Learn your way! Get started

Certified Information Systems Auditor CISA, Part 5: Protecting Assets

with expert Kenneth Mayer


Watch trailer


Course at a glance

Included in these subscriptions:

  • Dev & IT Pro Video
  • Dev & IT Pro Power Pack

Release date 3/1/2018
Level Intermediate
Runtime 2h 26m
Closed captioning N/A
Transcript N/A
eBooks / courseware N/A
Hands-on labs N/A
Sample code N/A
Exams Included


Enterprise Solutions

Need reporting, custom learning tracks, or SCORM? Learn More



Course description

The objective of this course is to ensure enterprise security policies, standards procedures and controls will ensure confidentiality, integrity and availability of information assets. This course will cover standards and procedures, evaluate design and monitoring of systems, data classification, physical access, environmental controls and safeguards as well as retrieval and disposal of information assets. This course is part of a series covering the ISACA Certified Information Systems Auditor (CISA).

Prerequisites

This is part 5 of the series.

Learning Paths

This course will help you prepare for the following certification and exam:
Certified Information Systems Auditor

Meet the expert

Kenneth Mayer As a certified Microsoft Instructor, Ken has focused his career on various security aspects of computer and network technology since the early 1980s. He has offered a wide variety of IT training and high level consulting projects for Fortune 500 companies globally. Through the course of his extensive career, he has taught a full line of Microsoft, CompTIA, Cisco, and other high level IT Security curricula.


Course outline



Information Security

Importance of Information Security (42:43)
  • Introduction (01:37)
  • The Myth of Perfect Security (01:22)
  • Inventory and Classification of Information Assets (00:53)
  • Controls (10:10)
  • Privacy Management Issues (01:19)
  • Critical Success Factors to Info Sec Management (00:54)
  • Info Sec and External Parties (01:16)
  • Risks Related to External Parties (01:08)
  • Customers and Security (02:55)
  • Addressing Security and Third-Party Agreements (01:24)
  • Human Resources Security (01:37)
  • Human Resources Security Continued (01:25)
  • Computer Crime Issues and Exposures (02:45)
  • Computer Crime Issues and Exposures Continued (02:26)
  • Types of Computer Crimes (05:20)
  • Web-Based Technologies (02:20)
  • Security Incident Handling and Response (03:37)
  • Summary (00:08)
Logical Access (37:39)
  • Introduction (00:26)
  • Logical Access Controls (01:03)
  • Logical Access and Points of Entry (01:20)
  • Logical Access Control Software (00:40)
  • Identification and Authentication (01:51)
  • Multifactor Authentication (01:08)
  • Features of Passwords (02:20)
  • Identification and Authentication Best Practices (03:09)
  • Token Devices and One-Time Passwords (01:35)
  • Effective Biometric Security (02:47)
  • Single Sign-On (02:41)
  • Authorization Issues (00:38)
  • Access Lists (04:34)
  • Common Connectivity Methods (02:54)
  • Remote Wireless Connections (01:53)
  • Access Issues with Mobile Technology (02:13)
  • Access Rights to System Logs (01:59)
  • Use of Intrusion Detection (01:31)
  • Dealing with Confidential Information (02:41)
  • Summary (00:08)

Security Auditing

Network Infrastructure Security (39:55)
  • Introduction (00:45)
  • LAN Security (01:20)
  • LAN Virtualization (03:45)
  • Client/Server Security (00:52)
  • Wireless Security Threats and Risk Mitigation (01:29)
  • Internet Vulnerabilities (02:06)
  • Network Security Threats (03:13)
  • Controls to Investigate (03:00)
  • Firewall Security Systems (03:51)
  • Common Attacks Against Firewalls (01:46)
  • Examples of Firewall Implementation (01:56)
  • Intrusion Detection (02:08)
  • Describing IDS and IPS Deployment (02:38)
  • Encryption (00:48)
  • Symmetric and Asymmetric Encryption (02:29)
  • Uses of Encryption (01:39)
  • Viruses (01:48)
  • Technical Controls Against Viruses (00:20)
  • Anti-Virus Software (01:24)
  • Voice Over IP (01:17)
  • Private Branch Exchange (01:04)
  • Summary (00:08)
Auditing Info Sec Management Framework (03:36)
  • Introduction (00:21)
  • Auditing Info Sec Management Framework (00:43)
  • Auditing Logical Access (00:45)
  • Techniques for Testing Security (01:38)
  • Summary (00:08)
Auditing Network Infrastructure Security (13:53)
  • Introduction (01:13)
  • Auditing Remote Access (01:29)
  • Network Penetration Test (02:56)
  • Types of Penetration Tests (01:52)
  • Full Network Assessment Reviews (00:41)
  • Authorized Network Configuration Changes (00:39)
  • Unauthorized Changes (01:00)
  • Computer Forensics (01:33)
  • Chain of Evidence (02:18)
  • Summary (00:08)
Environmental Exposure and Physical Access (09:01)
  • Introduction (00:19)
  • Environmental Exposures and Controls (02:30)
  • Physical Access Exposures (01:01)
  • Physical Access Controls (02:04)
  • Auditing Physical Access (01:28)
  • Mobile Computing (01:29)
  • Summary (00:08)