This article covers –
Understanding the domain in general
Exam-oriented concepts that you should focus on
As you can see, the article is divided into 16 parts.
Part 1 – Information Security Management Systems, (ISMS) – Their importance and key elements
Part 2 – The Classification of Information Assets, Various Fraud Risk Factors, Information Security Control Design
Part 3 – System Access Permission (MACs), Mandatory Access Controls, Discretionary Access Controls DACs and other Access controls.
Part 4 – Privacy and Confidentiality: Privacy principles and the role and responsibilities of IS auditors, and the privacy-related compliance requirements
Part 5 – Information Security Management: Critical Success Factors (CSFs), the various mechanisms for increasing information security awareness, and the various Human Resources security.
Part 6 – Computer crime issues and exposures. The perpetrators of computer crimes. Common attack methods and techniques.
Part 7 – The different phases of incident response, the Logical Access Exposures, Identification and Authentication (I&A).
Part 8 – Common I&A vulnerabilities, categorization and authentication techniques.
Part 9 – Biometric Access Controls, Operation of each biometric control, the various biometric techniques/ devices.
Part 10 – Quantitative measures to determine performance of biometric control device, Single sign-on – its advantages and limitations, Firewall security system.
Part 11 – The main features of firewalls, types of firewalls, and the Packet filter firewall. Its advantages and disadvantages.
Part 12 – Application firewalls – their advantages and disadvantages. A Stateful inspection firewall – its advantages, disadvantages, and the various firewall implementations that are most commonly used.
Part 13 – Intrusion detection systems (IDS), its types, components and features
Part 14 – The limitations and uses of Intrusion Prevention Systems, Honeypots, and other types of Intrusion Detection Systems
Part 15 – Honeynets and Cryptography, Encryption and Decryption
Part 16 – Digital signature and the various environmental issues that are exposeds in Information Security, the controls to protect against environmental exposures, and the controls to prevent physical access from happening,
PART 1 – CISA Domain 5, Protection of Information Assets
Understanding the domain in general
What is Information Security Management Systems?
What is the significance of Information Security Management Systems?
What are the key elements in Information security management?
Understanding the domain in general
Weightage – This domain accounts for 25 percent of the CISA exam (approximately 39 questions).
This Knowledge Statement covers 26 topics related to the auditing of information systems
Knowledge of the generally accepted practices and applicable regulations (e.g. laws, regulations) in relation to the protection of information assets
Understanding privacy principles
Understanding the techniques used to design, implement, monitor, monitor, and report security controls
Knowledge of environmental and physical controls and supporting practices for the protection of information assets
Knowing the physical access controls to allow for identification, authentication, and restriction of users to authorized facilities or hardware
Knowledge of logical access controls to identify, authenticate, and restrict users to authorized functions or data
Knowledge of security controls for hardware, system software (e.g. applications, operating systems, and database management systems).
Controls and knowledge of the risks associated with virtualization
Mobile phone use is associated with risks and controls
Comments are closed