cyb407 | undergraduate
Information Systems Risk Controls And Auditing Management
This undergraduate-level course is 5 To enroll, speak with an Enrollment Representative.
topic title goes here
Information Systems, Risk Management Systems, and Security Controls
- Categorize information systems based on the information stored, transmitted, and processed.
- Analyze the Center for Internet Security (CIS) Critical Security Controls for Effective Cyber Defense (formerly the SANS 20).
- Explain the relationship between Critical Controls, International Organization for Standardization/International Electro-technical Commission (ISO/IEC), National Institute of Standards and Technology (NIST), and Control Objectives for Information and Related Technologies (COBIT).
- Specify the risk management framework to be used for developing the security plan.
Selection of Security Controls
- Define the functional roles of the Information System Owner, Common Control Provider, Information Owner/Steward, Information System Security Officer, Information System Security Engineer, Risk Executive (Function), Authorizing Official or Designated Representative, Chief Information Officer, and Senior Information Security Officer.
- Identify and prioritize the attack vectors of a specified industry and organization.
- Select ten appropriate security controls, including system-specific controls, common controls, and hybrid controls.
- Plan for management of security controls using a security toolkit application.
Polices and Assessment Planning for Security Controls
- Provide polices that map to appropriate security controls for the specified organization including system-specific controls, common controls, and hybrid controls.
- Describe assessment objects, mechanisms, and specifications.
- Develop a security assessment plan.
- Distinguish assurance professional roles and responsibilities in the review and approval of an assessment plan.
Assessing and Monitoring Security Controls
- Distinguish information gathering tools and techniques used to assess and monitor security controls.
- Exemplify the assessment of security controls as defined in the security assessment plan.
- Provide a security assessment report.
- Communicate organizational risk, risk tolerance, and risk acceptance.
Authorization, Security Policy, and POA&M
- Classify information system operation authorization.
- Describe how Control Objectives for Information and Related Technologies (COBIT), from an audit perspective, is used to manage a POA&M.
- Produce a Plan of Actions and Milestones (POA&M) based on the findings and recommendation of the security assessment report.
- Provide security and audit plans and policies to support continuous improvement to organizational stakeholders.
Please ask about these special rates:
Teacher Rate: For some courses, special tuition rates are available for current, certified P-12 teachers and administrators. Please speak with an Enrollment Representative today for more details.
Military Rate: For some courses, special tuition rates are available for active duty military members and their spouses. Please speak with an Enrollment Representative today for more details.
The University of Phoenix reserves the right to modify courses.
While widely available, not all programs are available in all locations or in both online and on-campus formats. Please check with a University Enrollment Representative.
Transferability of credit is at the discretion of the receiving institution. It is the student’s responsibility to confirm whether or not credits earned at University of Phoenix will be accepted by another institution of the student’s choice.