This course introduces information security compliance and standards along with how they apply to corporate IT environments. Topics include ISO standards, government NIST frameworks, federal and state compliance requirements, security policies, incident response and business continuity planning. Upon completion, students should be able to apply compliance and availability requirements to corporate data enterprise scenarios.
Learning Objectives
1 Describe the role of information systems security (ISS) compliance in relation to organizations. | 2 Explain specific U.S. compliance laws and standards, and how they affect IT operations. | 3 Describe laws and guidelines that deal with computer related security. | 4 Explain the scope of an IT audit for compliance and the use of standards and frameworks. | 5 Summarize compliance and explain why it is important | 6 Describe the components and basic requirements for creating an audit plan to support business and system considerations. | 7 Describe the parameters required to conduct and report on an IT infrastructure audit for organizational compliance. | 8 Create security policies and review policy audit findings. | 9 Describe information security systems compliance requirements within the seven domains of an IT infrastructure. | 10 Analyze software vulnerabilities and make purchasing recommendations based upon results. | 11 Compare how devices and components found in the System/Application Domain contribute to compliance | 12 Describe the qualifications, ethics, and certification organizations for IT auditors. | 13 Describe what makes up a code of conduct and a code of ethics | 14 Identify codes of ethics from various professional organizations | 15 Identify the components that make up a mature code of conduct and why organizations establish them.
Framework Connections
Specialty Areas
- Systems Requirements Planning
- Legal Advice and Advocacy
Feedback
If you would like to provide feedback for this course, please e-mail the NICCS SO at NICCS@hq.dhs.gov.