Overview

Save Big on Coursera Plus. 7,000+ courses at $160 off. Limited Time Only!

Grab it

This course offers an in-depth exploration of information security auditing principles, tailored for professionals preparing for the CISA certification. Starting with an overview of frameworks, standards, and guidelines, you will understand their critical role in protecting information assets. The course outlines the responsibilities of IS auditors in evaluating security baselines and implementing effective data privacy practices. Key modules focus on physical and environmental controls, ensuring that you are equipped to audit diverse aspects of information systems security, from infrastructure protection to compliance requirements. As you progress, the course delves into access management and data protection strategies. You will learn about identity and access management principles, logical access controls, and common authorization issues that pose risks to information systems. Detailed discussions on audit logging, data loss prevention (DLP), and network infrastructure will provide you with the skills needed to monitor and protect sensitive information effectively. The course also addresses the auditing of applications within networked environments, helping you understand the complexities of securing interconnected systems. In the latter sections, the focus shifts to advanced topics such as cryptography, network security, and cloud computing. You will explore the fundamentals of encryption systems, including symmetric and asymmetric keys, and learn to apply cryptographic principles for robust information security. Modules on PKI, virtualization, and cloud environments will further enhance your ability to assess and mitigate risks in modern IT landscapes. Additionally, the course covers security testing techniques, network penetration testing, and the use of IDS/IPS tools, preparing you to perform comprehensive security audits. By the end of this course, you will have a solid understanding of information security auditing, ready to tackle the CISA exam and advance your career in cybersecurity. This course is designed for IT auditors, security professionals, and individuals preparing for the CISA certification. It is suitable for those with a basic understanding of information systems and security principles. No prior CISA experience is required, but familiarity with IT audit processes will be beneficial.

Syllabus

Frameworks, Roles, and Data Protection

In this module, we will cover the foundational elements necessary for safeguarding information assets. You will learn about implementing security frameworks, defining roles for effective management, establishing security baselines, and ensuring compliance with data privacy regulations.

Access Management, Logging, and Data Protection

In this module, we will delve into the critical areas of access control and data protection. You will learn how to secure physical and logical access to assets, implement effective logging and monitoring practices, and utilize identity management systems to protect sensitive information.

Network Security, Cryptography, and Cloud Computing

In this module, we will explore advanced network security techniques, encryption strategies, and the complexities of securing virtual and cloud environments. You will gain practical knowledge on securing network infrastructures, managing encryption systems, and protecting cloud-based assets.

Security Testing, Incident Management, and Forensics

In this module, we will focus on proactive and reactive measures for managing security risks. You will learn about conducting effective security training, testing security controls, managing incidents, and handling digital forensics to ensure comprehensive protection of information assets.