Certified Information Systems Auditor CISA, Part 5 of 5: Protecting Assets
interactive

Certified Information Systems Auditor CISA, Part 5 of 5: Protecting Assets

LearnNow Online
Updated Jun 22, 2024
Course Description

Course description

The objective of this course is to ensure enterprise security policies, standards procedures and controls will ensure confidentiality, integrity and availability of information assets. This course will cover standards and procedures, evaluate design and monitoring of systems, data classification, physical access, environmental controls and safeguards as well as retrieval and disposal of information assets. This course is part of a series covering the ISACA Certified Information Systems Auditor (CISA).

Each LearnNowOnline training course is made up of Modules (typically an hour in length). Within each module there are Topics (typically 15-30 minutes each) and Subtopics (typically 2-5 minutes each). There is a Post Exam for each Module that must be passed with a score of 70% or higher to successfully and fully complete the course.


Prerequisites

This is part 5 of the series.


Meet the expert

Kenneth Mayer

As a certified Microsoft Instructor, Ken has focused his career on various security aspects of computer and network technology since the early 1980s. He has offered a wide variety of IT training and high level consulting projects for Fortune 500 companies globally. Through the course of his extensive career, he has taught a full line of Microsoft, CompTIA, Cisco, and other high level IT Security curricula.

 

Video Runtime

146 Minutes

Time to complete

186 Minutes

 

Course Outline

Information Security

Importance of Information Security (42:43)

  • Introduction (01:37)
  • The Myth of Perfect Security (01:22)
  • Inventory and Classification of Information Assets (00:53)
  • Controls (10:10)
  • Privacy Management Issues (01:19)
  • Critical Success Factors to Info Sec Management (00:54)
  • Info Sec and External Parties (01:16)
  • Risks Related to External Parties (01:08)
  • Customers and Security (02:55)
  • Addressing Security and Third-Party Agreements (01:24)
  • Human Resources Security (01:37)
  • Human Resources Security Continued (01:25)
  • Computer Crime Issues and Exposures (02:45)
  • Computer Crime Issues and Exposures Continued (02:26)
  • Types of Computer Crimes (05:20)
  • Web-Based Technologies (02:20)
  • Security Incident Handling and Response (03:37)
  • Summary (00:08)

Logical Access (37:39)

  • Introduction (00:26)
  • Logical Access Controls (01:03)
  • Logical Access and Points of Entry (01:20)
  • Logical Access Control Software (00:40)
  • Identification and Authentication (01:51)
  • Multifactor Authentication (01:08)
  • Features of Passwords (02:20)
  • Identification and Authentication Best Practices (03:09)
  • Token Devices and One-Time Passwords (01:35)
  • Effective Biometric Security (02:47)
  • Single Sign-On (02:41)
  • Authorization Issues (00:38)
  • Access Lists (04:34)
  • Common Connectivity Methods (02:54)
  • Remote Wireless Connections (01:53)
  • Access Issues with Mobile Technology (02:13)
  • Access Rights to System Logs (01:59)
  • Use of Intrusion Detection (01:31)
  • Dealing with Confidential Information (02:41)
  • Summary (00:08)
Security Auditing

Network Infrastructure Security (39:55)

  • Introduction (00:45)
  • LAN Security (01:20)
  • LAN Virtualization (03:45)
  • Client/Server Security (00:52)
  • Wireless Security Threats and Risk Mitigation (01:29)
  • Internet Vulnerabilities (02:06)
  • Network Security Threats (03:13)
  • Controls to Investigate (03:00)
  • Firewall Security Systems (03:51)
  • Common Attacks Against Firewalls (01:46)
  • Examples of Firewall Implementation (01:56)
  • Intrusion Detection (02:08)
  • Describing IDS and IPS Deployment (02:38)
  • Encryption (00:48)
  • Symmetric and Asymmetric Encryption (02:29)
  • Uses of Encryption (01:39)
  • Viruses (01:48)
  • Technical Controls Against Viruses (00:20)
  • Anti-Virus Software (01:24)
  • Voice Over IP (01:17)
  • Private Branch Exchange (01:04)
  • Summary (00:08)

Auditing Info Sec Management Framework (03:36)

  • Introduction (00:21)
  • Auditing Info Sec Management Framework (00:43)
  • Auditing Logical Access (00:45)
  • Techniques for Testing Security (01:38)
  • Summary (00:08)

Auditing Network Infrastructure Security (13:53)

  • Introduction (01:13)
  • Auditing Remote Access (01:29)
  • Network Penetration Test (02:56)
  • Types of Penetration Tests (01:52)
  • Full Network Assessment Reviews (00:41)
  • Authorized Network Configuration Changes (00:39)
  • Unauthorized Changes (01:00)
  • Computer Forensics (01:33)
  • Chain of Evidence (02:18)
  • Summary (00:08)

Environmental Exposure and Physical Access (09:01)

  • Introduction (00:19)
  • Environmental Exposures and Controls (02:30)
  • Physical Access Exposures (01:01)
  • Physical Access Controls (02:04)
  • Auditing Physical Access (01:28)
  • Mobile Computing (01:29)
  • Summary (00:08)