4 Day (Tuesday - Friday)

Category: IS Auditing

Instructor: Duane Anderson

Instructor Bio:

Consulting & Training Duane’s consulting and training undertakings usually revolve around highly specialized Virtualization solutions, Penetration Testing, Forensics, and general IT security events. In addition, Duane develops customized and blended security, virtualization and cloud curriculum.

Course Description:

Many organizations require an Information System Auditor’s expert knowledge when it comes to identifying critical issues and providing effective auditing solutions. The knowledge and course content provided in the vendor-neutral Certified Information Systems Security Auditor - C)ISSA will not only cover ISACA®’s exam but will provide a measurable certification that demonstrates proficiency in the IS Auditing Field. The Certified Information Systems Security Auditor covers the skills and knowledge to assess vulnerabilities, report on compliance and implement controls for private and public enterprises. The Certified Information Systems Security Auditor students will receive in-depth knowledge in topics that pertain to the following: IS audit, control, and assurance. This course is designed for those IT professionals in the following job roles: IT consultants, auditors, managers, security policy writers, privacy officers, information security officers, network administrators, security device administrators, and security engineers.

Course Outline

• I. The Process of Auditing Information Systems
• II. Risk-Based Auditing
• III. Audit Planning and Performance
• IV. Reporting on Audit
• V. IT Governance and Management
• VI. Strategic Planning and Models
• VII. Resource Management
• IX. Systems Acquisition, Development and Implementation
• X. Systems Development Models
• XI.Types of Specialized Business Applications
• XII. Application Controls
• XIII. Information Systems Operations, Maintenance, and Support
• XIV. System and Communications
• XV. Hardware

Key Data

Course Title: Certified Information Systems Security Auditor

Duration: 4 Days

Language: English

Class Format Options:

• Instructor-led classroom
• Instructor-led Online Training

Prerequisites:

• A minimum of 1 year of Information Systems

Student Materials:

• Student Workbook
• Certification Exams:
• Covers ISACA® CISA exam objectives
• Mile2 C)ISSA – Certified Information Systems Security Auditor
• CPEs: 32Hours

2: The ISO/27001:2013

The ISMS

Integration

Suitable for

Organizations of all Sizes

Assessment

The Evolution of ISO27001, 2

Recent Updates

ISO27002

Control Hierarchy

ISO27001

The ISMS

Constant Change

and Improvement

Adoption of the ISMS

Exclusions

3: Information Security and Key Controls

Key Terms

Information

Information Security Definition

Information Security

Context of the Organization

Leadership

Planning

Planning Continued

Support

Support Continued

Operation

Performance evaluation

Improvement

4: Risk Management

Agenda

Definitions

Risk

Risk cont.

Risk Management Principles

Information Security Risk Management Practices

Information Security

Risk Assessment

Define a Risk

Assessment Approach

Identify Risks

What Is the Value of an Asset?

What Is a Threat Source/Agent?

What Is a Threat?

What Is a Vulnerability?

Factors used in Risk Estimation

Output of Risk Evaluation Process

5: Risk Treatment

Agenda

Risk Treatment

Definitions

Definitions Risk

Treatment Continued

Definitions Risk

Treatment Continued

Definition of Controls

Examples of Types of Controls

Control Usage

Risk Treatment Options

Requirements:

Laptop required.