• Online, Self-Paced

Two key components IS auditing professionals evaluate are an organization's IS management activities and logical access practices. This course covers key IS management elements, roles, responsibilities and risk factors, as well as information security control design best practices. This course also outlines effective MAC and DAC controls, privacy principles, and external and third party IS best practices. Finally, this course covers key logical access best practices that IS auditors should evaluate, including exposures, identification and authentication controls, authorization issues, and confidential information handling activities. This course is one of a series in the Skillsoft learning path that covers the objectives for the ISACA Certified Information Systems Auditor (CISA) certification exam.

Learning Objectives

Information Security Management

  • start the course
  • recognize key concepts in domain 5
  • identify characteristics and key elements of information security management and information security management systems
  • distinguish between the different information security roles and responsibilities
  • identify characteristics and best practices of classifying information assets
  • identify fraud risk factors in information security management
  • identify characteristics of information security control design
  • identify characteristics and best practices of system access permission activities
  • recognize characteristics of mandatory and discretionary access controls
  • identify privacy principles, and the IS auditor's role
  • identify the critical success factors of information security management and awareness, training and education best practices
  • identify best practices for information security activities involving external parties
  • identify best practices for human resources activities with third parties
  • identify characteristics of computer crime issues and exposures, and best practices for avoiding negative impacts
  • identify best practices for security incident handling and response activities

Logical Access

  • identify logical access exposures
  • identify best practices for enterprise IT environment familiarization
  • identify best practices when auditing paths of logical access
  • identify logical access control software
  • identify best practices for identification and authentication activities
  • identify features of SSO
  • identify best practices for storing, retrieving, transporting, and disposing confidential information

Practice: Protecting Information Assets

  • identify best practices for information security management and logical access

Framework Connections

The materials within this course focus on the NICE Framework Task, Knowledge, and Skill statements identified within the indicated NICE Framework component(s):

Specialty Areas

  • Cyber Defense Infrastructure Support
  • Cybersecurity Management
  • Executive Cyber Leadership
  • Systems Analysis
  • Vulnerability Assessment and Management

Specialty Areas have been removed from the NICE Framework. With the recent release of the new NICE Framework data, updates to courses are underway. Until this course can be updated, this historical information is provided to give better context as to how it can help you with your cybersecurity goals.

Feedback

If you would like to provide feedback for this course, please e-mail the NICCS SO at NICCS@hq.dhs.gov.