Introduction to Information Security
Overview
This course is designed to give those new to information security auditing a basic understanding of information security key concepts, players, and components. Participants will learn how the information security function aligns with the organization's business and strategic objectives. Additionally, the course will highlight methods to provide assurance in the information security space and the critical importance of communication. This course will provide the foundational knowledge auditors need to perform information security governance audits and perform basic assessments of information security operations.
Why you should take this course.
For users who are new to internal auditing, or would like to learn more about it.
Here are the learning objectives we'll cover.
- Recognize the components of information security within an organization.
- Identify the basic areas of information security management.
- Discover an appreciation of key areas of information security that will prepare you to be able to dive deeper into the technical side of information security.
- Discover the skills and knowledge needed to provide assurance in the information security space.
- Identify what effective communication looks like in the information security space from the boardroom to the internal audit department.
Here are the topics we'll cover.
-
The Security Umbrella Overview
- Security, risk management, and asset security
- Security architecture and engineering
- Communication, network security, and IAM
- Security assessment and testing
- Security operations and software development
-
Information Security Management Basics
- Key elements of information security
- Roles and responsibilities
- Information security control design
- Organization security strategy
- Frameworks and standards
-
Threats and vulnerabilities
- Security incident management
- Logical access
- Network infrastructure security
- Emerging technologies and trends
- Examples of threat sources and events
-
Information Security Policy
- Standards, guidelines, and procedures
- Program policy
- Issue-specific policies
- System specific policies
- Interdependencies and cost considerations
-
Information Security Risk Management
- Introduction to IT risk management
- Risk identification
- Risk assessment
- Risk response and mitigation
- Risk and control monitoring and reporting
-
Assurance
- Assurance basics: Controls and countermeasures
- Security engineering
- Operational assurance
- Interdependencies and cost considerations
- Assurance programs
-
Security Considerations
- User and software support
- Configuration management and backups
- Media controls and documentation
- Maintenance
- Cost considerations and assurance
-
Cryptography
- Uses of cryptography
- Types of cryptography
- Implementation challenges
- Cost considerations
- Assurance
-
Communication
- Board
- Senior management
- Internal audit
- External parties
- Overcoming challenges and roadblocks
Learning Style
Level
Includes
Assessment