor Authentication
• Features of Passwords
• Identification and Authentication Best Practices
• Token Devices and One-Time Passwords
• Effective Biometric Security
• Single Sign-On
• Authorization Issues
• Access Lists
• Common Connectivity Methods
• Remote Wireless Connections
• Access Issues with Mobile Technology
• Access Rights to System Logs
• Use of Intrusion Detection
• Dealing with Confidential Information.

Lesson 3:

• LAN Security
• LAN Virtualization
• Client/Server Security
• Wireless Security Threats and Risk Mitigation
• Internet Vulnerabilities
• Network Security Threats
• Controls to Investigate
• Firewall Security Systems
• Common Attacks Against Firewalls
• Examples of Firewall Implementation
• Intrusion Detection
• Describing IDS and IPS Deployment
• Encryption
• Symmetric and Asymmetric Encryption
• Uses of Encryption
• Viruses
• Technical Controls Against Viruses
• Anti-Virus Software
• Voice Over IP
• Private Branch Exchange.

Lesson 4:

• Auditing Info Sec Management Framework
• Auditing Logical Access
• Techniques for Testing Security.

Lesson 5:

• Auditing Remote Access
• Network Penetration Test
• Types of Penetration Tests
• Full Network Assessment Reviews
• Authorized Network Configuration Changes
• Unauthorized Changes
• Computer Forensics
• Chain of Evidence.

Lesson 6:

• Environmental Exposures and Controls
• Physical Access Exposures
• Physical Access Controls
• Auditing Physical Access
• Mobile Computing.