cyb407 | undergraduate

Information Systems Risk Controls And Auditing Management

Explore by:

or call us at

About:

About:

This course focuses on information security management principles. It will cover Designing-Deploying and Managing Security Controls, Security Control Types and Objects, Implementing Control and Assurance Frameworks, and Audit Management.

This undergraduate-level course is 5 weeks To enroll, speak with an Enrollment Representative.

Course details:

Credits: 3
Continuing education units: XX
Professional development units: XX
Duration: 5 weeks

topic title goes here

    Authorization, Security Policy, and POA&M

    • Describe how Control Objectives for Information and Related Technologies (COBIT), from an audit perspective, is used to manage a POA&M.
    • Produce a Plan of Actions and Milestones (POA&M) based on the findings and recommendation of the security assessment report.
    • Provide security and audit plans and policies to support continuous improvement to organizational stakeholders.
    • Classify information system operation authorization.

    Information Systems, Risk Management Systems, and Security Controls

    • Categorize information systems based on the information stored, transmitted, and processed.
    • Analyze the Center for Internet Security (CIS) Critical Security Controls for Effective Cyber Defense (formerly the SANS 20).
    • Explain the relationship between Critical Controls, International Organization for Standardization/International Electro-technical Commission (ISO/IEC), National Institute of Standards and Technology (NIST), and Control Objectives for Information and Related Technologies (COBIT).
    • Specify the risk management framework to be used for developing the security plan.

    Selection of Security Controls

    • Define the functional roles of the Information System Owner, Common Control Provider, Information Owner/Steward, Information System Security Officer, Information System Security Engineer, Risk Executive (Function), Authorizing Official or Designated Representative, Chief Information Officer, and Senior Information Security Officer.
    • Identify and prioritize the attack vectors of a specified industry and organization.
    • Select ten appropriate security controls, including system-specific controls, common controls, and hybrid controls.
    • Plan for management of security controls using a security toolkit application.

    Polices and Assessment Planning for Security Controls

    • Provide polices that map to appropriate security controls for the specified organization including system-specific controls, common controls, and hybrid controls.
    • Describe assessment objects, mechanisms, and specifications.
    • Develop a security assessment plan.
    • Distinguish assurance professional roles and responsibilities in the review and approval of an assessment plan.

    Assessing and Monitoring Security Controls

    • Distinguish information gathering tools and techniques used to assess and monitor security controls.
    • Exemplify the assessment of security controls as defined in the security assessment plan.
    • Provide a security assessment report.
    • Communicate organizational risk, risk tolerance, and risk acceptance.
    Tuition for individual courses varies. For more information, please call or chat live with an Enrollment Representative.

    Please ask about these special rates:

    Teacher Rate: For some courses, special tuition rates are available for current, certified P-12 teachers and administrators. Please speak with an Enrollment Representative today for more details.

    Military Rate: For some courses, special tuition rates are available for active duty military members and their spouses. Please speak with an Enrollment Representative today for more details.

    The University of Phoenix reserves the right to modify courses.

    While widely available, not all programs are available in all locations or in both online and on-campus formats. Please check with a University Enrollment Representative.

    Transferability of credit is at the discretion of the receiving institution. It is the student’s responsibility to confirm whether or not credits earned at University of Phoenix will be accepted by another institution of the student’s choice.