Investigates the key role the information security manager plays in designing and conducting both risk assessments and security tests and evaluations. Students review the essential components of a security assessment and learn how to integrate methodology with company needs. The pitfalls connected with conducting a security assessment are covered in full to assure that best practices are incorporated for effective results. Creating security assessment reports, identifying threats and vulnerabilities and managing organizational audits and compliance metrics are also addressed. Case studies reviewing government and industry audit standards are used to illustrate course concepts.
- Understand the need for conducting security audits.
- Understand the fundamental vocabulary of audit including: Control Objective, Control, Compliance Testing, Substantive Testing, and Findings.
- Develop knowledge and skills in planning security audits.
- Develop knowledge and gain competency in interviewing audit subjects (management, technical, and business stakeholders).
- Gain competency in conducting effective information security audits on a broad range of corporate and government scenarios.
- Develop knowledge of audit test techniques.
- Develop skills in analyzing audit test results.
- Learn how to write security audit reports.