CISA Training Course

Security and Risk Management

Aligning security to organisational objectives
Employing fundamental security principles
Managing security policies, standards and procedures
Applying risk management concepts
Assessing threats and vulnerabilities
Performing risk analysis and control
Preserving the business
Adhering to Business Continuity Management Code of Practice and Specifications
Performing a business impact analysis
Investigating legal measures and techniques
Reviewing intellectual property, liability and laws
Differentiating traditional and computer crime
Addressing ethical behaviour and compliance

Security Engineering

Examining security models and frameworks
The Information Security Triad and multi-level models
Investigating industry standards: ISO 27001/27002
Exploring system and component security concepts
System design principles, capabilities, and limitations
Certification and accreditation criteria and models
Protecting information by applying cryptography
Detailing symmetric and asymmetric encryption systems
Ensuring message integrity through hashing
Uncovering threats to cryptographic systems
Safeguarding physical resources
Designing environments to resist hostile acts and threats
Denying unauthorised access

Asset Security

Identifying, categorising and prioritising assets
Applying security controls to assets
Protecting data through proper handling

Communication and Network Security

Defining a secure network architecture
TCP/IP and other protocol models
Protecting from network attacks
Examining secure networks and components
Identifying wired and wireless technologies
Implementing firewalls, proxies and tunnels

Identity and Access Management

Controlling access to protect assets
Defining administrative, technical and physical controls
Implementing centralised and decentralised approaches
Investigating biometric and multi-factor authentication
Identifying common threats

Security Assessment and Testing

Designing and conducting security assessment strategies
Leveraging the role of testing and auditing to analyse the effectiveness of security controls
Differentiating detection and protection systems
Conducting logging and monitoring activities
Distinguishing between the roles of internal and external audits
Defining secure account management

Security Operations

Maintaining operational resilience
Managing security services effectively
Leveraging and supporting investigations and incident response
Differentiating detection and protection systems
Developing a recovery strategy
Designing a disaster recovery plan
Implementing test and maintenance processes

Software Development Security

Securing the software development life cycle
Applying software development methods and security controls
Highlighting threats: Cross-Site Scripting (XSS), JavaScript attacks and Buffer Overflow
Addressing database security concepts and issues