...Course Management 8 Technical Requirements 8 Test Administration and Processing 8 Replacement of Learning Assignments 9 Communication and Student Support 9 Academic Integrity 10 Grading 11 Course Delivery 13 Instructional Approach 13 Methodology 13 Facilitation Strategies 14 Unit Plans 15 Unit 1: Information Security Policy Management 15 Unit 2: Risk Mitigation and Business Support Processes 25 Unit 3: Policies, Standards, Procedures, and Guidelines 33 Unit 4: Information Systems Security Policy Framework 42 Unit 5: User Policies 50 Unit 6: IT Infrastructure Security Policies 58 Unit 7: Risk Management 66 Unit 8: Incident Response Team Policies 74 Unit 9: Implementing and Maintaining an IT Security Policy Framework 83 Unit 10: Automated Policy Compliance Systems 90 Unit 11: Course Review and Final Examination 97 Course Support Tools 101 Evaluation of Student Learning 102 STUDENT COPY 103 Graded Assignment Requirements 104 Unit 1 Discussion 1: Importance of Security Policies 105 Unit 1 Assignment 1: Security Policies Overcoming Business...
Words: 18421 - Pages: 74
...CompTIA Security+: Get Certified Get Ahead SY0-401 Study Guide Darril Gibson Dedication To my wife, who even after 22 years of marriage continues to remind me how wonderful life can be if you’re in a loving relationship. Thanks for sharing your life with me. Acknowledgments Books of this size and depth can’t be done by a single person, and I’m grateful for the many people who helped me put this book together. First, thanks to my wife. She has provided me immeasurable support throughout this project. The technical editor, Steve Johnson, provided some good feedback throughout the project. If you have the paperback copy of the book in your hand, you’re enjoying some excellent composite editing work done by Susan Veach. I’m extremely grateful for all the effort Karen Annett put into this project. She’s an awesome copy editor and proofer and the book is tremendously better due to all the work she’s put into it. While I certainly appreciate all the feedback everyone gave me, I want to stress that any technical errors that may have snuck into this book are entirely my fault and no reflection on anyone who helped. I always strive to identify and remove every error, but they still seem to sneak in. About the Author Darril Gibson is the CEO of YCDA, LLC (short for You Can Do Anything). He has contributed to more than 35 books as the sole author, a coauthor, or a technical editor. Darril regularly writes, consults, and teaches on a wide variety of technical...
Words: 125224 - Pages: 501
...ITT Technical Institute IT255 Introduction to Information Systems Security Onsite Course SYLLABUS Credit hours: 4 Contact/Instructional hours: 50 (30 Theory Hours, 20 Lab Hours) Prerequisite(s) and/or Corequisite(s): Prerequisites: IT220 Network Standards and Protocols, IT221 Microsoft Network Operating System I, IT250 Linux Operating System Course Description: This course provides an overview of security challenges and strategies of counter measures in the information systems environment. Topics include definition of terms, concepts, elements, and goals incorporating industry standards and practices with a focus on availability, vulnerability, integrity and confidentiality aspects of information systems. Introduction to Information Systems Security Syllabus Where Does This Course Belong? This course is required for the Bachelor of Science in Information Systems Security program. This program covers the following core areas: Foundational Courses Technical Courses BSISS Project The following diagram demonstrates how this course fits in the program: IS427 Information Systems Security Capstone Project 400 Level IS404 Access Control, Authentication & KPI IS411 Security Policies & Implementation Issues IS415 System Forensics Investigation & Response IS416 Securing Windows Platforms & Applications IS418 Securing Linux Platforms & Applications IS421 Legal & Security Issues IS423 Securing Windows Platforms & Applications ...
Words: 4114 - Pages: 17
...IT255 Introduction to Information Systems Security [Onsite] Course Description: This course provides an overview of security challenges and strategies of counter measures in the information systems environment. Topics include definition of terms, concepts, elements, and goals incorporating industry standards and practices with a focus on availability, vulnerability, integrity and confidentiality aspects of information systems. Prerequisite(s) and/or Corequisite(s): Prerequisites: IT220 Network Standards and Protocols, IT221 Microsoft Network Operating System I, IT250 Linux Operating System Credit hours: 4 Contact hours: 50 (30 Theory Hours, 20 Lab Hours) Introduction to Information Systems Security Syllabus Where Does This Course Belong? This course is required for the Bachelor of Science in Information Systems Security program. This program covers the following core areas: Foundational Courses Technical Courses BSISS Project The following diagram demonstrates how this course fits in the program: IS427 Information Systems Security 400 Level Capstone Project IS418 IS404 Access Control, Authentication & KPI IS421 Legal & Security Issues IS423 Securing Windows Platforms & Applications IS411 Security Policies & Implementation Issues IS415 System Forensics Investigation & Response IS416 Securing Windows Platforms & Applications Securing Linux Platforms & Applications 300 Level IS305 Managing Risk in Information Systems ...
Words: 4296 - Pages: 18
...CISSP: The Domains Table of Contents INTRODUCTION 4 DOMAIN 1: ACCESS CONTROL WHAT’S NEW IN ACCESS CONTROL? AN OVERVIEW 5 5 7 DOMAIN 2: SOFTWARE DEVELOPMENT SECURITY WHAT’S NEW IN APPLICATIONS SECURITY (NOW SOFTWARE DEVELOPMENT SECURITY)? AN OVERVIEW 9 9 10 DOMAIN 3: BUSINESS CONTINUITY & DISASTER RECOVERY WHAT’S NEW? AN OVERVIEW 12 12 13 DOMAIN 4: CRYPTOGRAPHY WHAT’S NEW? AN OVERVIEW 17 17 18 DOMAIN 5: INFORMATION SECURITY GOVERNANCE & RISK MANAGEMENT WHAT’S NEW? AN OVERVIEW 21 21 22 DOMAIN 6: LEGAL, REGULATIONS, INVESTIGATIONS, AND COMPLIANCE WHAT’S NEW? AN OVERVIEW 24 24 26 DOMAIN 7: SECURITY OPERATIONS WHAT’S NEW? AN OVERVIEW 28 28 29 DOMAIN 8: PHYSICAL & ENVIRONMENTAL SECURITY WHAT’S NEW? AN OVERVIEW 32 32 33 DOMAIN 9: SECURITY ARCHITECTURE & DESIGN WHAT’S NEW? AN OVERVIEW 36 36 38 DOMAIN 10: TELECOMMUNICATIONS & NETWORK SECURITY WHAT’S NEW? AN OVERVIEW 40 40 41 INFOSEC INSTITUTE’S CISSP BOOT CAMP COURSE OVERVIEW COURSE SCHEDULE 44 44 45 INTRODUCTION (ISC)²’s CISSP Exam covers ten domains which are: Access Control Application Development Security Business Continuity and Disaster Recovery Planning Cryptography Information Security Governance and Risk Management Legal regulations, investigations, and compliance Operations Security Physical and Environmental Security Security Architecture and Design Telecommunications...
Words: 11687 - Pages: 47
...1. An IS auditor is reviewing access to an application to determine whether the 10 most recent "new user" forms were correctly authorized. This is an example of: A. variable sampling. B. substantive testing. C. compliance testing. D. stop-or-go sampling. The correct answer is: C. compliance testing. Explanation: Compliance testing determines whether controls are being applied in compliance with policy. This includes tests to determine whether new accounts were appropriately authorized. Variable sampling is used to estimate numerical values, such as dollar values. Substantive testing substantiates the integrity of actual processing, such as balances on financial statements. The development of substantive tests is often dependent on the outcome of compliance tests. If compliance tests indicate that there are adequate internal controls, then substantive tests can be minimized. Stop-or-go sampling allows a test to be stopped as early as possible and is not appropriate for checking whether procedures have been followed. 2. The decisions and actions of an IS auditor are MOST likely to affect which of the following risks? A. Inherent B. Detection C. Control D. Business The correct answer is: B. Detection Explanation: Detection risks are directly affected by the auditor's selection of audit procedures and techniques. Inherent risks usually are not affected by the IS auditor. Control risks are controlled by the actions of the company's management. Business...
Words: 97238 - Pages: 389
...Management of Information Security Third Edition This page intentionally left blank Management of Information Security Third Edition Michael Whitman, Ph.D., CISM, CISSP Herbert Mattord, M.B.A., CISM, CISSP Kennesaw State University ———————————————————————— Australia • Brazil • Japan • Korea • Mexico • Singapore • Spain • United Kingdom • United States Management of Information Security, Third Edition Michael E. Whitman and Herbert J. Mattord Vice President, Career and Professional Editorial: Dave Garza Executive Editor: Stephen Helba Managing Editor: Marah Bellegarde Product Manager: Natalie Pashoukos Developmental Editor: Lynne Raughley Editorial Assistant: Meghan Orvis Vice President, Career and Professional Marketing: Jennifer McAvey Marketing Director: Deborah S. Yarnell Senior Marketing Manager: Erin Coffin Marketing Coordinator: Shanna Gibbs Production Director: Carolyn Miller Production Manager: Andrew Crouth Senior Content Project Manager: Andrea Majot Senior Art Director: Jack Pendleton Cover illustration: Image copyright 2009. Used under license from Shutterstock.com Production Technology Analyst: Tom Stover © 2010 Course Technology, Cengage Learning ALL RIGHTS RESERVED. No part of this work covered by the copyright herein may be reproduced, transmitted, stored, or used in any form or by any means graphic, electronic, or mechanical, including but not limited to photocopying, recording, scanning, digitizing, taping, Web distribution, information...
Words: 229697 - Pages: 919
...4 TH EDITION Managing and Using Information Systems A Strategic Approach KERI E. PEARLSON KP Partners CAROL S. SAUNDERS University of Central Florida JOHN WILEY & SONS, INC. To Yale & Hana To Rusty, Russell &Kristin VICE PRESIDENT & EXECUTIVE PUBLISHER EXECUTIVE EDITOR EDITORIAL ASSISTANT MARKETING MANAGER DESIGN DIRECTOR SENIOR DESIGNER SENIOR PRODUCTION EDITOR SENIOR MEDIA EDITOR PRODUCTION MANAGEMENT SERVICES This book is printed on acid-free paper. Don Fowley Beth Lang Golub Lyle Curry Carly DeCandia Harry Nolan Kevin Murphy Patricia McFadden Lauren Sapira Pine Tree Composition Copyright 2010 John Wiley & Sons, Inc. All rights reserved. No part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning or otherwise, except as permitted under Sections 107 or 108 of the 1976 United States Copyright Act, without either the prior written permission of the Publisher, or authorization through payment of the appropriate per-copy fee to the Copyright Clearance Center, Inc. 222 Rosewood Drive, Danvers, MA 01923, website www.copyright.com. Requests to the Publisher for permission should be addressed to the Permissions Department, John Wiley & Sons, Inc., 111 River Street, Hoboken, NJ 07030-5774, (201) 748-6011, fax (201) 748-6008, website www.wiley.com/go/permissions. To order books or for customer service please, call 1-800-CALL WILEY (225-5945)...
Words: 175164 - Pages: 701
...4 TH EDITION Managing and Using Information Systems A Strategic Approach KERI E. PEARLSON KP Partners CAROL S. SAUNDERS University of Central Florida JOHN WILEY & SONS, INC. To Yale & Hana To Rusty, Russell &Kristin VICE PRESIDENT & EXECUTIVE PUBLISHER EXECUTIVE EDITOR EDITORIAL ASSISTANT MARKETING MANAGER DESIGN DIRECTOR SENIOR DESIGNER SENIOR PRODUCTION EDITOR SENIOR MEDIA EDITOR PRODUCTION MANAGEMENT SERVICES This book is printed on acid-free paper. Don Fowley Beth Lang Golub Lyle Curry Carly DeCandia Harry Nolan Kevin Murphy Patricia McFadden Lauren Sapira Pine Tree Composition Copyright 2010 John Wiley & Sons, Inc. All rights reserved. No part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning or otherwise, except as permitted under Sections 107 or 108 of the 1976 United States Copyright Act, without either the prior written permission of the Publisher, or authorization through payment of the appropriate per-copy fee to the Copyright Clearance Center, Inc. 222 Rosewood Drive, Danvers, MA 01923, website www.copyright.com. Requests to the Publisher for permission should be addressed to the Permissions Department, John Wiley & Sons, Inc., 111 River Street, Hoboken, NJ 07030-5774, (201) 748-6011, fax (201) 748-6008, website www.wiley.com/go/permissions. To order books or for customer service please, call 1-800-CALL WILEY (225-5945)...
Words: 175164 - Pages: 701
...4 TH EDITION Managing and Using Information Systems A Strategic Approach KERI E. PEARLSON KP Partners CAROL S. SAUNDERS University of Central Florida JOHN WILEY & SONS, INC. To Yale & Hana To Rusty, Russell &Kristin VICE PRESIDENT & EXECUTIVE PUBLISHER EXECUTIVE EDITOR EDITORIAL ASSISTANT MARKETING MANAGER DESIGN DIRECTOR SENIOR DESIGNER SENIOR PRODUCTION EDITOR SENIOR MEDIA EDITOR PRODUCTION MANAGEMENT SERVICES Don Fowley Beth Lang Golub Lyle Curry Carly DeCandia Harry Nolan Kevin Murphy Patricia McFadden Lauren Sapira Pine Tree Composition This book is printed on acid-free paper. Copyright 2010 John Wiley & Sons, Inc. All rights reserved. No part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning or otherwise, except as permitted under Sections 107 or 108 of the 1976 United States Copyright Act, without either the prior written permission of the Publisher, or authorization through payment of the appropriate per-copy fee to the Copyright Clearance Center, Inc. 222 Rosewood Drive, Danvers, MA 01923, website www.copyright.com. Requests to the Publisher for permission should be addressed to the Permissions Department, John Wiley & Sons, Inc., 111 River Street, Hoboken, NJ 07030-5774, (201) 748-6011, fax (201) 748-6008, website www.wiley.com/go/permissions. To order books or for customer service please...
Words: 175167 - Pages: 701
...United States Government Accountability Office GAO February 2009 GAO-09-232G FEDERAL INFORMATION SYSTEM CONTROLS AUDIT MANUAL (FISCAM) This is a work of the U.S. government and is not subject to copyright protection in the United States. The published product may be reproduced and distributed in its entirety without further permission from GAO. However, because this work may contain copyrighted images or other material, permission from the copyright holder may be necessary if you wish to reproduce this material separately. United States Government Accountability Office Washington, DC 20548 February 2009 TO AUDIT OFFICIALS, CIOS, AND OTHERS INTERESTED IN FEDERAL AND OTHER GOVERNMENTAL INFORMATION SYSTEM CONTROLS AUDITING AND REPORTING This letter transmits the revised Government Accountability Office (GAO) Federal Information System Controls Audit Manual (FISCAM). The FISCAM presents a methodology for performing information system (IS) control 1 audits of federal and other governmental entities in accordance with professional standards, and was originally issued in January 1999. We have updated the FISCAM for significant changes affecting IS audits. This revised FISCAM reflects consideration of public comments received from professional accounting and auditing organizations, independent public accounting firms, state and local audit organizations, and interested individuals on the FISCAM Exposure Draft issued on July 31, 2008 (GAO-08-1029G)...
Words: 174530 - Pages: 699