CISA Domain: Protection of Information Assets - Part 1

Target Audience
Expected Duration
Lesson Objectives
Course Number

One of the main reasons an organization will bring on a CISA is to protect the IS assets of that organization. Resources, both internal and external, need to be secured and access must be controlled at all times. This course examines information security elements and assets, both internal and external, along with the elements that play a role in the protection of those assets. This course also examines the computer crimes that can befall an organization and the incident handling methods that can be used. Finally, this course examines logical access and the methods that can be used to protect assets. The Certified Information Systems Auditor (CISA) certification is known world-wide as the standard of achievement for those who assess, audit, control, and monitor an organization’s information systems. CISA has been given ISO/IEC 17024:2003 certification by The American National Standards Institute (ANSI). This course will help to prepare learners for the CISA examination and follows the 2014 ISACA Candidate Information Guide.

Target Audience
Information Systems professionals with an interest in information systems audit, control and security. A minimum of five years of professional information systems auditing, control or security work experience is required for certification.

Expected Duration (hours)

Lesson Objectives

CISA Domain: Protection of Information Assets - Part 1

  • recognize IS management elements, roles and responsibilities, and asset classifications
  • describe system access permissions and controls
  • recognize the role of an IS auditor in privacy management and the success of IS management
  • recognize information security issues relating to external parties
  • recognize human resources security relating issues to third parties
  • recognize information security elements and assets
  • recognize IS and HR security issues relating to third parties
  • recognize different types of computer crimes and exposures
  • recognize how to handle and respond to security incidents
  • recognize logical access exposures, paths, and controls
  • recognize methods of identification and authentication
  • describe the various situations or procedures where authorization issues can occur
  • recognize how to manage sensitive information
  • recognize issues related to computer crime and incident handling
  • describe logical access and I&A
  • recognize authorization issues and how to manage sensitive information
  • Course Number: