© ITT Educational Services, Inc. All rights reserved. IS4680 Security Auditing for Compliance Unit 1 Information Security Compliance.

Slides:



Advertisements
Similar presentations
USG INFORMATION SECURITY PROGRAM AUDIT: ACHIEVING SUCCESSFUL AUDIT OUTCOMES Cara King Senior IT Auditor, OIAC.
Advertisements

Agency Risk Management and Internal Control Standards Presentation to the Board of Visitors November 14, 2014.
Summer IAVA1 NATIONAL INFORMATION ASSURANCE TRAINING STANDARD FOR SYSTEM ADMINISTRATORS (SA) Minimum.
Security Controls – What Works
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
© 2006 IBM Corporation Introduction to z/OS Security Lesson 9: Standards and Policies.
Pertemuan Matakuliah: A0214/Audit Sistem Informasi Tahun: 2007.
Quality evaluation and improvement for Internal Audit
First Practice - Information Security Management System Implementation and ISO Certification.
DITSCAP Phase 2 - Verification Pramod Jampala Christopher Swenson.
What is Business Analysis Planning & Monitoring?
INFORMATION SECURITY GOVERNANCE (ISG) Relates to the security of information systems Is an element of corporate governance.
SEC835 Database and Web application security Information Security Architecture.
DAA and GEP Orlando Audit & Compliance or Audit vs. Compliance.
Lecture #9 Project Quality Management Quality Processes- Quality Assurance and Quality Control Ghazala Amin.
Federal IT Security Professional - Auditor
Module N° 8 – SSP implementation plan. SSP – A structured approach Module 2 Basic safety management concepts Module 2 Basic safety management concepts.
10/20/ The ISMS Compliance in 2009 GRC-ISMS Module for ISO Certification.
Module 2: Creating a Plan for Network Security. Overview Introduction to Security Policies Designing Security by Using a Framework Creating a Security.
IT Controls Global Technology Auditing Guide 1.
© ITT Educational Services, Inc. All rights reserved. IS3230 Access Security Unit 6 Implementing Infrastructure Controls.
International Security Management Standards. BS ISO/IEC 17799:2005 BS ISO/IEC 27001:2005 First edition – ISO/IEC 17799:2000 Second edition ISO/IEC 17799:2005.
Access Security IS3230.
Company: Cincinnati Insurance Company Position: IT Governance Risk & Compliance Service Manager Location: Fairfield, OH About the Company : The Cincinnati.
IS3220 Information Technology Infrastructure Security
Pertemuan 14 Matakuliah: A0214/Audit Sistem Informasi Tahun: 2007.
Deck 5 Accounting Information Systems Romney and Steinbart Linda Batch February 2012.
Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.
© ITT Educational Services, Inc. All rights reserved. IS3120 Network Communications Infrastructure Unit 10 Network Management—FCAPS.
© ITT Educational Services, Inc. All rights reserved. IS3440 Linux Security Unit 1 Introduction to Linux Security.
Chapter 6 Internal Control in a Financial Statement Audit McGraw-Hill/IrwinCopyright © 2012 by The McGraw-Hill Companies, Inc. All rights reserved.
Preventing Corruption Within Security Forces: Cooperation with Agencies Outside of the Forces David M. Crane Office of the Inspector General US Department.
SUNY Maritime Internal Control Program. New York State Internal Control Act of 1987 Establish and maintain guidelines for a system of internal controls.
IMS Implementation Project
Sample Fit-Gap Kick-off
IS4680 Security Auditing for Compliance
CPA Gilberto Rivera, VP Compliance and Operational Risk
Office 365 Security Assessment Workshop
IS4550 Security Policies and Implementation
How To Apply Quality Management
IIASA Governance Review
Data Architecture World Class Operations - Impact Workshop.
Software Configuration Management
IS4550 Security Policies and Implementation Unit 7 Risk Management
IS4680 Security Auditing for Compliance
Introduction to the Federal Defense Acquisition Regulation
Chapter 9 Control, security and audit
INTRODUCTION TO ISO 9001:2015 FOR IMPLEMENTATION Varinder Kumar CISA, ISO27001 LA, ISO 9001 LA, ITIL, CEH, MEPGP IT, Certificate course in PII & Privacy.
IS4550 Security Policies and Implementation
IS4680 Security Auditing for Compliance
IS4550 Security Policies and Implementation
CMGT 445 MASTER Lessons in Excellence--cmgt445master.com.
INTRODUCTION TO Compliance audit METHODOLGY and CAM
IS4550 Security Policies and Implementation Unit 5 User Policies
Internal control - the IA perspective
IS4550 Security Policies and Implementation
IS4680 Security Auditing for Compliance
IS4550 Security Policies and Implementation
IS4550 Security Policies and Implementation
IS4680 Security Auditing for Compliance
IS4550 Security Policies and Implementation
IS4680 Security Auditing for Compliance
Cyber security Policy development and implementation
IS4680 Security Auditing for Compliance
IS4680 Security Auditing for Compliance
Employee engagement Delivery guide
Data Governance & Management Skills and Experience
An overview of Internal Controls Structure & Mechanism
Radiopharmaceutical Production
Security Policies and Implementation Issues
Presentation transcript:

© ITT Educational Services, Inc. All rights reserved. IS4680 Security Auditing for Compliance Unit 1 Information Security Compliance

© ITT Educational Services, Inc. All rights reserved.Page 2 IS3440 Linux Security Class Agenda 6/13/16  Introduction  Course Syllabus.  Learning Objectives  Lesson Presentation and Discussions.  Discussion on Assignments.  Discussion on Lab Activities.  Break Times as per School Regulations.

© ITT Educational Services, Inc. All rights reserved.Page 3 IS3440 Linux Security Course Syllabus  Introduction of Course Syllabus. Course Summary Course Plan Evaluation Academic integrity  Discussion and questions about syllabus.

© ITT Educational Services, Inc. All rights reserved.Page 4 IS3440 Linux Security Name: Williams Obinkyereh Bachelor of Science in Statistics (BSc Stats) Master of Science in Information Technology (MSc IT) Post Masters of Advanced Studies in Software Engineering. Doctor of Computer Science (DCS) Ongoing Contacts:

© ITT Educational Services, Inc. All rights reserved.Page 5 IS4680 Security Auditing for Compliance Learning Objective  Describe the role of information systems security (ISS) compliance in relation to U.S. compliance laws.

© ITT Educational Services, Inc. All rights reserved.Page 6 IS4680 Security Auditing for Compliance Key Concepts  ISS and information assurance in organizations  The various U.S. compliance laws and standards and their role in organizations  The difference between public and private sector regulatory requirements

© ITT Educational Services, Inc. All rights reserved.Page 7 IS4680 Security Auditing for Compliance Key Concepts (Continued)  The importance of organizational governance and compliance and the difference between ISS audits and assessments  ISS audits and their importance in organizations

© ITT Educational Services, Inc. All rights reserved.Page 8 IS4680 Security Auditing for Compliance EXPLORE: PROCESSES

© ITT Educational Services, Inc. All rights reserved.Page 9 IS4680 Security Auditing for Compliance Explore-Group discussion.  IA  IT security audits  IT security assessments  Compliance laws and standards  The consequences of not adhering to compliance laws  Public and private compliance requirements

© ITT Educational Services, Inc. All rights reserved.Page 10 IS4680 Security Auditing for Compliance Generic Process for Information Assurance Step 1 Identify organizational vulnerabilities. Step 2 Apply commercial information technology (IT) solutions, services, and frameworks. Step 3 Protect assets by using the Central Intelligence Agency (CIA) methodology.

© ITT Educational Services, Inc. All rights reserved.Page 11 IS4680 Security Auditing for Compliance Generic Process for Information Assurance (Continued) Step 4 Document any existing or new vulnerabilities. Step 5 Schedule next review.

© ITT Educational Services, Inc. All rights reserved.Page 12 IS4680 Security Auditing for Compliance Regulations Leading to Compliance Step 1 Interpret the new law or regulation and the way it applies to the organization. Step 2 Identify the gaps and determine where the organization stands regarding the compliance mandate. Step 3 Devise a plan to close gaps identified. Step 4 Execute the plan to bring the organization into compliance.

© ITT Educational Services, Inc. All rights reserved.Page 13 IS4680 Security Auditing for Compliance Managing Information Security: Risk-Based Approach Step 1 Identification of the information and information system. Step 2 Categorization of the identified information and information system. Step 3 Selection of the system and appropriate security controls.

© ITT Educational Services, Inc. All rights reserved.Page 14 IS4680 Security Auditing for Compliance Managing Information Security: Risk-Based Approach (Continued) Step 4 Implementation of the selected system and appropriate security controls. Step 5 Assessment of the implemented system and appropriate security controls’ effectiveness.

© ITT Educational Services, Inc. All rights reserved.Page 15 IS4680 Security Auditing for Compliance Managing Information Security: Risk-Based Approach (Continued) Step 6 Authorizing the systems by accepting the risk based upon the selected security controls. Step 7 Monitoring the security controls on a continual basis.

© ITT Educational Services, Inc. All rights reserved.Page 16 IS4680 Security Auditing for Compliance EXPLORE: ROLES

© ITT Educational Services, Inc. All rights reserved.Page 17 IS4680 Security Auditing for Compliance Roles and Responsibilities  Risk Manager Responsible for identifying organizational risk.  Auditor Responsible for conducting information assurance audit and applying frameworks to the seven domains to align with compliance.  Executive Manager Responsible for aligning external or internal compliance with governance requirements.

© ITT Educational Services, Inc. All rights reserved.Page 18 IS4680 Security Auditing for Compliance EXPLORE: CONTEXTS

© ITT Educational Services, Inc. All rights reserved.Page 19 IS4680 Security Auditing for Compliance Security Audit Organizational  Examines the management control over IT and related programs, policies, and processes. Compliance Pertains to ensuring that specific guidelines, laws, or requirements have been met. Application  Examines the IT infrastructure and data communications. Technical  Involves the applications that are strategic to the organization. Scope of an IT Audit

© ITT Educational Services, Inc. All rights reserved.Page 20 IS4680 Security Auditing for Compliance EXPLORE: RATIONALE

© ITT Educational Services, Inc. All rights reserved.Page 21 IS4680 Security Auditing for Compliance Compliance InternalExternal Refers to an organization’s ability to follow its own rules, which are typically based on defined policies. Refers to an organization’s desire to follow rules and guidelines set forth by external organizations and initiatives.

© ITT Educational Services, Inc. All rights reserved.Page 22 IS4680 Security Auditing for Compliance Summary In this presentation, the following were covered:  Process for information assurance and regulation leading to compliance  Roles and responsibilities related to information security compliance  Importance of IT security audit  Need for compliance

© ITT Educational Services, Inc. All rights reserved.Page 23 IS3440 Linux Security Unit 1 Discussion and Assignments  Discussion 1.1 Public and Private Sector Regulatory Requirements ( Group Discussion)  Assignment 1.3 Compliance Laws

© ITT Educational Services, Inc. All rights reserved.Page 24 IS3440 Linux Security Unit 1 Lab Activities  Lab 1.2 Assess the Impact of Sarbanes- Oxley (SOX)Compliance Law on Enron  Lab is in the lab manual on line

© ITT Educational Services, Inc. All rights reserved.Page 25 IS3440 Linux Security Class Project  Project Title  Department of Defense DOD Audit  This is a Team Project. You will create 3 teams.  Deliverables or milestone drafts as specified in the project content will be submitted.  Due on Week 11

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.