Introduction to Information Security

CybersecurityIT AuditInternal Audit

Overview

This course is designed to give those new to information security auditing a basic understanding of information security key concepts, players, and components. Participants will learn how the information security function aligns with the organization's business and strategic objectives. Additionally, the course will highlight methods to provide assurance in the information security space and the critical importance of communication. This course will provide the foundational knowledge auditors need to perform information security governance audits and perform basic assessments of information security operations.

Why you should take this course.

For users who are new to internal auditing, or would like to learn more about it.

Here are the learning objectives we'll cover.

  • Recognize the components of information security within an organization.
  • Identify the basic areas of information security management.
  • Discover an appreciation of key areas of information security that will prepare you to be able to dive deeper into the technical side of information security.
  • Discover the skills and knowledge needed to provide assurance in the information security space.
  • Identify what effective communication looks like in the information security space from the boardroom to the internal audit department.

Here are the topics we'll cover.

  1. The Security Umbrella Overview

    • Security, risk management, and asset security
    • Security architecture and engineering
    • Communication, network security, and IAM
    • Security assessment and testing
    • Security operations and software development
  2. Information Security Management Basics

    • Key elements of information security
    • Roles and responsibilities
    • Information security control design
    • Organization security strategy
    • Frameworks and standards
  3. Threats and vulnerabilities

    • Security incident management
    • Logical access
    • Network infrastructure security
    • Emerging technologies and trends
    • Examples of threat sources and events
  4. Information Security Policy

    • Standards, guidelines, and procedures
    • Program policy
    • Issue-specific policies
    • System specific policies
    • Interdependencies and cost considerations
  5. Information Security Risk Management

    • Introduction to IT risk management
    • Risk identification
    • Risk assessment
    • Risk response and mitigation
    • Risk and control monitoring and reporting
  6. Assurance

    • Assurance basics: Controls and countermeasures
    • Security engineering
    • Operational assurance
    • Interdependencies and cost considerations
    • Assurance programs
  7. Security Considerations

    • User and software support
    • Configuration management and backups
    • Media controls and documentation
    • Maintenance
    • Cost considerations and assurance
  8. Cryptography

    • Uses of cryptography
    • Types of cryptography
    • Implementation challenges
    • Cost considerations
    • Assurance
  9. Communication

    • Board
    • Senior management
    • Internal audit
    • External parties
    • Overcoming challenges and roadblocks

Learning Style

On Demand

Level

Entry Level

Includes

Assessment

Who this course is for

Internal Auditors, Compliance Experts, and leaders in Internal Audit departments.

NASBA Certified CPE

24 credits

Field of Study

Auditing

Length of course

24h

Prerequisites

None

Advanced Preparation

None
Start Learning Today
Stay ahead of the curve and future-proof your business with training programs designed for you.
Purchase a PlanContact Sales

ACI Learning is registered with NASBA

ACI Learning is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website: https://www.nasbaregistry.org/