1. 2016 CISA® Review Course
Hafiz Sheikh Adnan Ahmed – CISA, COBIT 5, ISO 27001 LA
[PECB Certified Trainer]
2. Quick Reference Review
• Importance of Information Security Management
• Inventory and Classification of Information Assets
• Physical/Environmental Exposures and Controls
• Logical Access
• Auditing Information Security Management Framework
17. 5.2.9 Human Resources Security andThird Parties
• Screening
• Terms and Conditions of
Employment
• During Employment
• Removal of Access Rights
18. 5.2.10 Computer Crime Issues & Exposures
Threats to business
• Financial Loss
• Legal Repercussions
• Loss of Credibility
• Blackmail
• Disclosure of Confidential, Sensitive or
Embarrassing information
Possible Perpetrators
• Hackers
• Script Kiddies
• Employees (Current, Former)
• IS Personnel
• End Users
• Third Parties
23. 5.3 Logical Access
• Primary means used to manage and protect information assets
• IS auditors to analyze and evaluate the effectiveness of a logical access control in
accomplishing IS objectives and avoiding losses resulting from exposures
40. 5.4.7Voice-Over IP (VOIP)
• VOIP Security Issues
• A computer system disruption terminates the telephone
• A backup communication facility should be planned
• IP telephones and their supporting equipment require the care and maintenance
as computer systems do
43. 5.5.1 Auditing Information Security Management
Framework
• Review written Policies, Procedures and Standards
• Logical Access Security Policies
• Formal Security Awareness and Training
• Data Ownership and Custodians
• Data Users and new Users
44. 5.5.2 Auditing Logical Access
• Interviewing Systems Personnel
• Review reports from Access Control Software
• Review Application Systems Operations Manual
45. 5.5.3Techniques forTesting Security
• Terminal Cards and Keys
• Logon IDs and Passwords
• Logging and Reporting of Computer Access Violations
• Review Access Controls and Password Administration
46. 5.5.4 InvestigationTechniques
Investigation of Computer Crime
• Laws exist but not reported due to negative publicity
• Proper procedures to be used in case of aftermath
• The environment and evidence must be left unaltered
• Specialist law enforcement and evidence must be left unaltered
Computer Forensics
• Process of identifying, preserving, analyzing, presenting digital evidence in a
manner that is legally acceptable in any legal proceedings
• Any electronic data or document can be used as digital evidence
47.
48.
49.
50. 5.6 Auditing Network Infrastructure Security
IS auditor should:
• Review network diagrams that identify the organization’s internetworking
infrastructure
• Identify the network design implemented, including the IP strategy used
• Determine the applicable security policies, procedures, standards
• Identify the roles and responsibilities for implementation of network infrastructure
• Review SLAs to ensure that they include provisions for security
51. 5.6.1 Auditing Remote Access
IS Auditors should:
• Review access points for appropriate controls, such as VPN, firewalls, IDSs
64. 5.9 Mobile Computing
Controls to reduce the risk of disclosure of sensitive data stored on laptop/mobile devices:
• Back up business critical or sensitive data on a regular basis
• Use a cable locking system or a locking system with a motion detector that sounds an audible alarm
• Encrypt data
• Allocate passwords to individual files
• Establish a theft response team and develop procedures to follow when a laptop is stolen
• Using two-factor authentication. This can be achieved using biometric readers
65. Self-Assessment Questions
1. An IS auditor has just completed a review of an organization that has
mainframe computer and two database servers where all production data
reside. Which of the following weaknesses would be considered MOST
serious?
a) The security officer also serves as the DBA
b) Password controls are not administered over the two database servers
c) There’s no business continuity plan for the mainframe system’s noncritical applications
d) Most LANs do not back up file-server-fixed disks regularly
66. Self-Assessment Questions
2. An organization is proposing to install a single sign-on facility giving
access to all systems. The organization should be aware that:
a) Maximum unauthorized access would be possible if a password is disclosed
b) User access rights would be restricted by the additional security parameters
c) The security administrator’s workload would increase
d) User access rights would be increased
67. Self-Assessment Questions
3. A B-to-C e-commerce web site as part of its information security program
wants to monitor, detect and prevent hacking activities and alert the system
administrator when suspicious activities occur. Which of the following
infrastructure components could be used for this purpose?
a) Intrusion Detection Systems (IDS)
b) Firewalls
c) Routers
d) Asymmetric encryption
68. Self-Assessment Questions
4. Which of the following is the MOST effective antivirus control?
a) Scanning email attachments on the mail server
b) Restoring systems from clean copies
c) Disabling universal serial bus (USB) ports
d) An online antivirus scan with up-to-date virus definitions
69. Answers
1. b) Password controls are not administered over the two database
servers
2. a) Maximum unauthorized access would be possible if a password is
disclosed
3. a) Intrusion Detection Systems (IDS)
4. d) An online antivirus scan with up-to-date virus definitions