Preview

Domain 5 of CISA Exam

Powerful Essays
Open Document
Open Document
2217 Words
Grammar
Grammar
Plagiarism
Plagiarism
Writing
Writing
Score
Score
Domain 5 of CISA Exam
Domain 5 of CISA Exam
Protection of Information Assets
Clarence Murphy
4345146
ISSC471 IT Security: Auditing
American Military University
Dr. Eric Yocam
23 Oct 2014

Domain 5 of CISA Exam
Protection of Information Assets
Introduction
Domain 5 of the CISA exam covers protection of information assets and includes eight areas of competence. This part of the CISA exam is weighted 30 percent of the overall score, which is the most of any domain. This emphasizes the importance of information asset protection to CISA and to organizations. This research considers each of those eight aspects.
Importance of Information Security Management
Information security management focuses in three key areas: confidentiality, integrity and availability. Confidentiality refers to protecting the data so that private information remains private. Integrity refers to ensuring that the information is accurate and is not corrupted at any point during the data’s lifecycle, including while

being transferred from one location to another or during processing. Availability refers to having the right data available to the right users at the right time (Singleton, 2007).
Information security management relies on six key elements: senior management commitment and support; policies and procedures; organization; security awareness and training; monitoring and compliance; and, incident handling and response (Magee, 2011). Without senior management commitment and support, the resources will not be available to support information security management. Policies and procedures, and organization, put the infrastructure in place with the necessary framework to ensure successful deployment of information security management. Security awareness and training provides necessary education for the organization, while monitoring and compliance provides the mechanism for ensuring that the policies and strategy of the information security management program are followed. Incident handling and response



References: Ensure Networks. (2014). IT Security Auditing. Retrieved October 31, 2014, from Ensure Networks: http://ensurenetworks.com/compliance-management/ ISACA. (2014). Certified Information Systems Auditor (CISA) . Retrieved October 31, 2014, from ISACA: http://www.isaca.org/Certification/CISA-Certified-Information-Systems-Auditor/Pages/default.aspx LeGrand, C., & Sarel, D. (2008). Database Security, Compliance and Audit. Retrieved October 31, 2014, from ISACA: http://www.isaca.org/Journal/Past-Issues/2008/Volume-5/Pages/Database-Security-Compliance-and-Audit1.aspx Magee, K. (2011, April 1). CISA Domain 5 – Protection of Information Assets. Retrieved October 31, 2014, from Infosec Institute: http://resources.infosecinstitute.com/cisa-domain-5-protection-of-information-assets/ Mathias, C. (2013, September). Mobility Management: Beyond MDM and BYOD. Retrieved October 31, 2014, from Search CIO: http://searchcio.techtarget.com/tip/Mobility-management-Beyond-MDM-and-BYOD McFarland, S. (2014). The Future of Security. Cloud Security Alliance. Securosis. Retrieved October 31, 2014, from https://securosis.com/assets/library/reports/Future-of-Security.v.1.pdf Natarajan, S. (2012). Security Issues in Network Virtualization for the Future Internet. University of Massachusetts-Amherst. Scholar Works. Retrieved October 31, 2014, from http://scholarworks.umass.edu/cgi/viewcontent.cgi?article=1655&context=open_access_dissertations Singleton, T. W. (2007). What Every IT Auditor Should Know About Auditing Information Security. Retrieved October 31, 2014, from ISACA: http://www.isaca.org/Journal/Past-Issues/2007/Volume-2/Pages/What-Every-IT-Auditor-Should-Know-About-Auditing-Information-Security1.aspx Trull, J. (2012). Security Through Effective Penetration Testing. Retrieved October 31, 2014, from ISACA: http://www.isaca.org/Journal/Past-Issues/2012/Volume-2/Pages/Security-Through-Effective-Penetration-Testing.aspx Wood, M. (2014, October 1). Mobile Malware: Small Numbers, But Growing. Retrieved October 31, 2014, from New York Times: http://www.nytimes.com/2014/10/02/technology/personaltech/mobile-malware-small-numbers-but-growing.html?_r=0

You May Also Find These Documents Helpful

  • Better Essays

    Gartenberg, M. (2005, January 13). How to develop an enterprise security policy. Retrieved from http://www.computerworld.com/article/2569303/security0/how-to-develop-an-enterprise-security-policy.html…

    • 2101 Words
    • 8 Pages
    Better Essays
  • Good Essays

    Nt1330 Unit 6 Paper

    • 853 Words
    • 4 Pages

    and detailed work strategies, monitoring progress, and determining issues solutions. Finally, organizations should dedicate a team of security analysts directed by the expertise of a Chief information security office (CISO) that reports to the Chief information office (CIO) and provides detailed security information to management for assessment and further expansion opportunities to the security infrastructure. Thus, management and a team of dedicated security experts measure system goals, develop strategies towards a more secure organization environment that prevents risks of any magnitude by safeguarding every corner.…

    • 853 Words
    • 4 Pages
    Good Essays
  • Satisfactory Essays

    Itt 255 IT255 Instructor Lab Manual LABORATORY Instructor Lab Manual IT255 Fundamentals of Information Systems Security Copyright © 2012 Jones & Bartlett Learning, LLC www.jblearning.com All Rights Reserved. Current Version Date: 12/06/2010 -1- IT255 Instructor Lab Manual LABORATORY ISS Curriculum Overview............................................................................................................................. 5 Ethics and Code of Conduct.......................................................................................................................... 6 ISS Mock IT Infrastructure ...........................................................................................................................…

    • 33056 Words
    • 133 Pages
    Satisfactory Essays
  • Good Essays

    This report gives a brief description the general security solutions planned for the safety of data and information that belongs to the organization. The outline will provide elements of a multi-layered security plan, and will indicate a general security solution for each of the seven domains of a typical IT infrastructure. Also I will describe a layer of security for each of the seven domains.…

    • 801 Words
    • 4 Pages
    Good Essays
  • Better Essays

    Any information stored in an organisation has to follow the security and confidentiality procedures. Information security and confidentiality is the process where data is kept away from unauthorised access, disclosure, destruction, use or modification. It applies to both physical and electronic data. All organisations store a large amount of confidential information about their employees, customers, company’s status,…

    • 1681 Words
    • 7 Pages
    Better Essays
  • Satisfactory Essays

    Suggest methods, processes, or technologies that can be used by the CIO to certify the security functions and data assets of an organization on a day-to-day basis.…

    • 514 Words
    • 3 Pages
    Satisfactory Essays
  • Good Essays

    NT2580 Project part 1

    • 606 Words
    • 3 Pages

    Safety of data and information is a real important aspect of a company. Before we can create an outline for general security solutions we must first define what is needed. I recommend that we use a multi-layered security plan. There are a total of seven domains of an IT infrastructure including user domain, workstation domain, LAN domain, LAN-to-WAN domain, WAN domain, remote access domain, and system/application domain.…

    • 606 Words
    • 3 Pages
    Good Essays
  • Powerful Essays

    Nt1310 Unit 1 Assignment 1

    • 1434 Words
    • 6 Pages

    Information has become the most valuable asset of any organization. And keeping that information secure is a major factor in the design and development of any computer system. Security is defined by Merriam-Webster as “the state of being protected or safe from harm”. It is up to every organization to insure that their data is protected, and that nothing that is harmful to the company or its clients is compromised.…

    • 1434 Words
    • 6 Pages
    Powerful Essays
  • Good Essays

    BSA/310

    • 674 Words
    • 3 Pages

    In business, an information security is a set of policies to protect the companies and small businesses infrastructure, physical, and information technology assets, and to ensure that information technology users within the domain of the companies and small businesses comply with the rules and guidelines related to the security of the information stored digitally at any network within the boundaries of authority. In short, it can protect data from the outside and even inside threat. The data and information, which the companies and small businesses have, are arguably the most important assets. They should ensure the data confidentiality, integrity, availability, non-repudiation, authentication, and authorization. Most small businesses and companies must have information security to ensure their business and information assets. Information security protects data and controls how it should be distributed within or without the businesses boundaries. This means that information should be encrypted and may have restrictions placed on its distribution to the third party. Information security should protect the data from the outside threats such as:…

    • 674 Words
    • 3 Pages
    Good Essays
  • Satisfactory Essays

    NT2580

    • 1232 Words
    • 14 Pages

    Introduction to Information Security © ITT Educational Services, Inc. All rights reserved. Page 7 Integrity Maintain valid, uncorrupted, and accurate information.…

    • 1232 Words
    • 14 Pages
    Satisfactory Essays
  • Satisfactory Essays

    NT2580

    • 526 Words
    • 5 Pages

    Common security countermeasures typically found in an IT infrastructure  Risk assessment approach to securing an IT infrastructure  Risk mitigation strategies to shrink the information security gap NT2580 Introduction to Information Security © ITT Educational Services, Inc. All rights reserved. Page 3 EXPLORE: CONCEPTS NT2580…

    • 526 Words
    • 5 Pages
    Satisfactory Essays
  • Good Essays

    Often Information Technology Directors overlook that information security is more of a people issue rather than a technology issue. We rely heavily on people’s awareness, ethics and behavior, and an understanding of what they want to achieve is essential to accomplish the goals of business. This includes the employees that deliver services and the customers that take advantage of them, as well as the senior executives that outline the budgets.…

    • 801 Words
    • 4 Pages
    Good Essays
  • Better Essays

    Various authentication methods are used and range from the simple to complex. The security level provided will vary depending on the utilized technique and deployment method. The most dominant method involves authentication with a password and username. However, this is also one of the most insecure methods. We can describe these devices and systems depending on the three factors:…

    • 1097 Words
    • 5 Pages
    Better Essays
  • Satisfactory Essays

    Confidentiality and information security are key factors for an organisation. It allows organisations to ensure they preserve these along with…

    • 2721 Words
    • 11 Pages
    Satisfactory Essays
  • Better Essays

    Cmgt400 Week 3

    • 1752 Words
    • 8 Pages

    Whitman, M., & Mattord, H. (2010). Management of Information Security (third ed.). Pittsburgh, PA: Cengage Learning.…

    • 1752 Words
    • 8 Pages
    Better Essays