CISA EXAM PREP COURSE: SUPPLEMENT
|
|
- Brenda Jordan
- 6 years ago
- Views:
Transcription
1 Table of Contents Study Tips... 1 Key Concept Review Additional Details... 2 Chapter Chapter Chapter Chapter Chapter Audit Work Program ISACA. All Rights Reserved. 0
2 Study Tips 1. The CISA Review Manual is one helpful resource in preparing for your exam. a. Pay attention to the Task and Knowledge Statements as test questions are based on one task and associated with one knowledge statement. b. Section One also provides tables with explanations of the knowledge statements. Read these reference tables, and if the topic is not familiar to you, read the corresponding section in the book. c. The Quick Reference Guide in Section Two also provides a quick overview of the chapter content, which can help you to better focus your study efforts. 2. The ISACA glossary ( is another reference you may find useful for reviewing topics and concepts. The CISA Review Manual also contains a more focused glossary of terms pertinent to the CISA. 3. Work through the practice questions: a. A helpful approach to these questions includes the following: i. Read the entire stem and determine what the question is asking. Look for key words such as "BEST," "MOST," "FIRST," etc., and key terms that may indicate what domain or concept that is being tested. ii. Read all of the options, and then read the stem again to see if you can eliminate any of the options based on your immediate understanding of the question. iii. Re-read the remaining options and bring in any personal experience to determine which is the best answer to the question. 4. Watch the action verbs in the answers like verify, ensure, conduct, asset, implement, approve, initiate. Based on the audience, select the verb that best describes what they subject in the question would do. 5. Be familiar with roles and responsibilities related to IS audit. For example: the auditor provides reasonable assurance of the effectiveness of controls and governance is accountable. 6. Other ISACA sources to assist in your studies: a. COBIT 5 b. ITAF c. Audit and Assurance Programs d. Additional Test Questions i. CISA Review Questions, Answers and Explanations Manual 11 th Edition* ii. CISA Review Questions, Answers and Explanations Database 12 month subscription* *Note: The CISA Review QAE Manual and CISA Review QAE Database contain the same questions. If you are interested in purchasing these products, you will only need to select one. 1
3 Key Concept Review Additional Details Chapter 1 1. Control objective concepts include: a. Effectiveness b. Efficiency c. Confidentiality d. Integrity e. Availability f. Compliance g. Reliability 2. Annual audit risk assessment should start with understanding companies organizational structure, mission and strategic plan a. Organization, including structure b. Mission c. Strategic plan 3. Annual audit risk assessment for planning development a. As the COSO Internal Control Integrated Framework (2013) states, risk assessment involves a dynamic and iterative process for identifying and assessing risks to the achievement of objectives. b. IIA Professional Practices Framework (requirement to do the checklist) c. Goals for assessment (only ask open-ended questions and immediately ask follow-up questions of clarification is needed) d. Gather company s missions, goals and strategic and tactical objectives e. Gain understanding of company s risk appetite and tolerance as well as corporate culture toward risk f. Gain a detailed perspective of management concerns and opinions (toward both current processes, technology, regulations and toward meeting G&O) g. Seek understanding of process including up and down stream factors (SIPOC) h. Discuss state of exceptions related audit, incident management, disaster recovery and self-assessment findings i. Look for and document inconsistencies and one-offs between interviewees j. Analyze results and seek clarification where necessary (and validate with interviewee s all conclusions before presenting results) k. Identify vulnerabilities and threats (and loss events/risks) from discussions and loss data/analytics (including risk register, prior findings, service management, selfassessment, incident management and disaster recovery reports) l. Rank and classify risk m. Map the risk to the organizational objectives n. Map the results to proposed audit engagements to determine the risk-based audit plan and determine engagement priorities o. Build/enhance individual audit scope and objectives to address RA results along with regulatory, internal control and/or technology changes. 4. Laws and regulations relating to the organization (Note: The candidate will not be tested on specific laws or regulations): a. Security Act of 1933 b. Security Exchange Act of 1934 c. Trust Indenture Act of
4 d. Investment Company Act of 1940 e. Investment Advisors Act of 1940 f. Williams Act of 1968 g. GLBA Act of 1999 h. Fair and Accurate Credit Transaction Act of 2003 i. Credit Rating Agency Reform Act of 2006 j. Dodd Frank Wall Street Reform and Consumer Protection Act of 2010 k. Volcker Rule 2012 l. Jumpstart our Business Startups Jobs Act of 2012 m. OCIE Cybersecurity Initiative 5. Controls a. Controls should be designed based on documented control objectives and should be placed at control points b. Control classifications/categories i. Preventive invalid password lockout ii. Detective audit trail/logs iii. Corrective attribute masking or required field validation before saving iv. Compensating challenge phrase, avatar v. Deterrent warning banner vi. Directive policy c. Interdependencies: i. A threat creates a threat event that exploits a vulnerability, which results in an impact ii. A compensating control reduces the likelihood iii. A corrective control decrease the impact iv. A deterrent control reduces the likelihood v. A detective control discovers a threat event (and can trigger a preventive control) d. Control methods i. Technical encryption, single sign-on ii. Non-technical policy, standard operation procedure iii. Physical lock e. Control locations i. Network ii. Application iii. Database iv. Operating systems v. Platform vi. Physical f. Control rationalization g. Controls in depth example: Gartner 5 Styles of Advanced Threat Defense Framework h. When thinking about control effectiveness as well as risk, consider the impact of cascading and coincidental events. 6. Audit phases a. Audit subject area to audit b. Audit scope system, function, unit, process(es) included in review c. Pre-audit planning ID skills, info and venues d. Audit procedure and steps for data gathering ID approach, people, process and artifacts e. Procedures for evaluating test/review results f. Procedures for communicating with management 3
5 g. Audit report prep 7. Computer aided audit tools (CAATs) a. Common tools: TopCAATS (add-on to Excel), Excel, Access, ACL, IDEA 8. Risk-based audit approach a. Step 1: Gather and Plan i. Business info 1. Mission 2. Strategy ii. Prior audit info iii. Financial info iv. Regulatory info v. RA inherent results b. Step 2: Internal Controls Review i. IC environment ii. IC processes iii. RA (detection) iv. Control risk assessment v. Total risk calculation c. Step 3: Perform Compliance Testing i. ID key controls ii. Test reliability, prevention, adherence to policy/process d. Step 4: Perform Substantive Testing i. Review analytical procedures ii. Review account balances iii. Procedures testing for compliance e. Step 5: Conduct Audit i. Recommendation ii. Audit report 9. Risk-based auditing a. Helps determine nature and extent of testing b. Drives audit schedule c. Helps develop and improve continuous audit process d. Looks at risk, internal operational controls and nature of business knowledge e. Related cost-benefit analysis to known risk f. Risk model creates weights by risk type, nature of business and risk significance 10. Risk treatment a. In order to make a risk acceptable consider: i. Requirements and constraints laws and regulations ii. Organizational objectives iii. Operational requirements and constraints iv. Cost effectiveness 11. RBA a. Risk rating methods i. Scorings 1. Technical complexity 2. Financial loss 3. Regulatory impact 4. Speed to market 5. Type and effectiveness of control 4
6 ii. Judgmental 1. Business knowledge 2. Executive management directives 3. Historical perspective 4. Business goals 5. Environmental factors 12. Objectives a. Audit objective specific goals that must be accomplished during audit engagement b. Control objective describes how an internal control should function 5
7 Chapter 2 1. Risk Culture a. Behavior toward taking risk i. Conservative risk adverse ii. Aggressive risk taking b. Behavior toward policy compliance i. Compliance ii. Non-compliance c. Behavior toward negative outcomes i. Learning culture ii. Blaming culture 2. Risk factors a. External environment i. Market ii. Rate of change iii. Industry/competition iv. Geopolitical situation v. Regulatory environment vi. Technology status and evolution b. Internal environment i. Strategic importance of IT for the entity ii. Operational importance of IT for the entity iii. Complexity of IT iv. Complexity of organization v. Degree of change vi. Change management capability vii. Risk management philosophy and values viii. Risk appetite of the entity ix. Operating model c. Risk management capability i. Risk governance ii. Risk evaluation iii. Risk response d. IT capability i. Plan and organize ii. Acquire and implement iii. Deliver and support iv. Monitor and evaluate e. IT-related business capabilities i. Value governance ii. Program management iii. Investment management 3. Risk scenarios a. Actors b. Threat type c. Event d. Asset/resource e. Time 4. Quality management 6
8 a. Quality standards assist in making operational environment: i. Predictable ii. Repeatable iii. Certifiable 5. QA vs. QC a. Quality assurance develops and trains on the QA process and own the SDLC document b. Quality control perform reviews to make sure software meets user requirements 6. Insurance a. Policies need to be reviewed whenever an organization changes technology or services delivery offerings to ensure coverage is still correct. The policy should be carefully reviewed at or renew too. b. Additional IT related policies are: i. Data breach ii. Technical errors and omissions iii. Media liability iv. Intellectual property infringement v. Data protection vi. Cyber liability vii. Ocean marine viii. Inland marine 7
9 Chapter 3 1. Business realization of projects a. Portfolio/program management i. Group of projects and time bound tasks closely linked with common objectives, schedule and strategy b. Business case development i. Provides information for go/no go decisions c. Factors to consider include: i. Cost ii. Quality iii. Development and delivery time iv. Reliability v. Dependability d. Consider evaluating these factors for strengths and weakness for each proposed solution 2. Project content and environment a. These are points to consider 3. Project management practices a. Along with project planning are: i. Project control 1. Scope management 2. Resource management 3. Risk management ii. Project closure 4. Traditional SDLC a. Note that phases 3 and 4 have differing steps whether acquiring software of designing it in-house 5. Control objectives 6. These are the control objectives for auditing program changes 8
10 Chapter 4 1. IT service management a. Change/release b. Problem c. Incident d. Configuration e. Also includes: i. Knowledge ii. Asset 2. Common networks a. Also includes personal area networks 3. OSI a. Application layer application interfaces b. Presentation layer encryption/data conversion c. Session layer establish and terminates connections d. Transport layer transfers data e. Network layer creates virtual circuit f. Data link layer provides data transfer on physical link g. Physical layer provide HW to connect (cables, cards) h. Some sources have added three additional layers: i. Individual ii. Organization iii. Government or legal compliance 4. Remote access a. Ask how business partners are managed i. Process to grant access ii. Entitlement process iii. Process to remove access 5. Digital certificates a. Ask about how certificates are managed i. Who owns relationship with certificate provider ii. Where are certs stored iii. How are certs revoked early iv. How are certs updated when they are about to expire v. How are expiration dates managed 9
11 Chapter 5 1. Key elements of information security management Sr. leadership commitment/support important to implementation and continued success for ISM Policies and procedures framework established by top mgmt with gov t body approval. This is followed by standard minimum security baseline, measurement criteria and methods and specific guidelines, practices and procedures. Organization security roles and responsibilities Security awareness and education training and regular updates to foster awareness for employees and third parties through policy and procedure updates; information security training; certification programs; policy acknowledgements by staff; visible enforcement; simulated exercises; standard communications via approved company communication channels Monitoring and compliance audit assessment of information security program effectiveness Incident handling and response event adversely affecting processing/computer usage (virus/intrusion) 2. Data classification of information assets (IA) As a control measure defines o Importance o IA owner o Access granting process o Access approver o Extent and depth of security controls 3. Inventory record for each information asset should contain o Asset identification o Asset value (to organization, not necessary monetary/depreciation based) o Implications if asset out of order or rendered useless o Recovery priority if asset out of order o Asset location o Assets security classification o Assets risk classification o Asset group it is associated too o Asset owner o Asset data and/or physical custodian 4. Security should be built as layers: Tangible layers include: o Layer 1 perimeter devices o Layer 2 config of perimeter devices o Layer 3 security monitoring IDS/IPS solutions o Layer 4 enterprise devices o Layer 5 config of enterprise devices o Layer 6 authentication tools and techniques Intangible layers o Security awareness and training o Management support for security issues Logical security layers o Network o Platform (OS) 10
12 o Databases o Applications 5. Access controls (N/A) Mandatory access controls (MACs) are logical access controls that validate access credentials Discretionary access controls (DACs) are configured and modified by data and system owners. 6. Data classification of information assets a. These are the items to be defined in each entry as a control measure i. Also include the importance of the IA 7. Inventory in IAs a. This is the information that should be captured at a minimal for each IA 8. Privacy issues a. All IT policies dealing with data should contain a clause regarding privacy considerations/requirements. This should also be reiterated in related procedures and standards 9. Likely perpetrators a. Hackivists 10. About SIEM a. Ask for the business case used when SIEM was purchased b. Ask if adding the logs and rules are a part of device hardening and then have them show where recent devices were added with and without rule base (conditional) reporting/alerting c. Ask which of the following functions they use SIEM for: i. Access discovery ii. Vulnerability assessments iii. Network analysis iv. WIDS v. HIDS vi. NIDS vii. File integrity checking viii. Log management d. Ask if SIEM auto detects and if so, does subnet need to be added first 11. Ask about protections against advanced persistent threats: a. What tools and process are implemented or in plans for: i. Network threat analysis ii. Network forensic iii. Payload analysis iv. End point behavior analysis v. End point forensics 11
13 Audit Work Program For more information and detailed program example: Audit-Assurance-Program.aspx Audit-Assurance-Program1.aspx Audit-Assurance-Program.aspx 12
"Charting the Course... Certified Information Systems Auditor (CISA) Course Summary
Course Summary Description In this course, you will perform evaluations of organizational policies, procedures, and processes to ensure that an organization's information systems align with overall business
More informationCCISO Blueprint v1. EC-Council
CCISO Blueprint v1 EC-Council Categories Topics Covered Weightage 1. Governance (Policy, Legal, & Compliance) & Risk Management 1.1 Define, implement, manage and maintain an information security governance
More informationCertified Information Security Manager (CISM) Course Overview
Certified Information Security Manager (CISM) Course Overview This course teaches students about information security governance, information risk management, information security program development,
More informationRethinking Information Security Risk Management CRM002
Rethinking Information Security Risk Management CRM002 Speakers: Tanya Scott, Senior Manager, Information Risk Management, Lending Club Learning Objectives At the end of this session, you will: Design
More informationCertified Information Systems Auditor (CISA)
Certified Information Systems Auditor (CISA) 1. Domain 1 The Process of Auditing Information Systems Provide audit services in accordance with IT audit standards to assist the organization in protecting
More informationNew York Department of Financial Services Cybersecurity Regulation Compliance and Certification Deadlines
New York Department of Financial Services Cybersecurity Regulation Compliance and Certification Deadlines New York Department of Financial Services ( DFS ) Regulation 23 NYCRR 500 requires that entities
More informationCOURSE BROCHURE CISA TRAINING
COURSE BROCHURE CISA TRAINING What is CISA? The CISA, Certified Information Systems Auditor, is a professional designation which provides great benefits and increased influence for an individual within
More informationBalancing Compliance and Operational Security Demands. Nov 2015 Steve Winterfeld
Balancing Compliance and Operational Security Demands Nov 2015 Steve Winterfeld What is more important? Compliance with laws / regulations Following industry best practices Developing a operational practice
More informationIT SECURITY OFFICER. Department: Information Technology. Pay Range: Professional 18
Pierce County Classification Description IT SECURITY OFFICER Department: Information Technology Job Class #: 634900 Pay Range: Professional 18 FLSA: Exempt Represented: No Classification descriptions are
More informationCybersecurity: Considerations for Internal Audit. Gina Gondron Senior Manager Frazier & Deeter Geek Week August 10, 2016
Cybersecurity: Considerations for Internal Audit Gina Gondron Senior Manager Frazier & Deeter Geek Week August 10, 2016 Agenda Key Risks Incorporating Internal Audit Resources Questions 2 San Francisco
More informationCISA Training.
CISA Training www.austech.edu.au WHAT IS CISA TRAINING? The CISA, Certified Information Systems Auditor, is a professional designation which provides great benefits and increased influence for an individual
More informationBUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE
BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE 1 WHAT IS YOUR SITUATION? Excel spreadsheets Manually intensive Too many competing priorities Lack of effective reporting Too many consultants Not
More informationISO / IEC 27001:2005. A brief introduction. Dimitris Petropoulos Managing Director ENCODE Middle East September 2006
ISO / IEC 27001:2005 A brief introduction Dimitris Petropoulos Managing Director ENCODE Middle East September 2006 Information Information is an asset which, like other important business assets, has value
More informationCOURSE BROCHURE. COBIT5 FOUNDATION Training & Certification
COURSE BROCHURE COBIT5 FOUNDATION Training & Certification What is COBIT5? COBIT 5 (Control Objectives for Information and Related Technology) is an international open standard that defines requirements
More informationEXAM PREPARATION GUIDE
When Recognition Matters EXAM PREPARATION GUIDE PECB Certified ISO/IEC 27001 Lead Auditor www.pecb.com The objective of the Certified ISO/IEC 27001 Lead Auditor examination is to ensure that the candidate
More informationCompTIA Advanced Security Practitioner (CASP) (Exam CAS-001)
CompTIA Advanced Security Practitioner (CASP) (Exam CAS-001) Course Outline Course Introduction Course Introduction Lesson 01 - The Enterprise Security Architecture Topic A: The Basics of Enterprise Security
More informationCISM Certified Information Security Manager
CISM Certified Information Security Manager Firebrand Custom Designed Courseware Logistics Start Time Breaks End Time Fire escapes Instructor Introductions Introduction to Information Security Management
More informationThe Common Controls Framework BY ADOBE
The Controls Framework BY ADOBE The following table contains the baseline security subset of control activities (derived from the Controls Framework by Adobe) that apply to Adobe s enterprise offerings.
More informationEXAM PREPARATION GUIDE
When Recognition Matters EXAM PREPARATION GUIDE PECB Certified ISO 22301 Lead Implementer www.pecb.com The objective of the Certified ISO 22301 Lead Implementer examination is to ensure that the candidate
More informationEXAM PREPARATION GUIDE
When Recognition Matters EXAM PREPARATION GUIDE PECB Certified ISO 9001 Lead Auditor www.pecb.com The objective of the PECB Certified ISO 9001 Lead Auditor examination is to ensure that the candidate possesses
More informationInformation Technology General Control Review
Information Technology General Control Review David L. Shissler, Senior IT Auditor, CPA, CISA, CISSP Office of Internal Audit and Risk Assessment September 15, 2016 Background Presenter Senior IT Auditor
More informationCertified in Risk and Information Systems ControlTM Certification Training - Brochure
Certified in Risk and Information Systems ControlTM Certification Training - Brochure Manage IT risks to control Information Systems effectively Course Name : CRISC Certification Training Version : INVL_CRISC_BR_1.0
More informationEXAM PREPARATION GUIDE
When Recognition Matters EXAM PREPARATION GUIDE PECB Certified ISO 22000 Lead Implementer www.pecb.com The objective of the Certified ISO 22000 Lead Implementer examination is to ensure that the candidate
More informationNo IT Audit Staff? How to Hack an IT Audit. Presenters. Mark Bednarz, Partner-In-Charge, Risk Advisory PKF O Connor Davies, LLP
No IT Audit Staff? How to Hack an IT Audit Presenters Mark Bednarz, Partner-In-Charge, Risk Advisory PKF O Connor Davies, LLP Learning Objectives After this session, participants will be able to: Devise
More informationCybersecurity Auditing in an Unsecure World
About This Course Cybersecurity Auditing in an Unsecure World Course Description $5.4 million that s the average cost of a data breach to a U.S.-based company. It s no surprise, then, that cybersecurity
More informationEXAM PREPARATION GUIDE
When Recognition Matters EXAM PREPARATION GUIDE PECB Certified ISO/IEC 20000 Lead Auditor www.pecb.com The objective of the Certified ISO/IEC 20000 Lead Auditor examination is to ensure that the candidate
More informationEXAM PREPARATION GUIDE
When Recognition Matters EXAM PREPARATION GUIDE PECB Certified ISO 14001 Lead Auditor www.pecb.com The objective of the PECB Certified ISO 14001 Lead Auditor examination is to ensure that the candidate
More informationISSMP is in compliance with the stringent requirements of ANSI/ISO/IEC Standard
Certification Exam Outline Effective Date: April 2013 About CISSP-ISSMP The Information Systems Security Management Professional (ISSMP) is a CISSP who specializes in establishing, presenting, and governing
More informationEXAM PREPARATION GUIDE
When Recognition Matters EXAM PREPARATION GUIDE PECB Certified ISO 22000 Lead Auditor www.pecb.com The objective of the Certified ISO 22000 Lead Auditor examination is to ensure that the candidate has
More informationEXAM PREPARATION GUIDE
When Recognition Matters EXAM PREPARATION GUIDE PECB Certified ISO/IEC 27002 Manager www.pecb.com The objective of the PECB Certified ISO/IEC 27002 Manager examination is to ensure that the candidate has
More informationTEL2813/IS2820 Security Management
TEL2813/IS2820 Security Management Security Management Models And Practices Lecture 6 Jan 27, 2005 Introduction To create or maintain a secure environment 1. Design working security plan 2. Implement management
More informationEXAM PREPARATION GUIDE
EXAM PREPARATION GUIDE PECB Certified ISO 50001 Lead Auditor The objective of the PECB Certified ISO 50001 Lead Auditor examination is to ensure that the candidate has the knowledge and skills to plan
More informationAdvanced Security Tester Course Outline
Advanced Security Tester Course Outline General Description This course provides test engineers with advanced skills in security test analysis, design, and execution. In a hands-on, interactive fashion,
More informationCISM - Certified Information Security Manager. Course Outline. CISM - Certified Information Security Manager. 22 Mar
Course Outline CISM - Certified Information Security Manager 22 Mar 2019 Contents 1. Course Objective 2. Pre-Assessment 3. Exercises, Quizzes, Flashcards & Glossary Number of Questions 4. Expert Instructor-Led
More information<< Practice Test Demo - 2PassEasy >> Exam Questions CISM. Certified Information Security Manager. https://www.2passeasy.
Exam Questions CISM Certified Information Security Manager https://www.2passeasy.com/dumps/cism/ 1.Senior management commitment and support for information security can BEST be obtained through presentations
More informationCompTIA CASP (Advanced Security Practitioner)
CompTIA CASP (Advanced Security Practitioner) Course Length: 5 days (virtual) Click here to view the current class schedule! Overview: The CompTIA Advanced Security Practitioner (CASP) Certification is
More information_isms_27001_fnd_en_sample_set01_v2, Group A
1) What is correct with respect to the PDCA cycle? a) PDCA describes the characteristics of information to be maintained in the context of information security. (0%) b) The structure of the ISO/IEC 27001
More informationBCS Practitioner Certificate in Information Risk Management Syllabus
BCS Practitioner Certificate in Information Risk Management Syllabus Version 6.5 April 2017 This qualification is not regulated by the following United Kingdom Regulators - Ofqual, Qualification in Wales,
More informationSecurity Management Models And Practices Feb 5, 2008
TEL2813/IS2820 Security Management Security Management Models And Practices Feb 5, 2008 Objectives Overview basic standards and best practices Overview of ISO 17799 Overview of NIST SP documents related
More informationCISM - Certified Information Security Manager. Course Outline. CISM - Certified Information Security Manager.
Course Outline CISM - Certified Information Security Manager 20 Nov 2017 Contents 1. Course Objective 2. Pre-Assessment 3. Exercises, Quizzes, Flashcards & Glossary Number of Questions 4. Expert Instructor-Led
More informationCISA ITEM DEVELOPMENT GUIDE
CISA ITEM DEVELOPMENT GUIDE Updated March 2017 TABLE OF CONTENTS Content Page Purpose of the CISA Item Development Guide 3 CISA Exam Structure 3 Writing Quality Items 3 Multiple-Alternative Items 4 Steps
More informationTARGET2-SECURITIES INFORMATION SECURITY REQUIREMENTS
Target2-Securities Project Team TARGET2-SECURITIES INFORMATION SECURITY REQUIREMENTS Reference: T2S-07-0270 Date: 09 October 2007 Version: 0.1 Status: Draft Target2-Securities - User s TABLE OF CONTENTS
More informationCISM QAE ITEM DEVELOPMENT GUIDE
CISM QAE ITEM DEVELOPMENT GUIDE ISACA 2015. All Rights Reserved. 2 TABLE OF CONTENTS PURPOSE OF THE CISM QAE ITEM DEVELOPMENT GUIDE... 3 PURPOSE OF THE CISM QAE... 3 CISM EXAM STRUCTURE... 3 WRITING QUALITY
More informationWORKSHARE SECURITY OVERVIEW
WORKSHARE SECURITY OVERVIEW April 2016 COMPANY INFORMATION Workshare Security Overview Workshare Ltd. (UK) 20 Fashion Street London E1 6PX UK Workshare Website: www.workshare.com Workshare Inc. (USA) 625
More informationEU GDPR & ISO Integrated Documentation Toolkit https://advisera.com/eugdpracademy/eu-gdpr-iso integrated-documentation-toolkit
EU GDPR & https://advisera.com/eugdpracademy/eu-gdpr-iso-27001-integrated-documentation-toolkit Note: The documentation should preferably be implemented in the order in which it is listed here. The order
More informationEXAM PREPARATION GUIDE
EXAM PREPARATION GUIDE PECB Certified ISO/IEC 27002 Manager The objective of the PECB Certified ISO/IEC 27002 Manager examination is to ensure that the candidate has the knowledge for implementing information
More informationFISMAand the Risk Management Framework
FISMAand the Risk Management Framework The New Practice of Federal Cyber Security Stephen D. Gantz Daniel R. Phi I pott Darren Windham, Technical Editor ^jm* ELSEVIER AMSTERDAM BOSTON HEIDELBERG LONDON
More informationNYDFS Cybersecurity Regulations
SPEAKERS NYDFS Cybersecurity Regulations Lisa J. Sotto Hunton & Williams LLP (212) 309-1223 lsotto@hunton.com www.huntonprivacyblog.com March 9, 2017 The Privacy Team at Hunton & Williams Over 30 privacy
More informationISACA CISA Review Course CHAPTER 1 THE IS AUDIT PROCESS
ISACA The recognized global leaders in IT governance, control and assurance 1 2007 CISA Review Course CHAPTER 1 THE IS AUDIT PROCESS 2 1 Chapter Overview 1. Introduction Organization of the IS audit function
More informationHealthcare Security Success Story
Regional Forum on Cybersecurity in the Era of Emerging Technologies & the Second Meeting of the Successful Administrative Practices -2017 Cairo, Egypt 28-29 November 2017 Healthcare Security Success Story
More informationMaster Information Security Policy & Procedures [Organization / Project Name]
Master Information Security Policy & Procedures [Organization / Project Name] [Version Number / Date of [Insert description of intended audience or scope of authorized distribution.] Authors: [Names] Information
More informationEC-Council Certified Network Defender (CND) Duration: 5 Days Method: Instructor-Led
EC-Council Certified Network Defender (CND) Duration: 5 Days Method: Instructor-Led Certification: Certified Network Defender Exam: 312-38 Course Description This course is a vendor-neutral, hands-on,
More informationInformation Technology Security Plan Policies, Controls, and Procedures Identify Governance ID.GV
Information Technology Security Plan Policies, Controls, and Procedures Identify Governance ID.GV Location: https://www.pdsimplified.com/ndcbf_pdframework/nist_csf_prc/documents/identify/ndcbf _ITSecPlan_IDGV2017.pdf
More informationTSC Business Continuity & Disaster Recovery Session
TSC Business Continuity & Disaster Recovery Session Mohamed Ashmawy Infrastructure Consulting Pursuit Hewlett-Packard Enterprise Saudi Arabia Mohamed.ashmawy@hpe.com Session Objectives and Outcomes Objectives
More informationAdvent IM Ltd ISO/IEC 27001:2013 vs
Advent IM Ltd ISO/IEC 27001:2013 vs 2005 www.advent-im.co.uk 0121 559 6699 bestpractice@advent-im.co.uk Key Findings ISO/IEC 27001:2013 vs. 2005 Controls 1) PDCA as a main driver is now gone with greater
More informationISO & ISO & ISO Cloud Documentation Toolkit
ISO & ISO 27017 & ISO 27018 Cloud ation Toolkit Note: The documentation should preferably be implemented order in which it is listed here. The order of implementation of documentation related to Annex
More informationEXAM PREPARATION GUIDE
EXAM PREPARATION GUIDE PECB Certified ISO/IEC 38500 Lead IT Corporate Governance Manager The objective of the PECB Certified ISO/IEC 38500 Lead IT Corporate Governance Manager examination is to ensure
More informationData Protection. Practical Strategies for Getting it Right. Jamie Ross Data Security Day June 8, 2016
Data Protection Practical Strategies for Getting it Right Jamie Ross Data Security Day June 8, 2016 Agenda 1) Data protection key drivers and the need for an integrated approach 2) Common challenges data
More informationEXAM PREPARATION GUIDE
When Recognition Matters EXAM PREPARATION GUIDE PECB Certified ISO 14001 Lead Implementer www.pecb.com The objective of the PECB Certified ISO 14001 Lead Implementer examination is to ensure that the candidate
More informationControlled Document Page 1 of 6. Effective Date: 6/19/13. Approved by: CAB/F. Approved on: 6/19/13. Version Supersedes:
Page 1 of 6 I. Common Principles and Approaches to Privacy A. A Modern History of Privacy a. Descriptions, definitions and classes b. Historical and social origins B. Types of Information a. Personal information
More informationGuide to the implementation and auditing of ISMS controls based on ISO/IEC 27001
Guide to the implementation and auditing of ISMS controls based on ISO/IEC 27001 Information Security Management Systems Guidance series The Information Security Management Systems (ISMS) series of books
More informationBPS Suite and the OCEG Capability Model. Mapping the OCEG Capability Model to the BPS Suite s product capability.
BPS Suite and the OCEG Capability Model Mapping the OCEG Capability Model to the BPS Suite s product capability. BPS Contents Introduction... 2 GRC activities... 2 BPS and the Capability Model for GRC...
More informationApex Information Security Policy
Apex Information Security Policy Table of Contents Sr.No Contents Page No 1. Objective 4 2. Policy 4 3. Scope 4 4. Approval Authority 5 5. Purpose 5 6. General Guidelines 7 7. Sub policies exist for 8
More informationEXAM PREPARATION GUIDE
When Recognition Matters EXAM PREPARATION GUIDE PECB Certified ISO 31000 Risk Manager www.pecb.com The objective of the PECB Certified ISO 31000 Risk Manager examination is to ensure that the candidate
More informationForensics and Active Protection
Forensics and Active Protection Computer and Network Forensics Research Project 2003 Work Update Yanet Manzano Florida State University manzano@cs.fsu.edu manzano@cs.fsu.edu 1 Outline CNF Project Goal
More informationEffective Strategies for Managing Cybersecurity Risks
October 6, 2015 Effective Strategies for Managing Cybersecurity Risks Larry Hessney, CISA, PCI QSA, CIA 1 Everybody s Doing It! 2 Top 10 Cybersecurity Risks Storing, Processing or Transmitting Sensitive
More informationEXAM PREPARATION GUIDE
EXAM PREPARATION GUIDE PECB Certified Data Protection Officer The objective of the PECB Certified Data Protection Officer examination is to ensure that the candidate has acquired the knowledge and skills
More informationSecurity Policies and Procedures Principles and Practices
Security Policies and Procedures Principles and Practices by Sari Stern Greene Chapter 3: Information Security Framework Objectives Plan the protection of the confidentiality, integrity and availability
More informationCybersecurity Risk Mitigation: Protect Your Member Data. Introduction
Cybersecurity Risk Mitigation: Protect Your Member Data Presented by Matt Mitchell, CISSP Knowledge Consulting Group Introduction Matt Mitchell- Director Risk Assurance 17 years information security experience
More informationHow AlienVault ICS SIEM Supports Compliance with CFATS
How AlienVault ICS SIEM Supports Compliance with CFATS (Chemical Facility Anti-Terrorism Standards) The U.S. Department of Homeland Security has released an interim rule that imposes comprehensive federal
More informationEXAM PREPARATION GUIDE
When Recognition Matters EXAM PREPARATION GUIDE PECB Certified ISO 37001 Lead Auditor www.pecb.com The objective of the Certified ISO 37001 Lead Auditor examination is to ensure that the candidate possesses
More informationEXAM PREPARATION GUIDE
When Recognition Matters EXAM PREPARATION GUIDE PECB Certified OHSAS 18001 Lead Auditor www.pecb.com The objective of the PECB Certified OHSAS 18001 Lead Auditor examination is to ensure that the candidate
More informationHacker Academy Ltd COURSES CATALOGUE. Hacker Academy Ltd. LONDON UK
Hacker Academy Ltd COURSES CATALOGUE Hacker Academy Ltd. LONDON UK TABLE OF CONTENTS Basic Level Courses... 3 1. Information Security Awareness for End Users... 3 2. Information Security Awareness for
More informationEXAM PREPARATION GUIDE
EXAM PREPARATION GUIDE PECB Certified ISO 39001 Lead Auditor The objective of the PECB Certified ISO 39001 Lead Auditor examination is to ensure that the candidate has the knowledge and skills to plan
More informationCourse overview. CompTIA Security+ Certification (Exam SY0-501) Study Guide (G635eng v107)
Overview This course is intended for those wishing to qualify with CompTIA Security+. CompTIA's Security+ Certification is a foundation-level certificate designed for IT administrators with 2 years' experience
More informationNew York Cybersecurity. New York Cybersecurity. Requirements for Financial Services Companies (23NYCRR 500) Solution Brief
Publication Date: March 10, 2017 Requirements for Financial Services Companies (23NYCRR 500) Solution Brief EventTracker 8815 Centre Park Drive, Columbia MD 21045 About EventTracker EventTracker s advanced
More informationTHE ISACA CURACAO CHAPTER IS ORGANIZING FOLLOWING INFORMATION SECURITY AND TECHNOLOGY SESSIONS ON MAY 15-MAY :
THE ISACA CURACAO CHAPTER IS ORGANIZING FOLLOWING INFORMATION SECURITY AND TECHNOLOGY SESSIONS ON MAY 15-MAY 18 2017: INFORMATION SYSTEM AUDIT AND SECURITY MANAGEMENT ( 2 DAYS) MAY 15 AND 16 o INFORMATION
More informationExam Requirements v4.1
COBIT Foundation Exam Exam Requirements v4.1 The purpose of this document is to provide information to those interested in participating in the COBIT Foundation Exam. The document provides information
More informationEXAM PREPARATION GUIDE
EXAM PREPARATION GUIDE PECB Certified ISO/IEC 17025 Lead Auditor The objective of the PECB Certified ISO/IEC 17025 Lead Auditor examination is to ensure that the candidate possesses the needed expertise
More informationWhy you should adopt the NIST Cybersecurity Framework
Why you should adopt the NIST Cybersecurity Framework It s important to note that the Framework casts the discussion of cybersecurity in the vocabulary of risk management Stating it in terms Executive
More informationlocuz.com SOC Services
locuz.com SOC Services 1 Locuz IT Security Lifecycle services combine people, processes and technologies to provide secure access to business applications, over any network and from any device. Our security
More informationApplication for Certification
Application for Certification Requirements to Become a Certified Information Security Manager To become a Certified Information Security Manager (CISM), an applicant must: 1. Score a passing grade on the
More informationDoes a SAS 70 Audit Leave you at Risk of a Security Exposure or Failure to Comply with FISMA?
Does a SAS 70 Audit Leave you at Risk of a Security Exposure or Failure to Comply with FISMA? A brief overview of security requirements for Federal government agencies applicable to contracted IT services,
More informationDesigning and Building a Cybersecurity Program
Designing and Building a Cybersecurity Program Based on the NIST Cybersecurity Framework (CSF) Larry Wilson lwilson@umassp.edu ISACA Breakfast Meeting January, 2016 Designing & Building a Cybersecurity
More informationCISM ITEM DEVELOPMENT GUIDE
CISM ITEM DEVELOPMENT GUIDE Updated March 2017 TABLE OF CONTENTS Content Page Purpose of the CISM Item Development Guide 3 CISM Exam Structure 3 Writing Quality Items 3 Multiple-Choice Items 4 Steps to
More informationCOMPLIANCE BRIEF: HOW VARONIS HELPS WITH PCI DSS 3.1
COMPLIANCE BRIEF: HOW VARONIS HELPS WITH OVERVIEW The Payment Card Industry Data Security Standard (PCI-DSS) 3.1 is a set of regulations that govern how firms that process credit card and other similar
More informationHow to Prepare a Response to Cyber Attack for a Multinational Company.
You Have Been Breached! How to Prepare a Response to Cyber Attack for a Multinational Company. Chayan Chakravarti, MBA, CISM, PMP Patrick Enyart, CISA, CISM, CRISC Presenters Chayan Chakravarti Manager,
More informationTo Audit Your IAM Program
Top Five Reasons To Audit Your IAM Program Best-in-class organizations are auditing their IAM programs - are you? focal-point.com Introduction Stolen credentials are the bread and butter of today s hacker.
More informationCISA EXAM PREPARATION - Weekend Program
CISA EXAM PREPARATION - Weekend Program THE CISA QUALIFICATION: CERTIFICATION PREPARATION COURSE SYLLABUS PT. RIALACHAS TATHYA PRAYUKTI Menara Palma 12th Floor Jalan HR Rasuna Said Blok X2 Kav 6 Jakarta,
More informationNext Generation Policy & Compliance
Next Generation Policy & Compliance Mason Karrer, CISSP, CISA GRC Strategist - Policy and Compliance, RSA Core Competencies C33 2013 Fall Conference Sail to Success CRISC CGEIT CISM CISA Introductions...
More informationCompTIA Cybersecurity Analyst+
CompTIA Cybersecurity Analyst+ Course CT-04 Five days Instructor-Led, Hands-on Introduction This five-day, instructor-led course is intended for those wishing to qualify with CompTIA CSA+ Cybersecurity
More informationISO/IEC INTERNATIONAL STANDARD. Information technology Security techniques Code of practice for information security management
INTERNATIONAL STANDARD ISO/IEC 17799 Second edition 2005-06-15 Information technology Security techniques Code of practice for information security management Technologies de l'information Techniques de
More informationPerforming a Vendor Security Review TCTC 2017 FALL EVENT PRESENTER: KATIE MCINTOSH
Performing a Vendor Security Review TCTC 2017 FALL EVENT PRESENTER: KATIE MCINTOSH 1 Speaker Bio Katie McIntosh, CISM, CRISC, CISA, CIA, CRMA, is the Cyber Security Specialist for Central Hudson Gas &
More informationE-guide CISSP Prep: 4 Steps to Achieve Your Certification
CISSP Prep: 4 Steps to Achieve Your Certification Practice for the exam and keep your skills sharp : Thank you for downloading our CISSP certification guide. Aside from this handy PDF, you can also access
More informationRed Flags/Identity Theft Prevention Policy: Purpose
Red Flags/Identity Theft Prevention Policy: 200.3 Purpose Employees and students depend on Morehouse College ( Morehouse ) to properly protect their personal non-public information, which is gathered and
More informationCybersecurity & Privacy Enhancements
Business, Industry and Government Cybersecurity & Privacy Enhancements John Lainhart, Director, Grant Thornton The National Institute of Standards and Technology (NIST) is in the process of updating their
More informationISAO SO Product Outline
Draft Document Request For Comment ISAO SO 2016 v0.2 ISAO Standards Organization Dr. Greg White, Executive Director Rick Lipsey, Deputy Director May 2, 2016 Copyright 2016, ISAO SO (Information Sharing
More information354 & Index Board of Directors Responsibilities Audit Committee and Risk Committee Coordination, 244 Audit Committee Functions and Responsibilities, 2
Index Accounts Payable Process Review Procedures Assessments, 191 Actions to Resolve Risks COSO ERM Control Activities, 97 Activity Management COSO ERM Control Activities, 81 AICPA SAS No. 1 Internal Controls
More informationISO/IEC Information technology Security techniques Code of practice for information security management
This is a preview - click here to buy the full publication INTERNATIONAL STANDARD ISO/IEC 17799 Second edition 2005-06-15 Information technology Security techniques Code of practice for information security
More informationNYDFS Cybersecurity Regulations: What do they mean? What is their impact?
June 13, 2017 NYDFS Cybersecurity Regulations: What do they mean? What is their impact? Gus Coldebella Principal, Boston Caroline Simons Principal, Boston Agenda 1) Overview of the new regulations 2) Assessing
More information