Presentation is loading. Please wait.

Presentation is loading. Please wait.

© ITT Educational Services, Inc. All rights reserved. IS4680 Security Auditing for Compliance Unit 1 Information Security Compliance.

Published bySybil Bradford Modified over 7 years ago

Similar presentations

Presentation on theme: "© ITT Educational Services, Inc. All rights reserved. IS4680 Security Auditing for Compliance Unit 1 Information Security Compliance."— Presentation transcript:

1 © ITT Educational Services, Inc. All rights reserved. IS4680 Security Auditing for Compliance Unit 1 Information Security Compliance

2 © ITT Educational Services, Inc. All rights reserved.Page 2 IS3440 Linux Security Class Agenda 6/13/16  Introduction  Course Syllabus.  Learning Objectives  Lesson Presentation and Discussions.  Discussion on Assignments.  Discussion on Lab Activities.  Break Times as per School Regulations.

3 © ITT Educational Services, Inc. All rights reserved.Page 3 IS3440 Linux Security Course Syllabus  Introduction of Course Syllabus. Course Summary Course Plan Evaluation Academic integrity  Discussion and questions about syllabus.

4 © ITT Educational Services, Inc. All rights reserved.Page 4 IS3440 Linux Security Name: Williams Obinkyereh Bachelor of Science in Statistics (BSc Stats) Master of Science in Information Technology (MSc IT) Post Masters of Advanced Studies in Software Engineering. Doctor of Computer Science (DCS) Ongoing Contacts: Email: WObinkyereh@itt-tech.edu

5 © ITT Educational Services, Inc. All rights reserved.Page 5 IS4680 Security Auditing for Compliance Learning Objective  Describe the role of information systems security (ISS) compliance in relation to U.S. compliance laws.

6 © ITT Educational Services, Inc. All rights reserved.Page 6 IS4680 Security Auditing for Compliance Key Concepts  ISS and information assurance in organizations  The various U.S. compliance laws and standards and their role in organizations  The difference between public and private sector regulatory requirements

7 © ITT Educational Services, Inc. All rights reserved.Page 7 IS4680 Security Auditing for Compliance Key Concepts (Continued)  The importance of organizational governance and compliance and the difference between ISS audits and assessments  ISS audits and their importance in organizations

8 © ITT Educational Services, Inc. All rights reserved.Page 8 IS4680 Security Auditing for Compliance EXPLORE: PROCESSES

9 © ITT Educational Services, Inc. All rights reserved.Page 9 IS4680 Security Auditing for Compliance Explore-Group discussion.  IA  IT security audits  IT security assessments  Compliance laws and standards  The consequences of not adhering to compliance laws  Public and private compliance requirements

10 © ITT Educational Services, Inc. All rights reserved.Page 10 IS4680 Security Auditing for Compliance Generic Process for Information Assurance Step 1 Identify organizational vulnerabilities. Step 2 Apply commercial information technology (IT) solutions, services, and frameworks. Step 3 Protect assets by using the Central Intelligence Agency (CIA) methodology.

11 © ITT Educational Services, Inc. All rights reserved.Page 11 IS4680 Security Auditing for Compliance Generic Process for Information Assurance (Continued) Step 4 Document any existing or new vulnerabilities. Step 5 Schedule next review.

12 © ITT Educational Services, Inc. All rights reserved.Page 12 IS4680 Security Auditing for Compliance Regulations Leading to Compliance Step 1 Interpret the new law or regulation and the way it applies to the organization. Step 2 Identify the gaps and determine where the organization stands regarding the compliance mandate. Step 3 Devise a plan to close gaps identified. Step 4 Execute the plan to bring the organization into compliance.

13 © ITT Educational Services, Inc. All rights reserved.Page 13 IS4680 Security Auditing for Compliance Managing Information Security: Risk-Based Approach Step 1 Identification of the information and information system. Step 2 Categorization of the identified information and information system. Step 3 Selection of the system and appropriate security controls.

14 © ITT Educational Services, Inc. All rights reserved.Page 14 IS4680 Security Auditing for Compliance Managing Information Security: Risk-Based Approach (Continued) Step 4 Implementation of the selected system and appropriate security controls. Step 5 Assessment of the implemented system and appropriate security controls’ effectiveness.

15 © ITT Educational Services, Inc. All rights reserved.Page 15 IS4680 Security Auditing for Compliance Managing Information Security: Risk-Based Approach (Continued) Step 6 Authorizing the systems by accepting the risk based upon the selected security controls. Step 7 Monitoring the security controls on a continual basis.

16 © ITT Educational Services, Inc. All rights reserved.Page 16 IS4680 Security Auditing for Compliance EXPLORE: ROLES

17 © ITT Educational Services, Inc. All rights reserved.Page 17 IS4680 Security Auditing for Compliance Roles and Responsibilities  Risk Manager Responsible for identifying organizational risk.  Auditor Responsible for conducting information assurance audit and applying frameworks to the seven domains to align with compliance.  Executive Manager Responsible for aligning external or internal compliance with governance requirements.

18 © ITT Educational Services, Inc. All rights reserved.Page 18 IS4680 Security Auditing for Compliance EXPLORE: CONTEXTS

19 © ITT Educational Services, Inc. All rights reserved.Page 19 IS4680 Security Auditing for Compliance Security Audit Organizational  Examines the management control over IT and related programs, policies, and processes. Compliance Pertains to ensuring that specific guidelines, laws, or requirements have been met. Application  Examines the IT infrastructure and data communications. Technical  Involves the applications that are strategic to the organization. Scope of an IT Audit

20 © ITT Educational Services, Inc. All rights reserved.Page 20 IS4680 Security Auditing for Compliance EXPLORE: RATIONALE

21 © ITT Educational Services, Inc. All rights reserved.Page 21 IS4680 Security Auditing for Compliance Compliance InternalExternal Refers to an organization’s ability to follow its own rules, which are typically based on defined policies. Refers to an organization’s desire to follow rules and guidelines set forth by external organizations and initiatives.

22 © ITT Educational Services, Inc. All rights reserved.Page 22 IS4680 Security Auditing for Compliance Summary In this presentation, the following were covered:  Process for information assurance and regulation leading to compliance  Roles and responsibilities related to information security compliance  Importance of IT security audit  Need for compliance

23 © ITT Educational Services, Inc. All rights reserved.Page 23 IS3440 Linux Security Unit 1 Discussion and Assignments  Discussion 1.1 Public and Private Sector Regulatory Requirements ( Group Discussion)  Assignment 1.3 Compliance Laws

24 © ITT Educational Services, Inc. All rights reserved.Page 24 IS3440 Linux Security Unit 1 Lab Activities  Lab 1.2 Assess the Impact of Sarbanes- Oxley (SOX)Compliance Law on Enron  Lab is in the lab manual on line

25 © ITT Educational Services, Inc. All rights reserved.Page 25 IS3440 Linux Security Class Project  Project Title  Department of Defense DOD Audit  This is a Team Project. You will create 3 teams.  Deliverables or milestone drafts as specified in the project content will be submitted.  Due on Week 11

Download ppt "© ITT Educational Services, Inc. All rights reserved. IS4680 Security Auditing for Compliance Unit 1 Information Security Compliance."

Similar presentations

USG INFORMATION SECURITY PROGRAM AUDIT: ACHIEVING SUCCESSFUL AUDIT OUTCOMES Cara King Senior IT Auditor, OIAC.

USG INFORMATION SECURITY PROGRAM AUDIT: ACHIEVING SUCCESSFUL AUDIT OUTCOMES Cara King Senior IT Auditor, OIAC.
Agency Risk Management and Internal Control Standards Presentation to the Board of Visitors November 14, 2014.

Agency Risk Management and Internal Control Standards Presentation to the Board of Visitors November 14, 2014.
Summer 200811 IAVA1 NATIONAL INFORMATION ASSURANCE TRAINING STANDARD FOR SYSTEM ADMINISTRATORS (SA) Minimum.

Summer IAVA1 NATIONAL INFORMATION ASSURANCE TRAINING STANDARD FOR SYSTEM ADMINISTRATORS (SA) Minimum.
Security Controls – What Works

Security Controls – What Works
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.

Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
© 2006 IBM Corporation Introduction to z/OS Security Lesson 9: Standards and Policies.

© 2006 IBM Corporation Introduction to z/OS Security Lesson 9: Standards and Policies.
Pertemuan 11-12 Matakuliah: A0214/Audit Sistem Informasi Tahun: 2007.

Pertemuan Matakuliah: A0214/Audit Sistem Informasi Tahun: 2007.
Quality evaluation and improvement for Internal Audit

Quality evaluation and improvement for Internal Audit
First Practice - Information Security Management System Implementation and ISO 27001 Certification.

First Practice - Information Security Management System Implementation and ISO Certification.
DITSCAP Phase 2 - Verification Pramod Jampala Christopher Swenson.

DITSCAP Phase 2 - Verification Pramod Jampala Christopher Swenson.
What is Business Analysis Planning & Monitoring?

What is Business Analysis Planning & Monitoring?
INFORMATION SECURITY GOVERNANCE (ISG) Relates to the security of information systems Is an element of corporate governance.

INFORMATION SECURITY GOVERNANCE (ISG) Relates to the security of information systems Is an element of corporate governance.
SEC835 Database and Web application security Information Security Architecture.

SEC835 Database and Web application security Information Security Architecture.
DAA and GEP Orlando 20081 Audit & Compliance or Audit vs. Compliance.

DAA and GEP Orlando Audit & Compliance or Audit vs. Compliance.
Lecture #9 Project Quality Management Quality Processes- Quality Assurance and Quality Control Ghazala Amin.

Lecture #9 Project Quality Management Quality Processes- Quality Assurance and Quality Control Ghazala Amin.
Federal IT Security Professional - Auditor

Federal IT Security Professional - Auditor
Module N° 8 – SSP implementation plan. SSP – A structured approach Module 2 Basic safety management concepts Module 2 Basic safety management concepts.

Module N° 8 – SSP implementation plan. SSP – A structured approach Module 2 Basic safety management concepts Module 2 Basic safety management concepts.
10/20/2015 1 The ISMS Compliance in 2009 GRC-ISMS Module for ISO 27001 Certification.

10/20/ The ISMS Compliance in 2009 GRC-ISMS Module for ISO Certification.
Module 2: Creating a Plan for Network Security. Overview Introduction to Security Policies Designing Security by Using a Framework Creating a Security.

Module 2: Creating a Plan for Network Security. Overview Introduction to Security Policies Designing Security by Using a Framework Creating a Security.
Www.theiia.org IT Controls Global Technology Auditing Guide 1.

IT Controls Global Technology Auditing Guide 1.

Similar presentations

Ads by Google