CISA: Protection of Information Assets - Part 1


Overview/Description
Target Audience
Prerequisites
Expected Duration
Lesson Objectives
Course Number
Expertise Level


Overview/Description
Two key components IS auditing professionals evaluate are an organization's IS management activities and logical access practices. This course covers key IS management elements, roles, responsibilities and risk factors, as well as information security control design best practices. This course also outlines effective MAC and DAC controls, privacy principles, and external and third party IS best practices. Finally, this course covers key logical access best practices that IS auditors should evaluate, including exposures, identification and authentication controls, authorization issues, and confidential information handling activities. This course is one of a series in the Skillsoft learning path that covers the objectives for the ISACA Certified Information Systems Auditor (CISA) certification exam.

Target Audience
Individuals in IS audit, controls and security professions; individuals preparing for the CISA certification exam

Prerequisites
None

Expected Duration (hours)
1.5

Lesson Objectives

CISA: Protection of Information Assets - Part 1

  • start the course
  • recognize key concepts in domain 5
  • identify characteristics and key elements of information security management and information security management systems
  • distinguish between the different information security roles and responsibilities
  • identify characteristics and best practices of classifying information assets
  • identify fraud risk factors in information security management
  • identify characteristics of information security control design
  • identify characteristics and best practices of system access permission activities
  • recognize characteristics of mandatory and discretionary access controls
  • identify privacy principles, and the IS auditor's role
  • identify the critical success factors of information security management and awareness, training and education best practices
  • identify best practices for information security activities involving external parties
  • identify best practices for human resources activities with third parties
  • identify characteristics of computer crime issues and exposures, and best practices for avoiding negative impacts
  • identify best practices for security incident handling and response activities
  • identify logical access exposures
  • identify best practices for enterprise IT environment familiarization
  • identify best practices when auditing paths of logical access
  • identify logical access control software
  • identify best practices for identification and authentication activities
  • identify features of SSO
  • identify best practices for storing, retrieving, transporting, and disposing confidential information
  • identify best practices for information security management and logical access

    • Course Number:
    sp_cisb_a07_it_enus

    Expertise Level
    Intermediate