This document outlines the Certified International Information System Auditor (CIISA) course. The 3-day course covers topics related to information system auditing including IT audit processes, governance, infrastructure lifecycles, service delivery, information asset protection, business continuity, and case studies. The goal is to provide participants a comprehensive understanding of information system auditing practices and prepare them to take the CIISA professional certification exam. The course is designed for IT managers, security managers, auditing staff, and IT operations staff.
IT Auditing – Using Controls to Protect Information Assets (straight to the point)
Under the skillful guidance of ALTUM’s best instructors, participants will learn how to plan and perform complex technical audits. Over a three to six month period, a General Controls Review, Network Audit, several Operating System Audits and a review of the Internet should be able to be completed. Participants will also learn how to effectively report issues to management, while providing the IT administrators and technicians with a working document allowing them to correct existing security issues. This is a 3-day hands-on training and all participants are advised to come along with their laptops.
To meet the requirements for lab 10 you were to perform Part 1, STakishaPeck109
To meet the requirements for lab 10 you were to perform: Part 1, Step 2: evaluate the policy document against the summarized NIST best practices, identify by number which, if any, of the eight best practices the policy satisfies, and for each practice that you identify, provide a reference to the statement in the policy that aligns with that best practice; Part 1 Step 3: suggest how you would revise the policy to directly align with the standards and provide specific statements that you would add/modify in the policy; Part 1, Step 4: describe whether the policy document is best titled as a policy or whether it would be better described using another element of the policy framework. Part 2, Step 3: describe the process that the Center uses to ensure that its standards represent the consensus of the cybersecurity community; Part 2, Step 5: identify the section of the recommendations that achieves this goal; Part 2, Step 7: for each of the five best practices in the previous step, classify the practice as: satisfied (indicate recommendation number that achieves the best practice), violated (indicate recommendation number that violates the best practice) or not addressed.
Unfortunately it looks like you were off target for this assignment; you needed to:
Part 1, Step 2: identify by number the best practices (given in the lab) that are satisfied by the policy - partial credit given;
Part 1 Step 3: provide specific statements on how you would revise the policy; you needed to align your statements with the best practices (e.g. Best Practice 2: add to Section 4.2) - partial credit given;
Part 1, Step 4: describe whether the policy document is best titled as a policy or whether it would be better described using another element of the policy framework; this "policy" is better described as a standard (see technical implementation details);
Part 2, Step 3: describe the process that the Center uses to ensure its standards represent the consensus of the cybersecurity community; see the Consensus Guidance portion of the document - partial credit given;
Part 2, Step 5: identify the section of the recommendations that achieves the goal of Step 3 - partial credit given;
Part 2, Step 7: classify the five best practices; indicate the recommendation number for each - partial credit given.
Applying the Security Policy Framework to an Access Control Environment (3e)
Access Control and Identity Management, Third Edition - Lab 10
Student: Email:
HARSHAVARDHAN POCHARAM [email protected]
Time on Task: Progress:
100%
Report Generated: Sunday, June 20, 2021 at 9:45 AM
Guided Exercises
Part 1: Evaluate a Security Policy
2. Evaluate the policy document against the NIST best practices summarized above. Identify by
number which, if any, of the eight best practices the policy satisfies. For each practice that you
identify, provide a reference to the statement in the policy that aligns with that best practice.
In line with relevant policy, the information s ...
IT Auditing – Using Controls to Protect Information Assets (straight to the point)
Under the skillful guidance of ALTUM’s best instructors, participants will learn how to plan and perform complex technical audits. Over a three to six month period, a General Controls Review, Network Audit, several Operating System Audits and a review of the Internet should be able to be completed. Participants will also learn how to effectively report issues to management, while providing the IT administrators and technicians with a working document allowing them to correct existing security issues. This is a 3-day hands-on training and all participants are advised to come along with their laptops.
To meet the requirements for lab 10 you were to perform Part 1, STakishaPeck109
To meet the requirements for lab 10 you were to perform: Part 1, Step 2: evaluate the policy document against the summarized NIST best practices, identify by number which, if any, of the eight best practices the policy satisfies, and for each practice that you identify, provide a reference to the statement in the policy that aligns with that best practice; Part 1 Step 3: suggest how you would revise the policy to directly align with the standards and provide specific statements that you would add/modify in the policy; Part 1, Step 4: describe whether the policy document is best titled as a policy or whether it would be better described using another element of the policy framework. Part 2, Step 3: describe the process that the Center uses to ensure that its standards represent the consensus of the cybersecurity community; Part 2, Step 5: identify the section of the recommendations that achieves this goal; Part 2, Step 7: for each of the five best practices in the previous step, classify the practice as: satisfied (indicate recommendation number that achieves the best practice), violated (indicate recommendation number that violates the best practice) or not addressed.
Unfortunately it looks like you were off target for this assignment; you needed to:
Part 1, Step 2: identify by number the best practices (given in the lab) that are satisfied by the policy - partial credit given;
Part 1 Step 3: provide specific statements on how you would revise the policy; you needed to align your statements with the best practices (e.g. Best Practice 2: add to Section 4.2) - partial credit given;
Part 1, Step 4: describe whether the policy document is best titled as a policy or whether it would be better described using another element of the policy framework; this "policy" is better described as a standard (see technical implementation details);
Part 2, Step 3: describe the process that the Center uses to ensure its standards represent the consensus of the cybersecurity community; see the Consensus Guidance portion of the document - partial credit given;
Part 2, Step 5: identify the section of the recommendations that achieves the goal of Step 3 - partial credit given;
Part 2, Step 7: classify the five best practices; indicate the recommendation number for each - partial credit given.
Applying the Security Policy Framework to an Access Control Environment (3e)
Access Control and Identity Management, Third Edition - Lab 10
Student: Email:
HARSHAVARDHAN POCHARAM [email protected]
Time on Task: Progress:
100%
Report Generated: Sunday, June 20, 2021 at 9:45 AM
Guided Exercises
Part 1: Evaluate a Security Policy
2. Evaluate the policy document against the NIST best practices summarized above. Identify by
number which, if any, of the eight best practices the policy satisfies. For each practice that you
identify, provide a reference to the statement in the policy that aligns with that best practice.
In line with relevant policy, the information s ...
Architecting the Framework for Compliance & Risk Managementjadams6
Privacy and protection of personal information is a hot topic in data governance. However, the compliance challenge is in creating audit defensibility that ensures practices are compliant and performed in a way that is scalable, transparent, and defensible; thus creating “Audit Resilience.” Data practitioners often struggle with viewing the world from the auditor’s perspective. This presentation focuses on how to create the foundational governance framework supporting a data control model required to produce clean audit findings. These capabilities are critical in a world where due diligence and compliance with best practices are critical in addressing the impacts of security and privacy breaches. The companies in the news recently drive home these points.
· Processed on 09-Dec-2014 901 PM CST · ID 488406360 · Word .docxLynellBull52
· Processed on 09-Dec-2014 9:01 PM CST
· ID: 488406360
· Word Count: 1969
Similarity Index
47%
Similarity by Source
Internet Sources:
46%
Publications:
2%
Student Papers:
N/A
sources:
1
30% match (Internet from 27-Mar-2009)
http://www.isaca.org/Content/ContentGroups/Journal1/20023/The_IS_Audit_Process.htm
2
13% match (Internet from 29-Mar-2011)
http://www.scribd.com/doc/36655995/Chapter-1-the-Information-System-Audit-Process
3
2% match (publications)
Athula Ginige. "Web site auditing", Proceedings of the 14th international conference on Software engineering and knowledge engineering - SEKE 02 SEKE 02, 2002
4
1% match (Internet from 26-Feb-2012)
http://www.dc.fi.udc.es/~parapar/files/ai/The_IS_Audit_Process_isaca_sayana.pdf
5
1% match (Internet from 01-Apr-2009)
http://www.idkk.gov.tr/web/guest/it_audit_manual_isaca
paper text:
Running head: AUDITING INFORMATION SYSTEMS PROCESS Auditing information systems process Student’s Name University Affiliation Auditing information systems 2process Information systems are the livelihood of any huge business. As in past years, computer systems do not simply record transactions of business, but essentially drive the main business procedures of the enterprise. In such a situation, superior management and business managers do have worries concerning information systems. Auditing is a methodical process by which a proficient, independent person impartially obtains and assesses evidence concerning assertions about a financial entity or occasion for the reason of outlining an outlook about and reporting on the extent to which the contention matches to an acknowledged set of standards. Auditing of information systems is the administration controls assessment inside the communications of Information Technology. The obtained proof valuation is used to decide if systems of information are defensive assets, maintenance reliability of data, and also if they are efficiently operating in order to attain organization’s goals or objectives (Hoelzer, 2009). Auditing of Information Systems has become an essential part of business organization in both large and small business environments. This paper examines the preliminary points for carrying out and Information system audit and some of the, techniques, tools, guidelines and standards that can be employed to build, manage, and examine the review function. The Certified Information Systems Auditor (CISA) qualifications is recognized worldwide as a standard of accomplishment for those who assess, monitor, control and audit the information technology of an organization and business systems. Information Systems experts with a concern in information systems security, control and audit. At least five years of specialized information systems security, auditing and control work practice is necessary for certification. An audit contract should be present to evidently state the responsibility of the management, 2objectives for, and designation of authority to Information .
The CISA is a globally reputed certification for security professionals who audit, monitor, and assess organizations’ information systems and business operations. The certification showcases the candidate’s auditing experience, knowledge, and skills to evaluate vulnerabilities, report on compliance, and institute controls within the enterprise.
Register Here: https://www.infosectrain.com/courses/cisa-certification-training/
Ensuring SOC 2 Compliance A Comp Checklist.pdfsocurely
In today’s increasingly digital landscape, data security, and privacy have become paramount concerns for businesses and their customers alike. Achieving SOC 2 (Service Organization Control 2) compliance is one-way organizations can demonstrate their commitment to safeguarding sensitive data.
SOC 2 compliance is not just a certification; it’s a validation of a company’s commitment to data security, availability, processing integrity, confidentiality, and privacy.
In this comprehensive checklist, we’ll take a close look at the key aspects of ensuring SOC 2 compliance and the criteria that must be met.
CompTIA CySA Domain 5 Compliance and Assessment.pptxInfosectrain3
The CompTIA Cybersecurity Analyst (CySA+) certification is the industry standard for demonstrating that cybersecurity professionals can analyze data and interpret the results to detect vulnerabilities, threats, and risks to an organization.
Implementing Asset Management System with ISO 55001PECB
Over the past several years, the asset management industry has fundamentally changed shape, it is critically more important than ever before. ISO 55000 defines Asset management as the "coordinated activity of an organization to realize value from assets". In turn, Assets are defined as follows: "An asset is an item, thing or entity that has potential or actual value to an organization". This webinar explores ISO 55001 and Asset Lifecycle Management. Moreover, the webinars gives a brief introduction of the six elements into which ISO 55001 divides asset management system.
Main points covered:
• Explore ISO 55001
• Asset Lifecycle Management
• Explore the concept behind information Assets
• Who is an Asset Manager and what the responsibilities of an Asset Manager are
Presenter:
Orlando Olumide Odejide is a PECB Certified Trainer. He is an experienced Enterprise Architect and Programme Director working on various technology solutions for client in the Financial Services, Manufacturing and Public Sectors.
Link of the recorded session published on YouTube: https://youtu.be/hYaNNwQK1Ns
IT management audits can serve multiple purposes and provide many benefits. First, audits are used to validate compliance with established technology related policies, programs and procedures. Then, audits are also used as an investigative tool, to gather information and analyze current operational conditions for the purposed of recommending specific “policies, programs and procedures”. The primary purpose of a given audit will determine the scope and related execution planning. Validation audits are likely performed on a regularly scheduled basis, with a standardized scope and set of executing procedures. Investigative audits are likely triggered in response to a specific need, and planning will be shaped by unique goals and circumstances. Whatever the purpose, the goal is to ensure that audits serve a purpose, are planned for minimal disruption, and that all results are used to maximize IT value.
Architecting the Framework for Compliance & Risk Managementjadams6
Privacy and protection of personal information is a hot topic in data governance. However, the compliance challenge is in creating audit defensibility that ensures practices are compliant and performed in a way that is scalable, transparent, and defensible; thus creating “Audit Resilience.” Data practitioners often struggle with viewing the world from the auditor’s perspective. This presentation focuses on how to create the foundational governance framework supporting a data control model required to produce clean audit findings. These capabilities are critical in a world where due diligence and compliance with best practices are critical in addressing the impacts of security and privacy breaches. The companies in the news recently drive home these points.
· Processed on 09-Dec-2014 901 PM CST · ID 488406360 · Word .docxLynellBull52
· Processed on 09-Dec-2014 9:01 PM CST
· ID: 488406360
· Word Count: 1969
Similarity Index
47%
Similarity by Source
Internet Sources:
46%
Publications:
2%
Student Papers:
N/A
sources:
1
30% match (Internet from 27-Mar-2009)
http://www.isaca.org/Content/ContentGroups/Journal1/20023/The_IS_Audit_Process.htm
2
13% match (Internet from 29-Mar-2011)
http://www.scribd.com/doc/36655995/Chapter-1-the-Information-System-Audit-Process
3
2% match (publications)
Athula Ginige. "Web site auditing", Proceedings of the 14th international conference on Software engineering and knowledge engineering - SEKE 02 SEKE 02, 2002
4
1% match (Internet from 26-Feb-2012)
http://www.dc.fi.udc.es/~parapar/files/ai/The_IS_Audit_Process_isaca_sayana.pdf
5
1% match (Internet from 01-Apr-2009)
http://www.idkk.gov.tr/web/guest/it_audit_manual_isaca
paper text:
Running head: AUDITING INFORMATION SYSTEMS PROCESS Auditing information systems process Student’s Name University Affiliation Auditing information systems 2process Information systems are the livelihood of any huge business. As in past years, computer systems do not simply record transactions of business, but essentially drive the main business procedures of the enterprise. In such a situation, superior management and business managers do have worries concerning information systems. Auditing is a methodical process by which a proficient, independent person impartially obtains and assesses evidence concerning assertions about a financial entity or occasion for the reason of outlining an outlook about and reporting on the extent to which the contention matches to an acknowledged set of standards. Auditing of information systems is the administration controls assessment inside the communications of Information Technology. The obtained proof valuation is used to decide if systems of information are defensive assets, maintenance reliability of data, and also if they are efficiently operating in order to attain organization’s goals or objectives (Hoelzer, 2009). Auditing of Information Systems has become an essential part of business organization in both large and small business environments. This paper examines the preliminary points for carrying out and Information system audit and some of the, techniques, tools, guidelines and standards that can be employed to build, manage, and examine the review function. The Certified Information Systems Auditor (CISA) qualifications is recognized worldwide as a standard of accomplishment for those who assess, monitor, control and audit the information technology of an organization and business systems. Information Systems experts with a concern in information systems security, control and audit. At least five years of specialized information systems security, auditing and control work practice is necessary for certification. An audit contract should be present to evidently state the responsibility of the management, 2objectives for, and designation of authority to Information .
The CISA is a globally reputed certification for security professionals who audit, monitor, and assess organizations’ information systems and business operations. The certification showcases the candidate’s auditing experience, knowledge, and skills to evaluate vulnerabilities, report on compliance, and institute controls within the enterprise.
Register Here: https://www.infosectrain.com/courses/cisa-certification-training/
Ensuring SOC 2 Compliance A Comp Checklist.pdfsocurely
In today’s increasingly digital landscape, data security, and privacy have become paramount concerns for businesses and their customers alike. Achieving SOC 2 (Service Organization Control 2) compliance is one-way organizations can demonstrate their commitment to safeguarding sensitive data.
SOC 2 compliance is not just a certification; it’s a validation of a company’s commitment to data security, availability, processing integrity, confidentiality, and privacy.
In this comprehensive checklist, we’ll take a close look at the key aspects of ensuring SOC 2 compliance and the criteria that must be met.
CompTIA CySA Domain 5 Compliance and Assessment.pptxInfosectrain3
The CompTIA Cybersecurity Analyst (CySA+) certification is the industry standard for demonstrating that cybersecurity professionals can analyze data and interpret the results to detect vulnerabilities, threats, and risks to an organization.
Implementing Asset Management System with ISO 55001PECB
Over the past several years, the asset management industry has fundamentally changed shape, it is critically more important than ever before. ISO 55000 defines Asset management as the "coordinated activity of an organization to realize value from assets". In turn, Assets are defined as follows: "An asset is an item, thing or entity that has potential or actual value to an organization". This webinar explores ISO 55001 and Asset Lifecycle Management. Moreover, the webinars gives a brief introduction of the six elements into which ISO 55001 divides asset management system.
Main points covered:
• Explore ISO 55001
• Asset Lifecycle Management
• Explore the concept behind information Assets
• Who is an Asset Manager and what the responsibilities of an Asset Manager are
Presenter:
Orlando Olumide Odejide is a PECB Certified Trainer. He is an experienced Enterprise Architect and Programme Director working on various technology solutions for client in the Financial Services, Manufacturing and Public Sectors.
Link of the recorded session published on YouTube: https://youtu.be/hYaNNwQK1Ns
IT management audits can serve multiple purposes and provide many benefits. First, audits are used to validate compliance with established technology related policies, programs and procedures. Then, audits are also used as an investigative tool, to gather information and analyze current operational conditions for the purposed of recommending specific “policies, programs and procedures”. The primary purpose of a given audit will determine the scope and related execution planning. Validation audits are likely performed on a regularly scheduled basis, with a standardized scope and set of executing procedures. Investigative audits are likely triggered in response to a specific need, and planning will be shaped by unique goals and circumstances. Whatever the purpose, the goal is to ensure that audits serve a purpose, are planned for minimal disruption, and that all results are used to maximize IT value.
Similar to Syllabus CIISA ( Certified Internasional Information System Auditor ).pdf (20)
Explore the innovative world of trenchless pipe repair with our comprehensive guide, "The Benefits and Techniques of Trenchless Pipe Repair." This document delves into the modern methods of repairing underground pipes without the need for extensive excavation, highlighting the numerous advantages and the latest techniques used in the industry.
Learn about the cost savings, reduced environmental impact, and minimal disruption associated with trenchless technology. Discover detailed explanations of popular techniques such as pipe bursting, cured-in-place pipe (CIPP) lining, and directional drilling. Understand how these methods can be applied to various types of infrastructure, from residential plumbing to large-scale municipal systems.
Ideal for homeowners, contractors, engineers, and anyone interested in modern plumbing solutions, this guide provides valuable insights into why trenchless pipe repair is becoming the preferred choice for pipe rehabilitation. Stay informed about the latest advancements and best practices in the field.
Sachpazis:Terzaghi Bearing Capacity Estimation in simple terms with Calculati...Dr.Costas Sachpazis
Terzaghi's soil bearing capacity theory, developed by Karl Terzaghi, is a fundamental principle in geotechnical engineering used to determine the bearing capacity of shallow foundations. This theory provides a method to calculate the ultimate bearing capacity of soil, which is the maximum load per unit area that the soil can support without undergoing shear failure. The Calculation HTML Code included.
Saudi Arabia stands as a titan in the global energy landscape, renowned for its abundant oil and gas resources. It's the largest exporter of petroleum and holds some of the world's most significant reserves. Let's delve into the top 10 oil and gas projects shaping Saudi Arabia's energy future in 2024.
Syllabus CIISA ( Certified Internasional Information System Auditor ).pdf
1. Page 1
AAPM American Academy of Financial Management AAFM ®
1670-F East Cheyenne Mtn. Blvd.; Box #293
Colorado Springs CO 80906 -USA504-495-1748 Fax: 419-828-4923-
CONTACT LEGAL * info@certifiedprojectmanager.us
CERTIFIED INTERNATIONAL INFORMATION SYSTEM
AUDITOR (CIISA) COURSE OUTLINE
Course Certified Information System Auditor/CIISA
Instructor Certified American Academy Instructor
Descriptions The CIISA credential of a professionals I.S auditor is
valuable. This course delves into the unique
challenges of managing an audit and the knowledge
necessary to complete the task.
Information system auditors take up where the
financial auditors do not tread-into the design and
implementation effectiveness and operation
effectiveness of information system. The course will
focus on general computer control, application level
control auditing as well introducing of risk based
management approach.
The course is also designed to help candidates
familiar with IT audit concepts and rules for
regulatory compliance under Sarbanes-Oxely
(corporations), Gramm-Leach-Biley and FFIEC (both
financial), FISMA (government), HIPAA (medical
records), SCADA (utilities) and other regulators.
The course will also help you to become a true
management consultant in IT audit filed and will help
you well prepared for the American Academy
examination, which offered by American I.S Audit
and control Association.
The instructor-led classroom training covers the
Information System Audit body of knowledge to
build a working understanding of the material.
The training course will cover topics such as auditor
responsibilities, scope, audit charter, technical
material, privacy requirements, for CIISA exam
preparation. The course has updated the contents to
reflect the new subject material of the CIISA exam.
2. Page 2
AAPM American Academy of Financial Management AAFM ®
1670-F East Cheyenne Mtn. Blvd.; Box #293
Colorado Springs CO 80906 -USA504-495-1748 Fax: 419-828-4923-
CONTACT LEGAL * info@certifiedprojectmanager.us
Durations 3 Days
Objectives At the completion of this course, the participants shall have
comprehensive undertandingand knowledge in Information
System and Technology Audit and encompassing such as:
Participants shall obtain an expanded understanding the
role of IT auditors in evaluating IT-related operational
and control risk and in assessing the appropriateness and
adequacy of management control practices and IT-
related controls inside participants’ organization
Participants shall obtain the capability in conducting IT
audit and implement techniques in performing
assurance, attestation, and audit engagements
Participants shall obtain an expanded familiarity with
the principle references in IT governance, control and
security as related to IT audit
Participants shall obtain the working ability to plan,
conduct, and report on information technology audits
Participants shall obtain an understanding of the role of
IT auditors regarding IT-related compliance and
regulatory audits, such as evaluating control standards
Participants shall be prepared and throughly confident
upon themselves to take CIISA professional certificate
examination
Target Audience IT Managers
Security Managers
Auditing Staffs
IT Operation Staffs
Course Contents and Descriptions
Module 1: IS Audit
Process
Course Contents and Descriptions
Module 2: IT
Governance
The class session will focus on IT audit concepts and
processes, which includes: review of some of the key
fundamentals of IT auditing, including general auditing
standards, risk-based auditing, pre-audit objectives,
determining scope and audit objectives, and the process of
performing an IT audit.
3. Page 3
AAPM American Academy of Financial Management AAFM ®
1670-F East Cheyenne Mtn. Blvd.; Box #293
Colorado Springs CO 80906 -USA504-495-1748 Fax: 419-828-4923-
CONTACT LEGAL * info@certifiedprojectmanager.us
The class session will include discussion on IT
performance, controls, control self-assessment, risk
analysis, and the objectives of the IT audit or assurance
report.
Module 3: System and
Infrastructure Life Cycle
The class session shall describe on practical methodology in
conducting the effective and efficient IT audit, expand upon
the need for appropriate controls and assurance processes
for business and IT environment. The participants will be
geared toward gaining a working understanding of the
content and value of the management guidelines and
assurance methodology.
Discussion will focus on the importance of measurement in
achieving organizational and IT objectives. The session will
also focus on the business and IT environments subject to
operational and control assessments (audit).
Module 4: IT Service
Delivery and Support
Provide assurance that the IT service management
practices will ensure delivery of the level of service
required to meet the organization’s objectives. The module
describes as follows:
• Evaluate service level management practices to ensure
that the level of service from internal and external
service providers is defined and managed
• Evaluate operations management to ensure that IT
support functions effectively meet business needs
• Evaluate data administration practices to ensure the
integrity and optimization of databases
• Evaluate the use of capacity and performance
monitoring tools and techniques to ensure that IT
services meet the organization’s objectives
• Evaluate change, configuration and release management
practices to ensure that changes made to the
organization's production environment are adequately
controlled and documented
• Evaluate problem and incident management practices to
ensure that incidents, problems or errors are recorded,
analyzed and resolved in a timely manner
• Evaluate the functionality of the IT infrastructure (e.g.,
network components, hardware, system software) to
ensure that it supports the organization's objectives
Module 5: Protection of
Information Assets
Provide assurance that the security architecture
policies, standards, procedures and controls) ensures
the confidentiality, integrity and availability of
4. Page 4
AAPM American Academy of Financial Management AAFM ®
1670-F East Cheyenne Mtn. Blvd.; Box #293
Colorado Springs CO 80906 -USA504-495-1748 Fax: 419-828-4923-
CONTACT LEGAL * info@certifiedprojectmanager.us
information assets. The module descriptions are as
follows:
• Evaluate the design, implementation and
monitoring of logical access controls to ensure the
confidentiality, integrity, availability and
authorized use of information assets
• Evaluate network infrastructure security to ensure
confidentiality, integrity, availability and
authorized use of the network and the information
transmitted
• Evaluate the design, implementation and
monitoring of environmental controls to prevent or
minimize loss
• Evaluate the design, implementation and
monitoring of physical access controls to ensure
that information assets are adequately safeguarded
• Evaluate the processes and procedures used to
store, retrieve, transport and dispose of confidential
information assets
Module 6: Business
Continuity Plan
Provide assurance that in the event of a disruption
the business continuity and disaster recovery
processes will ensure the timely resumption of
IT service, while minimizing the business
impacts. The module covers as described below:
• Evaluate the adequacy of backup and restore
provisions to ensure the availability of
information required to resume processing
• Evaluate the organization's disaster recovery
plan to ensure that it enables the recovery of IT
processing capabilities in the event of a disaster
• Evaluate the organization's business continuity
plan to ensure the organization's ability to
continue essential business operations during
the period of an IT disruption
Case Studies Case-based discussions will be conducted with topics
related to the subjects of training. Exam exercises and
questions evaluation.
