SlideShare a Scribd company logo

Cisa 2013 ch0

Aladdin Dandis
Aladdin Dandis

This document provides information about the Certified Information Systems Auditor (CISA) certification. It discusses what CISA is, the benefits of becoming CISA certified, and how to achieve the certification. The CISA certification focuses on controls for managing risks to business information systems. It covers five domains: auditing information systems, governance and management of IT, systems development and implementation, systems operations and support, and protection of information assets. The document outlines the study materials and examination process required to become CISA certified.

Technology
1 of 20
Download to read offline
Amman 1
2
Copyright@2013 Al-Taysir for Information Systems Security Consulting LLC  What is CISA?  Why to be CISA?  How to be CISA?  CISA Principles  CISA Modules  Course Guidelines 3
Copyright@2013 Al-Taysir for Information Systems Security Consulting LLC  Certified Information Systems Auditor  Audience: IT people, InfoSec people, managers, lawyers, Internal Auditors, Investigators, Business Owners… 4
Copyright@2013 Al-Taysir for Information Systems Security Consulting LLC  Deep understanding for IT-Security-Business relationship  Help enhancing for your business  Be a reference in your business 5
Copyright@2013 Al-Taysir for Information Systems Security Consulting LLC  Study materials  Review practice questions  Incorporate your knowledge and experience  Apply your knowledge and experience for judgment 6
Copyright@2013 Al-Taysir for Information Systems Security Consulting LLC 7
Copyright@2013 Al-Taysir for Information Systems Security Consulting LLC  The ultimate goal is alignment and supporting strategic business objectives  Any thing is a matter of Change.  Any change has a risk  Each risk should be evaluated  Each risk should be managed by set of controls  Each control should have an objective, owner, documentation, approval, and a method to monitor  CISA is concerned with controls 8
Copyright@2013 Al-Taysir for Information Systems Security Consulting LLC  CISA can be the role of adviser, auditor, tester or investigator  CISA CANNOT be in the role of implementer, administrator, decision maker, helpdesk, operator, programmer , or manager 9
Copyright@2013 Al-Taysir for Information Systems Security Consulting LLC  The Process of Auditing Information Systems (14%)  Governance and Management of IT (14%)  Information Systems Acquisition, Development and Implementation (19%)  Information Systems Operations, Maintenance and Support (23%)  Protection of Information Assets (30%) 10
Copyright@2013 Al-Taysir for Information Systems Security Consulting LLC  Audit Basics  ISACA IS Auditing Standards Framework  Audit Controls  Performing IS Audit  The Evolving IS Audit Process 11
Copyright@2013 Al-Taysir for Information Systems Security Consulting LLC  IT Governance  Information Security Governance  Enterprise Architecture and IT Management  Business Continuity Planning 12
Copyright@2013 Al-Taysir for Information Systems Security Consulting LLC  Project Management  Application Development  Business Information Systems  Alternatives for Project Organization  Infrastructure Development/Acquisition Practices  Process Improvement  Application Controls  Auditing Systems Development, Acquisition and Maintenance 13
Copyright@2013 Al-Taysir for Information Systems Security Consulting LLC  Information Systems Operations  Computer Hardware Components and Architectures  Telecommunications  Disaster Recovery  Auditing IS Infrastructure and Operations 14
Copyright@2013 Al-Taysir for Information Systems Security Consulting LLC  Information Security Management  Access Controls  Logical Access Controls  Physical and Environmental Security  Auditing of Protection of Information Assets 15
Copyright@2013 Al-Taysir for Information Systems Security Consulting LLC  Main Module Slides:  Agenda  Introduction  Set of Subjects  Summary  Complementary Module Slides:  Case Studies  Practice Questions 16
Copyright@2013 Al-Taysir for Information Systems Security Consulting LLC  I am instructor, NOT consultant  Generic answers for generic questions  Technology unbiased  Read materials, prepare yourself at night for what you will take tomorrow  Without practice, your are not CISA  Solve questions, and review explanations  You will be tested locally as to practice, not to be certified 17
Copyright@2013 Al-Taysir for Information Systems Security Consulting LLC  Make sure that you understand materials before attending the certification exam  Ask at the end of each section, or when the instructor motivate you to ask!  I will teach you how to be CISA, I will help you become CISA, but WITHOUT warranty you will be CISA!  You will take the exam. Success is your effort and expertise 18
Copyright@2013 Al-Taysir for Information Systems Security Consulting LLC Me  Prepare course materials  Prepare course practice questions, quizzes, case studies and workshops  Train you what CISA is, and how to become CISA  Answer questions You  Study course materials  Solve questions, quizzes, case studies and participate in discussions  Take the exam  Ask questions 19
Q & A 20

Recommended

Cisa 2013 ch2
Cisa 2013 ch2Cisa 2013 ch2
Cisa 2013 ch2
Aladdin Dandis
 
Cisa 2013 ch3
Cisa 2013 ch3Cisa 2013 ch3
Cisa 2013 ch3
Aladdin Dandis
 
Cisa 2013 ch4
Cisa 2013 ch4Cisa 2013 ch4
Cisa 2013 ch4
Aladdin Dandis
 
Cisa 2013 ch5
Cisa 2013 ch5Cisa 2013 ch5
Cisa 2013 ch5
Aladdin Dandis
 
Ch3 cism 2014
Ch3 cism 2014Ch3 cism 2014
Ch3 cism 2014
Aladdin Dandis
 
Ch2 cism 2014
Ch2 cism 2014Ch2 cism 2014
Ch2 cism 2014
Aladdin Dandis
 
Information Security Benchmarking 2015
Information Security Benchmarking 2015Information Security Benchmarking 2015
Information Security Benchmarking 2015
Capgemini
 
Business case for information security program
Business case for information security programBusiness case for information security program
Business case for information security programWilliam Godwin
 

Recommended

Cisa 2013 ch2
Cisa 2013 ch2Cisa 2013 ch2
Cisa 2013 ch2
Aladdin Dandis
 
Cisa 2013 ch3
Cisa 2013 ch3Cisa 2013 ch3
Cisa 2013 ch3
Aladdin Dandis
 
Cisa 2013 ch4
Cisa 2013 ch4Cisa 2013 ch4
Cisa 2013 ch4
Aladdin Dandis
 
Cisa 2013 ch5
Cisa 2013 ch5Cisa 2013 ch5
Cisa 2013 ch5
Aladdin Dandis
 
Ch3 cism 2014
Ch3 cism 2014Ch3 cism 2014
Ch3 cism 2014
Aladdin Dandis
 
Ch2 cism 2014
Ch2 cism 2014Ch2 cism 2014
Ch2 cism 2014
Aladdin Dandis
 
Information Security Benchmarking 2015
Information Security Benchmarking 2015Information Security Benchmarking 2015
Information Security Benchmarking 2015
Capgemini
 
Business case for information security program
Business case for information security programBusiness case for information security program
Business case for information security programWilliam Godwin
 
Chapter 3: Information Security Framework
Chapter 3: Information Security FrameworkChapter 3: Information Security Framework
Chapter 3: Information Security Framework
Nada G.Youssef
 
Ch4 cism 2014
Ch4 cism 2014Ch4 cism 2014
Ch4 cism 2014
Aladdin Dandis
 
Fraudulent Methods for Attacking Bank Networks and Prevention 2014
Fraudulent Methods for Attacking Bank Networks and Prevention 2014Fraudulent Methods for Attacking Bank Networks and Prevention 2014
Fraudulent Methods for Attacking Bank Networks and Prevention 2014
Aladdin Dandis
 
Simplifying the data privacy governance quagmire building automated privacy ...
Simplifying the data privacy governance quagmire building automated privacy ...Simplifying the data privacy governance quagmire building automated privacy ...
Simplifying the data privacy governance quagmire building automated privacy ...
Avinash Ramineni
 
Fadi Mutlak - Information security governance
Fadi Mutlak - Information security governanceFadi Mutlak - Information security governance
Fadi Mutlak - Information security governancenooralmousa
 
Data Loss Prevention (DLP) - Fundamental Concept - Eryk
Data Loss Prevention (DLP) - Fundamental Concept - ErykData Loss Prevention (DLP) - Fundamental Concept - Eryk
Data Loss Prevention (DLP) - Fundamental Concept - Eryk
Eryk Budi Pratama
 
Cyber Security Organizational Operating Model and Governance
Cyber Security Organizational Operating Model and GovernanceCyber Security Organizational Operating Model and Governance
Cyber Security Organizational Operating Model and Governance
Srinidhi Aithal
 
The Art of Cloud Auditing - ISACA ID
The Art of Cloud Auditing - ISACA IDThe Art of Cloud Auditing - ISACA ID
The Art of Cloud Auditing - ISACA ID
Eryk Budi Pratama
 
Cybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesCybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for Executives
Krist Davood - Principal - CIO
 
Domain 1 - Security and Risk Management
Domain 1 - Security and Risk ManagementDomain 1 - Security and Risk Management
Domain 1 - Security and Risk Management
Maganathin Veeraragaloo
 
Information Security Management
Information Security ManagementInformation Security Management
Information Security Management
EC-Council
 
PCI DSS Compliance and Security: Harmony or Discord?
PCI DSS Compliance and Security: Harmony or Discord?PCI DSS Compliance and Security: Harmony or Discord?
PCI DSS Compliance and Security: Harmony or Discord?
Lumension
 
Security services mind map
Security services mind mapSecurity services mind map
Security services mind mapDavid Kennedy
 
Information security governance
Information security governanceInformation security governance
Information security governance
Koen Maris
 
Security Risk Management: ovvero come mitigare e gestire i rischi dei dati at...
Security Risk Management: ovvero come mitigare e gestire i rischi dei dati at...Security Risk Management: ovvero come mitigare e gestire i rischi dei dati at...
Security Risk Management: ovvero come mitigare e gestire i rischi dei dati at...
festival ICT 2016
 
A guide to Sustainable Cyber Security
A guide to Sustainable Cyber SecurityA guide to Sustainable Cyber Security
A guide to Sustainable Cyber Security
Ernest Staats
 
Information classification
Information classificationInformation classification
Information classification
Jyothsna Sridhar
 
Cybersecurity solution-guide
Cybersecurity solution-guideCybersecurity solution-guide
Cybersecurity solution-guide
AdilsonSuende
 
Roadmap to IT Security Best Practices
Roadmap to IT Security Best PracticesRoadmap to IT Security Best Practices
Roadmap to IT Security Best Practices
Greenway Health
 
What it Takes to be a CISO in 2017
What it Takes to be a CISO in 2017What it Takes to be a CISO in 2017
What it Takes to be a CISO in 2017
Doug Copley
 
4 Security Guidelines for SharePoint Governance
4 Security Guidelines for SharePoint Governance4 Security Guidelines for SharePoint Governance
4 Security Guidelines for SharePoint GovernanceImperva
 
What is Information Governance
What is Information GovernanceWhat is Information Governance
What is Information Governance
Atle Skjekkeland
 

More Related Content

What's hot

Chapter 3: Information Security Framework
Chapter 3: Information Security FrameworkChapter 3: Information Security Framework
Chapter 3: Information Security Framework
Nada G.Youssef
 
Ch4 cism 2014
Ch4 cism 2014Ch4 cism 2014
Ch4 cism 2014
Aladdin Dandis
 
Fraudulent Methods for Attacking Bank Networks and Prevention 2014
Fraudulent Methods for Attacking Bank Networks and Prevention 2014Fraudulent Methods for Attacking Bank Networks and Prevention 2014
Fraudulent Methods for Attacking Bank Networks and Prevention 2014
Aladdin Dandis
 
Simplifying the data privacy governance quagmire building automated privacy ...
Simplifying the data privacy governance quagmire building automated privacy ...Simplifying the data privacy governance quagmire building automated privacy ...
Simplifying the data privacy governance quagmire building automated privacy ...
Avinash Ramineni
 
Fadi Mutlak - Information security governance
Fadi Mutlak - Information security governanceFadi Mutlak - Information security governance
Fadi Mutlak - Information security governancenooralmousa
 
Data Loss Prevention (DLP) - Fundamental Concept - Eryk
Data Loss Prevention (DLP) - Fundamental Concept - ErykData Loss Prevention (DLP) - Fundamental Concept - Eryk
Data Loss Prevention (DLP) - Fundamental Concept - Eryk
Eryk Budi Pratama
 
Cyber Security Organizational Operating Model and Governance
Cyber Security Organizational Operating Model and GovernanceCyber Security Organizational Operating Model and Governance
Cyber Security Organizational Operating Model and Governance
Srinidhi Aithal
 
The Art of Cloud Auditing - ISACA ID
The Art of Cloud Auditing - ISACA IDThe Art of Cloud Auditing - ISACA ID
The Art of Cloud Auditing - ISACA ID
Eryk Budi Pratama
 
Cybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesCybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for Executives
Krist Davood - Principal - CIO
 
Domain 1 - Security and Risk Management
Domain 1 - Security and Risk ManagementDomain 1 - Security and Risk Management
Domain 1 - Security and Risk Management
Maganathin Veeraragaloo
 
Information Security Management
Information Security ManagementInformation Security Management
Information Security Management
EC-Council
 
PCI DSS Compliance and Security: Harmony or Discord?
PCI DSS Compliance and Security: Harmony or Discord?PCI DSS Compliance and Security: Harmony or Discord?
PCI DSS Compliance and Security: Harmony or Discord?
Lumension
 
Security services mind map
Security services mind mapSecurity services mind map
Security services mind mapDavid Kennedy
 
Information security governance
Information security governanceInformation security governance
Information security governance
Koen Maris
 
Security Risk Management: ovvero come mitigare e gestire i rischi dei dati at...
Security Risk Management: ovvero come mitigare e gestire i rischi dei dati at...Security Risk Management: ovvero come mitigare e gestire i rischi dei dati at...
Security Risk Management: ovvero come mitigare e gestire i rischi dei dati at...
festival ICT 2016
 
A guide to Sustainable Cyber Security
A guide to Sustainable Cyber SecurityA guide to Sustainable Cyber Security
A guide to Sustainable Cyber Security
Ernest Staats
 
Information classification
Information classificationInformation classification
Information classification
Jyothsna Sridhar
 
Cybersecurity solution-guide
Cybersecurity solution-guideCybersecurity solution-guide
Cybersecurity solution-guide
AdilsonSuende
 
Roadmap to IT Security Best Practices
Roadmap to IT Security Best PracticesRoadmap to IT Security Best Practices
Roadmap to IT Security Best Practices
Greenway Health
 
What it Takes to be a CISO in 2017
What it Takes to be a CISO in 2017What it Takes to be a CISO in 2017
What it Takes to be a CISO in 2017
Doug Copley
 

What's hot (20)

Chapter 3: Information Security Framework
Chapter 3: Information Security FrameworkChapter 3: Information Security Framework
Chapter 3: Information Security Framework
 
Ch4 cism 2014
Ch4 cism 2014Ch4 cism 2014
Ch4 cism 2014
 
Fraudulent Methods for Attacking Bank Networks and Prevention 2014
Fraudulent Methods for Attacking Bank Networks and Prevention 2014Fraudulent Methods for Attacking Bank Networks and Prevention 2014
Fraudulent Methods for Attacking Bank Networks and Prevention 2014
 
Simplifying the data privacy governance quagmire building automated privacy ...
Simplifying the data privacy governance quagmire building automated privacy ...Simplifying the data privacy governance quagmire building automated privacy ...
Simplifying the data privacy governance quagmire building automated privacy ...
 
Fadi Mutlak - Information security governance
Fadi Mutlak - Information security governanceFadi Mutlak - Information security governance
Fadi Mutlak - Information security governance
 
Data Loss Prevention (DLP) - Fundamental Concept - Eryk
Data Loss Prevention (DLP) - Fundamental Concept - ErykData Loss Prevention (DLP) - Fundamental Concept - Eryk
Data Loss Prevention (DLP) - Fundamental Concept - Eryk
 
Cyber Security Organizational Operating Model and Governance
Cyber Security Organizational Operating Model and GovernanceCyber Security Organizational Operating Model and Governance
Cyber Security Organizational Operating Model and Governance
 
The Art of Cloud Auditing - ISACA ID
The Art of Cloud Auditing - ISACA IDThe Art of Cloud Auditing - ISACA ID
The Art of Cloud Auditing - ISACA ID
 
Cybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesCybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for Executives
 
Domain 1 - Security and Risk Management
Domain 1 - Security and Risk ManagementDomain 1 - Security and Risk Management
Domain 1 - Security and Risk Management
 
Information Security Management
Information Security ManagementInformation Security Management
Information Security Management
 
PCI DSS Compliance and Security: Harmony or Discord?
PCI DSS Compliance and Security: Harmony or Discord?PCI DSS Compliance and Security: Harmony or Discord?
PCI DSS Compliance and Security: Harmony or Discord?
 
Security services mind map
Security services mind mapSecurity services mind map
Security services mind map
 
Information security governance
Information security governanceInformation security governance
Information security governance
 
Security Risk Management: ovvero come mitigare e gestire i rischi dei dati at...
Security Risk Management: ovvero come mitigare e gestire i rischi dei dati at...Security Risk Management: ovvero come mitigare e gestire i rischi dei dati at...
Security Risk Management: ovvero come mitigare e gestire i rischi dei dati at...
 
A guide to Sustainable Cyber Security
A guide to Sustainable Cyber SecurityA guide to Sustainable Cyber Security
A guide to Sustainable Cyber Security
 
Information classification
Information classificationInformation classification
Information classification
 
Cybersecurity solution-guide
Cybersecurity solution-guideCybersecurity solution-guide
Cybersecurity solution-guide
 
Roadmap to IT Security Best Practices
Roadmap to IT Security Best PracticesRoadmap to IT Security Best Practices
Roadmap to IT Security Best Practices
 
What it Takes to be a CISO in 2017
What it Takes to be a CISO in 2017What it Takes to be a CISO in 2017
What it Takes to be a CISO in 2017
 

Similar to Cisa 2013 ch0

4 Security Guidelines for SharePoint Governance
4 Security Guidelines for SharePoint Governance4 Security Guidelines for SharePoint Governance
4 Security Guidelines for SharePoint GovernanceImperva
 
What is Information Governance
What is Information GovernanceWhat is Information Governance
What is Information Governance
Atle Skjekkeland
 
How to determine a proper scope selection based on ISO 27001?
How to determine a proper scope selection based on ISO 27001?How to determine a proper scope selection based on ISO 27001?
How to determine a proper scope selection based on ISO 27001?
PECB
 
Ciso round table on effective implementation of dlp & data security
Ciso round table on effective implementation of dlp & data securityCiso round table on effective implementation of dlp & data security
Ciso round table on effective implementation of dlp & data securityPriyanka Aash
 
Top_10_Interview_Questions_That_You_Should_Know_as_an_Information.pptx
Top_10_Interview_Questions_That_You_Should_Know_as_an_Information.pptxTop_10_Interview_Questions_That_You_Should_Know_as_an_Information.pptx
Top_10_Interview_Questions_That_You_Should_Know_as_an_Information.pptx
infosec train
 
Information Security Program & PCI Compliance Planning for your Business
Information Security Program & PCI Compliance Planning for your BusinessInformation Security Program & PCI Compliance Planning for your Business
Information Security Program & PCI Compliance Planning for your Business
Laura Perry
 
Whos role is it anyway
Whos role is it anywayWhos role is it anyway
Whos role is it anyway
IRIS
 
Security Testing for Test Professionals
Security Testing for Test ProfessionalsSecurity Testing for Test Professionals
Security Testing for Test Professionals
TechWell
 
Basics in IT Audit and Application Control Testing
Basics in IT Audit and Application Control Testing Basics in IT Audit and Application Control Testing
Basics in IT Audit and Application Control Testing
Dinesh O Bareja
 
3 oraclex evento reg puglia_v2017-09-14-2
3 oraclex evento reg puglia_v2017-09-14-23 oraclex evento reg puglia_v2017-09-14-2
3 oraclex evento reg puglia_v2017-09-14-2
Redazione InnovaPuglia
 
What are the Job Prospects After Doing CISA.pptx
What are the Job Prospects After Doing CISA.pptxWhat are the Job Prospects After Doing CISA.pptx
What are the Job Prospects After Doing CISA.pptx
infosec train
 
I'm a Recruiter, Not a Data Scientist!
I'm a Recruiter, Not a Data Scientist!I'm a Recruiter, Not a Data Scientist!
I'm a Recruiter, Not a Data Scientist!
Collegis Education
 
The Maturing of an Industry: Information Governance (#InfoGov14 Keynote)
The Maturing of an Industry: Information Governance (#InfoGov14 Keynote)The Maturing of an Industry: Information Governance (#InfoGov14 Keynote)
The Maturing of an Industry: Information Governance (#InfoGov14 Keynote)
Nick Inglis
 
Nick Inglis - The Maturing Of An Industry: Information Governance (Opening Ke...
Nick Inglis - The Maturing Of An Industry: Information Governance (Opening Ke...Nick Inglis - The Maturing Of An Industry: Information Governance (Opening Ke...
Nick Inglis - The Maturing Of An Industry: Information Governance (Opening Ke...
ARMA International
 
Data Security Explained
Data Security ExplainedData Security Explained
Data Security Explained
Happiest Minds Technologies
 
Yhcg - IT security and risk management
Yhcg - IT security and risk managementYhcg - IT security and risk management
Yhcg - IT security and risk management
Wilfred Barretto
 
YHCG - IT Security and Risk Management
YHCG - IT Security and Risk ManagementYHCG - IT Security and Risk Management
YHCG - IT Security and Risk ManagementWilfred Barretto
 
Cracking the Code- Expert Tips for Mastering GRC CollabDays Bletchley Sept 23...
Cracking the Code- Expert Tips for Mastering GRC CollabDays Bletchley Sept 23...Cracking the Code- Expert Tips for Mastering GRC CollabDays Bletchley Sept 23...
Cracking the Code- Expert Tips for Mastering GRC CollabDays Bletchley Sept 23...
Nikki Chapple
 
Proactive information security michael
Proactive information security michael Proactive information security michael
Proactive information security michael
Priyanka Aash
 

Similar to Cisa 2013 ch0 (20)

4 Security Guidelines for SharePoint Governance
4 Security Guidelines for SharePoint Governance4 Security Guidelines for SharePoint Governance
4 Security Guidelines for SharePoint Governance
 
What is Information Governance
What is Information GovernanceWhat is Information Governance
What is Information Governance
 
How to determine a proper scope selection based on ISO 27001?
How to determine a proper scope selection based on ISO 27001?How to determine a proper scope selection based on ISO 27001?
How to determine a proper scope selection based on ISO 27001?
 
Ciso round table on effective implementation of dlp & data security
Ciso round table on effective implementation of dlp & data securityCiso round table on effective implementation of dlp & data security
Ciso round table on effective implementation of dlp & data security
 
Top_10_Interview_Questions_That_You_Should_Know_as_an_Information.pptx
Top_10_Interview_Questions_That_You_Should_Know_as_an_Information.pptxTop_10_Interview_Questions_That_You_Should_Know_as_an_Information.pptx
Top_10_Interview_Questions_That_You_Should_Know_as_an_Information.pptx
 
Information Security Program & PCI Compliance Planning for your Business
Information Security Program & PCI Compliance Planning for your BusinessInformation Security Program & PCI Compliance Planning for your Business
Information Security Program & PCI Compliance Planning for your Business
 
295256_Security_Problem_Whitepaper.Web
295256_Security_Problem_Whitepaper.Web295256_Security_Problem_Whitepaper.Web
295256_Security_Problem_Whitepaper.Web
 
Whos role is it anyway
Whos role is it anywayWhos role is it anyway
Whos role is it anyway
 
Security Testing for Test Professionals
Security Testing for Test ProfessionalsSecurity Testing for Test Professionals
Security Testing for Test Professionals
 
Basics in IT Audit and Application Control Testing
Basics in IT Audit and Application Control Testing Basics in IT Audit and Application Control Testing
Basics in IT Audit and Application Control Testing
 
3 oraclex evento reg puglia_v2017-09-14-2
3 oraclex evento reg puglia_v2017-09-14-23 oraclex evento reg puglia_v2017-09-14-2
3 oraclex evento reg puglia_v2017-09-14-2
 
What are the Job Prospects After Doing CISA.pptx
What are the Job Prospects After Doing CISA.pptxWhat are the Job Prospects After Doing CISA.pptx
What are the Job Prospects After Doing CISA.pptx
 
I'm a Recruiter, Not a Data Scientist!
I'm a Recruiter, Not a Data Scientist!I'm a Recruiter, Not a Data Scientist!
I'm a Recruiter, Not a Data Scientist!
 
The Maturing of an Industry: Information Governance (#InfoGov14 Keynote)
The Maturing of an Industry: Information Governance (#InfoGov14 Keynote)The Maturing of an Industry: Information Governance (#InfoGov14 Keynote)
The Maturing of an Industry: Information Governance (#InfoGov14 Keynote)
 
Nick Inglis - The Maturing Of An Industry: Information Governance (Opening Ke...
Nick Inglis - The Maturing Of An Industry: Information Governance (Opening Ke...Nick Inglis - The Maturing Of An Industry: Information Governance (Opening Ke...
Nick Inglis - The Maturing Of An Industry: Information Governance (Opening Ke...
 
Data Security Explained
Data Security ExplainedData Security Explained
Data Security Explained
 
Yhcg - IT security and risk management
Yhcg - IT security and risk managementYhcg - IT security and risk management
Yhcg - IT security and risk management
 
YHCG - IT Security and Risk Management
YHCG - IT Security and Risk ManagementYHCG - IT Security and Risk Management
YHCG - IT Security and Risk Management
 
Cracking the Code- Expert Tips for Mastering GRC CollabDays Bletchley Sept 23...
Cracking the Code- Expert Tips for Mastering GRC CollabDays Bletchley Sept 23...Cracking the Code- Expert Tips for Mastering GRC CollabDays Bletchley Sept 23...
Cracking the Code- Expert Tips for Mastering GRC CollabDays Bletchley Sept 23...
 
Proactive information security michael
Proactive information security michael Proactive information security michael
Proactive information security michael
 

More from Aladdin Dandis

The role of big data, artificial intelligence and machine learning in cyber i...
The role of big data, artificial intelligence and machine learning in cyber i...The role of big data, artificial intelligence and machine learning in cyber i...
The role of big data, artificial intelligence and machine learning in cyber i...
Aladdin Dandis
 
Guardians of the future what should we do to secure future cyberspace
Guardians of the future what should we do to secure future cyberspace Guardians of the future what should we do to secure future cyberspace
Guardians of the future what should we do to secure future cyberspace
Aladdin Dandis
 
How to secure your business on the cloud? practical approach from strategy to...
How to secure your business on the cloud? practical approach from strategy to...How to secure your business on the cloud? practical approach from strategy to...
How to secure your business on the cloud? practical approach from strategy to...
Aladdin Dandis
 
What is still missed for security real life facts
What is still missed for security real life factsWhat is still missed for security real life facts
What is still missed for security real life facts
Aladdin Dandis
 
A practical approach to secure your business on the cloud using aws from str...
A practical approach to secure your business on the cloud using aws from str...A practical approach to secure your business on the cloud using aws from str...
A practical approach to secure your business on the cloud using aws from str...
Aladdin Dandis
 
The importance of information systems security amid risks posed by accelerate...
The importance of information systems security amid risks posed by accelerate...The importance of information systems security amid risks posed by accelerate...
The importance of information systems security amid risks posed by accelerate...
Aladdin Dandis
 
Sice2011 cdam by aladdin dandis (final)
Sice2011 cdam by aladdin dandis (final)Sice2011 cdam by aladdin dandis (final)
Sice2011 cdam by aladdin dandis (final)
Aladdin Dandis
 
Pki (2nd e transactions forum) v 1.0
Pki (2nd e transactions forum) v 1.0Pki (2nd e transactions forum) v 1.0
Pki (2nd e transactions forum) v 1.0
Aladdin Dandis
 
Building trust attributes in e transactions (final) ver 3.0
Building trust attributes in e transactions (final) ver 3.0Building trust attributes in e transactions (final) ver 3.0
Building trust attributes in e transactions (final) ver 3.0
Aladdin Dandis
 
Module 2 information security risk management student slides ver 1.0
Module 2 information security risk management student slides ver 1.0Module 2 information security risk management student slides ver 1.0
Module 2 information security risk management student slides ver 1.0
Aladdin Dandis
 
Module 3 business continuity student slides ver 1.0
Module 3 business continuity student slides ver 1.0Module 3 business continuity student slides ver 1.0
Module 3 business continuity student slides ver 1.0
Aladdin Dandis
 
Module 1 bc and dr fundamentals student slides ver 1.0
Module 1 bc and dr fundamentals student slides ver 1.0Module 1 bc and dr fundamentals student slides ver 1.0
Module 1 bc and dr fundamentals student slides ver 1.0
Aladdin Dandis
 
Module 4 disaster recovery student slides ver 1.0
Module 4 disaster recovery student slides ver 1.0Module 4 disaster recovery student slides ver 1.0
Module 4 disaster recovery student slides ver 1.0
Aladdin Dandis
 
Assessing a cloud based approach to cyber security
Assessing a cloud based approach to cyber securityAssessing a cloud based approach to cyber security
Assessing a cloud based approach to cyber security
Aladdin Dandis
 

More from Aladdin Dandis (14)

The role of big data, artificial intelligence and machine learning in cyber i...
The role of big data, artificial intelligence and machine learning in cyber i...The role of big data, artificial intelligence and machine learning in cyber i...
The role of big data, artificial intelligence and machine learning in cyber i...
 
Guardians of the future what should we do to secure future cyberspace
Guardians of the future what should we do to secure future cyberspace Guardians of the future what should we do to secure future cyberspace
Guardians of the future what should we do to secure future cyberspace
 
How to secure your business on the cloud? practical approach from strategy to...
How to secure your business on the cloud? practical approach from strategy to...How to secure your business on the cloud? practical approach from strategy to...
How to secure your business on the cloud? practical approach from strategy to...
 
What is still missed for security real life facts
What is still missed for security real life factsWhat is still missed for security real life facts
What is still missed for security real life facts
 
A practical approach to secure your business on the cloud using aws from str...
A practical approach to secure your business on the cloud using aws from str...A practical approach to secure your business on the cloud using aws from str...
A practical approach to secure your business on the cloud using aws from str...
 
The importance of information systems security amid risks posed by accelerate...
The importance of information systems security amid risks posed by accelerate...The importance of information systems security amid risks posed by accelerate...
The importance of information systems security amid risks posed by accelerate...
 
Sice2011 cdam by aladdin dandis (final)
Sice2011 cdam by aladdin dandis (final)Sice2011 cdam by aladdin dandis (final)
Sice2011 cdam by aladdin dandis (final)
 
Pki (2nd e transactions forum) v 1.0
Pki (2nd e transactions forum) v 1.0Pki (2nd e transactions forum) v 1.0
Pki (2nd e transactions forum) v 1.0
 
Building trust attributes in e transactions (final) ver 3.0
Building trust attributes in e transactions (final) ver 3.0Building trust attributes in e transactions (final) ver 3.0
Building trust attributes in e transactions (final) ver 3.0
 
Module 2 information security risk management student slides ver 1.0
Module 2 information security risk management student slides ver 1.0Module 2 information security risk management student slides ver 1.0
Module 2 information security risk management student slides ver 1.0
 
Module 3 business continuity student slides ver 1.0
Module 3 business continuity student slides ver 1.0Module 3 business continuity student slides ver 1.0
Module 3 business continuity student slides ver 1.0
 
Module 1 bc and dr fundamentals student slides ver 1.0
Module 1 bc and dr fundamentals student slides ver 1.0Module 1 bc and dr fundamentals student slides ver 1.0
Module 1 bc and dr fundamentals student slides ver 1.0
 
Module 4 disaster recovery student slides ver 1.0
Module 4 disaster recovery student slides ver 1.0Module 4 disaster recovery student slides ver 1.0
Module 4 disaster recovery student slides ver 1.0
 
Assessing a cloud based approach to cyber security
Assessing a cloud based approach to cyber securityAssessing a cloud based approach to cyber security
Assessing a cloud based approach to cyber security
 

Recently uploaded

UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3
DianaGray10
 
When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...
Elena Simperl
 
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
UiPathCommunity
 
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance
 
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
Guy Korland
 
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Product School
 
Search and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical FuturesSearch and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical Futures
Bhaskar Mitra
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
Kari Kakkonen
 
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
Product School
 
Essentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with ParametersEssentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with Parameters
Safe Software
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance
 
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Thierry Lestable
 
PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)
Ralf Eggert
 
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptxIOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
Abida Shariff
 
Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........
Alison B. Lowndes
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
DanBrown980551
 
Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfKey Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdf
Cheryl Hung
 
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
Prayukth K V
 
Knowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backKnowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and back
Elena Simperl
 

Recently uploaded (20)

UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3
 
When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...
 
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
 
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
 
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
 
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
 
Search and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical FuturesSearch and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical Futures
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
 
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
 
Essentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with ParametersEssentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with Parameters
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
 
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
 
PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)
 
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptxIOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
 
Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
 
Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfKey Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdf
 
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
 
Knowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backKnowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and back
 

Cisa 2013 ch0

  • 2. 2
  • 3. Copyright@2013 Al-Taysir for Information Systems Security Consulting LLC  What is CISA?  Why to be CISA?  How to be CISA?  CISA Principles  CISA Modules  Course Guidelines 3
  • 4. Copyright@2013 Al-Taysir for Information Systems Security Consulting LLC  Certified Information Systems Auditor  Audience: IT people, InfoSec people, managers, lawyers, Internal Auditors, Investigators, Business Owners… 4
  • 5. Copyright@2013 Al-Taysir for Information Systems Security Consulting LLC  Deep understanding for IT-Security-Business relationship  Help enhancing for your business  Be a reference in your business 5
  • 6. Copyright@2013 Al-Taysir for Information Systems Security Consulting LLC  Study materials  Review practice questions  Incorporate your knowledge and experience  Apply your knowledge and experience for judgment 6
  • 7. Copyright@2013 Al-Taysir for Information Systems Security Consulting LLC 7
  • 8. Copyright@2013 Al-Taysir for Information Systems Security Consulting LLC  The ultimate goal is alignment and supporting strategic business objectives  Any thing is a matter of Change.  Any change has a risk  Each risk should be evaluated  Each risk should be managed by set of controls  Each control should have an objective, owner, documentation, approval, and a method to monitor  CISA is concerned with controls 8
  • 9. Copyright@2013 Al-Taysir for Information Systems Security Consulting LLC  CISA can be the role of adviser, auditor, tester or investigator  CISA CANNOT be in the role of implementer, administrator, decision maker, helpdesk, operator, programmer , or manager 9
  • 10. Copyright@2013 Al-Taysir for Information Systems Security Consulting LLC  The Process of Auditing Information Systems (14%)  Governance and Management of IT (14%)  Information Systems Acquisition, Development and Implementation (19%)  Information Systems Operations, Maintenance and Support (23%)  Protection of Information Assets (30%) 10
  • 11. Copyright@2013 Al-Taysir for Information Systems Security Consulting LLC  Audit Basics  ISACA IS Auditing Standards Framework  Audit Controls  Performing IS Audit  The Evolving IS Audit Process 11
  • 12. Copyright@2013 Al-Taysir for Information Systems Security Consulting LLC  IT Governance  Information Security Governance  Enterprise Architecture and IT Management  Business Continuity Planning 12
  • 13. Copyright@2013 Al-Taysir for Information Systems Security Consulting LLC  Project Management  Application Development  Business Information Systems  Alternatives for Project Organization  Infrastructure Development/Acquisition Practices  Process Improvement  Application Controls  Auditing Systems Development, Acquisition and Maintenance 13
  • 14. Copyright@2013 Al-Taysir for Information Systems Security Consulting LLC  Information Systems Operations  Computer Hardware Components and Architectures  Telecommunications  Disaster Recovery  Auditing IS Infrastructure and Operations 14
  • 15. Copyright@2013 Al-Taysir for Information Systems Security Consulting LLC  Information Security Management  Access Controls  Logical Access Controls  Physical and Environmental Security  Auditing of Protection of Information Assets 15
  • 16. Copyright@2013 Al-Taysir for Information Systems Security Consulting LLC  Main Module Slides:  Agenda  Introduction  Set of Subjects  Summary  Complementary Module Slides:  Case Studies  Practice Questions 16
  • 17. Copyright@2013 Al-Taysir for Information Systems Security Consulting LLC  I am instructor, NOT consultant  Generic answers for generic questions  Technology unbiased  Read materials, prepare yourself at night for what you will take tomorrow  Without practice, your are not CISA  Solve questions, and review explanations  You will be tested locally as to practice, not to be certified 17
  • 18. Copyright@2013 Al-Taysir for Information Systems Security Consulting LLC  Make sure that you understand materials before attending the certification exam  Ask at the end of each section, or when the instructor motivate you to ask!  I will teach you how to be CISA, I will help you become CISA, but WITHOUT warranty you will be CISA!  You will take the exam. Success is your effort and expertise 18
  • 19. Copyright@2013 Al-Taysir for Information Systems Security Consulting LLC Me  Prepare course materials  Prepare course practice questions, quizzes, case studies and workshops  Train you what CISA is, and how to become CISA  Answer questions You  Study course materials  Solve questions, quizzes, case studies and participate in discussions  Take the exam  Ask questions 19