Protection of Information Assets (ISACA)
This domain — Information Asset Security and Control — together with its companion domain, Security Event Management, accounts for 26% of the CISA examination, the single largest weightin...
Auditing the protection of information assets is grounded in understanding the principles of security and privacy: information asset security frameworks/standards/guidelines, privacy principles, and data classification. The purpose of data classification is to ensure that all data or information receives an appropriate level of protection.
Every standard has value because it provides a structure that a security program can be modeled on, and that auditors can review against. Auditing standards are also cross-recognized: a review performed against ISO 27001, for example, is generally accepted worldwide. However, every standard must be tailored to the organization — a military organization, a government agency, a not-for-profit, and a commercial enterprise are all different, so the standard must be implemented in a way suitable to that specific organizational context. The auditor's job is not to check whether the organization did things identically to every other organization, but whether the standard was implemented appropriately for that organization — and whether it is actually enforced (e.g., configurations are checked against minimum security baselines), not merely documented.
...
Sign in to read this course
A free account unlocks all 514 courses. 20 are readable without one.
What's inside
5 sections- 1 Table of Contents
- 2 Module 1: Security and Privacy Principles
- 3 Module 2: Auditing Security Implementations
- 4 Module 3: Securing Information Technologies
- 5 Summary
More Governance, Risk & Compliance courses
View all 12Governance, Security and GRC
governance · security · grc · risk · compliance · networking · systems · information · controls · impact · processes · program · regulatory.
Government Facilities: Specialized Engineering
government · facilities · specialized · engineering · governance · risk · compliance · networking · systems · security · controls · physical · assessing · dod · environmental · facility ·...
Information & Cyber Security: GRC and Risk Management
This course walked through a complete, practical approach to performing information and cybersecurity risk assessments across a business lifecycle, using a running cloud-migration case st...
Information Systems Operations and Business Resilience (ISACA CISA)
This domain — information systems operations and business resilience — is worth 26% of the CISA examination when combined with its companion operations-focused course. The business-resili...
Microsoft Security, Compliance and Identity Fundamentals
In IT, compliance is a set of digital security requirements and practices. Following compliance requirements helps ensure that a company's business processes are secure and that sensitive...
NIST Risk Management Framework (RMF)
The RMF is a process model consisting of seven clearly defined steps, each with specific associated activities. While it is often described sequentially, it is in fact an iterative model:...
Interested in this course?
Contact us to book it or get a custom training plan for your team.