CISA DOMAIN 5: PROTECTION OF INFORMATION ASSETS

Trainers
Lucy Mawutor Dzoagbe |
Yao Agbley |
Kobina Nkum Akwa |

Domain 5 focuses the key components that ensure confidentiality, integrity and availability (CIA) of information assets. The design, implementation and monitoring of logical and physical access controls are explained. Network infrastructure security, environmental controls, and processes and procedures used to classify, enter, store, retrieve, transport and dispose of confidential information assets are covered. The methods and procedures followed by organizations are described, focusing on the auditor’s role in evaluating these procedures for suitability and effectiveness.

Course Information

Objectives

Upon completion of this domain an IS auditor should be able to:

• Conduct audit in accordance with IS audit standards and a risk-based IS audit strategy.

• Evaluate problem and incident management policies and practices.

• Evaluate the organization's information security and privacy policies and practices.

• Evaluate physical and environmental controls to determine whether information assets are adequately safeguarded.

• Evaluate logical security controls to verify the confidentiality, integrity, and availability of information.

• Evaluate data classification practices for alignment with the organization’s policies and applicable external requirements.

• Evaluate policies and practices related to asset lifecycle management.

• Evaluate the information security program to determine its effectiveness and alignment with the organization’s strategies and objectives.

• Perform technical security testing to identify potential threats and vulnerabilities.

• Evaluate potential opportunities and threats associated with emerging technologies, regulations, and industry practices.

Topics

Information Asset Security and Control

• Introduction

• Information Asset Security Frameworks, Standards, and Guidelines

• Privacy Principles

• Physical Access and Environmental Controls

• Identity and Access Management

• Network and End-point Security

• Data Classification

• Data Encryption and Encryption-related Techniques

• Public Key Infrastructure (PKI)

• Web-based Communication Technologies

• Virtualized Environments

• Mobile, Wireless, and Internet-of-Things (IOT) Devices

Security Event Management

• Security Awareness Training and Programs

• Information System Attack Methods and Techniques

• Security Testing Tools and Techniques

• Security Monitoring Tools and Techniques

• Incident Response Management

• Evidence Collection and Forensics

Click on the link below to access the training materials:

Course Content

Methodolody

Collaborative, enriching virtual sessions, led by world class instructors which will include the following:

Quizes
Assesments
Forums
Chats

Duration:

15 hour for 3 days

Delivery Days:

Weekends

Resources

Coach:

Mr Kobina Nkum Akwa (ISACA Accredited Trainer - FCCA/CISA/CISM/CGEIT/CRISC)

Technical Help Desk:

Name:Nii Aboni Tackie

Email: niiat@aiti-kace.com.gh

Course Managers:

Name: Gabriel Dwumah

Email: gabrieldw@aiti-kace.com.gh

Name: Lucy Mawutor Dzoagbe

Email: lucydz@aiti-kace.com.gh