CISA Domain: Protection of Information Assets - Part 2

Target Audience
Expected Duration
Lesson Objectives
Course Number

Securing the network infrastructure is one of the main reasons an IT department exists in an enterprise environment. The role of a CISA is to audit the security measures and to make sure that the most efficient methods are being used to secure the environment. This course examines the components of the network infrastructure, the common threats they face, and how they can be secured. This course also examines the methods used by a CISA to audit and test the IS security and the internal and external security controls that can be used. The Certified Information Systems Auditor (CISA) certification is known world-wide as the standard of achievement for those who assess, audit, control, and monitor an organization’s information systems. CISA has been given ISO/IEC 17024:2003 certification by The American National Standards Institute (ANSI). This course will help to prepare learners for the CISA examination and follows the 2014 ISACA Candidate Information Guide.

Target Audience
Information Systems professionals with an interest in information systems audit, control, and security. A minimum of five years of professional information systems auditing, control, or security work experience is required for certification.

Expected Duration (hours)

Lesson Objectives

CISA Domain: Protection of Information Assets - Part 2

  • recognize LAN security
  • recognize client-server security risks and issues
  • recognize wireless security threats and risk mitigation
  • describe Internet security threats and controls
  • recognize the different categories of firewall security systems available
  • recognize examples of firewall implementations and describe firewall issues
  • describe IDS, IPS, honeypots, and honeynets
  • recognize different types of encryption systems
  • describe digital signatures, digital envelope, and public key infrastructure
  • recognize applications of cryptographic systems and encryption risks
  • recognize virus controls and antivirus strategies
  • describe voice-over IP technology
  • describe private branch exchange
  • recognize network infrastructure security issues and controls
  • describe Internet threats and security measures
  • recognize encryption methods
  • recognize virus controls, VoIP, and PBX
  • recognize how to audit the information security management framework
  • recognize how to audit logical access controls
  • describe security testing and investigation techniques
  • recognize how to audit remote access
  • describe computer forensic activities
  • recognize environmental exposures and controls
  • recognize physical access exposures and controls
  • describe mobile computing controls
  • recognize how to audit, test, and investigate IS security
  • recognize how to audit network infrastructure security
  • recognize environmental, physical, and mobile computing controls
  • Course Number: