Domain 5 of CISA Exam
Domain 5 of CISA Exam
Protection of Information Assets
Clarence Murphy
4345146
ISSC471 IT Security: Auditing
American Military University
Dr. Eric Yocam
23 Oct 2014
Domain 5 of CISA Exam
Protection of Information Assets
Introduction
Domain 5 of the CISA exam covers protection of information assets and includes eight areas of competence. This part of the CISA exam is weighted 30 percent of the overall score, which is the most of any domain. This emphasizes the importance of information asset protection to CISA and to organizations. This research considers each of those eight aspects.
Importance of Information Security Management
Information security management focuses in three key areas: confidentiality, integrity and availability. Confidentiality refers to protecting the data so that private information remains private. Integrity refers to ensuring that the information is accurate and is not corrupted at any point during the data’s lifecycle, including while
being transferred from one location to another or during processing. Availability refers to having the right data available to the right users at the right time (Singleton, 2007).
Information security management relies on six key elements: senior management commitment and support; policies and procedures; organization; security awareness and training; monitoring and compliance; and, incident handling and response (Magee, 2011). Without senior management commitment and support, the resources will not be available to support information security management. Policies and procedures, and organization, put the infrastructure in place with the necessary framework to ensure successful deployment of information security management. Security awareness and training provides necessary education for the organization, while monitoring and compliance provides the mechanism for ensuring that the policies and strategy of the information security management program are followed. Incident handling and response
Protection of Information Assets
Clarence Murphy
4345146
ISSC471 IT Security: Auditing
American Military University
Dr. Eric Yocam
23 Oct 2014
Domain 5 of CISA Exam
Protection of Information Assets
Introduction
Domain 5 of the CISA exam covers protection of information assets and includes eight areas of competence. This part of the CISA exam is weighted 30 percent of the overall score, which is the most of any domain. This emphasizes the importance of information asset protection to CISA and to organizations. This research considers each of those eight aspects.
Importance of Information Security Management
Information security management focuses in three key areas: confidentiality, integrity and availability. Confidentiality refers to protecting the data so that private information remains private. Integrity refers to ensuring that the information is accurate and is not corrupted at any point during the data’s lifecycle, including while
being transferred from one location to another or during processing. Availability refers to having the right data available to the right users at the right time (Singleton, 2007).
Information security management relies on six key elements: senior management commitment and support; policies and procedures; organization; security awareness and training; monitoring and compliance; and, incident handling and response (Magee, 2011). Without senior management commitment and support, the resources will not be available to support information security management. Policies and procedures, and organization, put the infrastructure in place with the necessary framework to ensure successful deployment of information security management. Security awareness and training provides necessary education for the organization, while monitoring and compliance provides the mechanism for ensuring that the policies and strategy of the information security management program are followed. Incident handling and response
References: Ensure Networks. (2014). IT Security Auditing. Retrieved October 31, 2014, from Ensure Networks: http://ensurenetworks.com/compliance-management/ ISACA. (2014). Certified Information Systems Auditor (CISA) . Retrieved October 31, 2014, from ISACA: http://www.isaca.org/Certification/CISA-Certified-Information-Systems-Auditor/Pages/default.aspx LeGrand, C., & Sarel, D. (2008). Database Security, Compliance and Audit. Retrieved October 31, 2014, from ISACA: http://www.isaca.org/Journal/Past-Issues/2008/Volume-5/Pages/Database-Security-Compliance-and-Audit1.aspx Magee, K. (2011, April 1). CISA Domain 5 – Protection of Information Assets. Retrieved October 31, 2014, from Infosec Institute: http://resources.infosecinstitute.com/cisa-domain-5-protection-of-information-assets/ Mathias, C. (2013, September). Mobility Management: Beyond MDM and BYOD. Retrieved October 31, 2014, from Search CIO: http://searchcio.techtarget.com/tip/Mobility-management-Beyond-MDM-and-BYOD McFarland, S. (2014). The Future of Security. Cloud Security Alliance. Securosis. Retrieved October 31, 2014, from https://securosis.com/assets/library/reports/Future-of-Security.v.1.pdf Natarajan, S. (2012). Security Issues in Network Virtualization for the Future Internet. University of Massachusetts-Amherst. Scholar Works. Retrieved October 31, 2014, from http://scholarworks.umass.edu/cgi/viewcontent.cgi?article=1655&context=open_access_dissertations Singleton, T. W. (2007). What Every IT Auditor Should Know About Auditing Information Security. Retrieved October 31, 2014, from ISACA: http://www.isaca.org/Journal/Past-Issues/2007/Volume-2/Pages/What-Every-IT-Auditor-Should-Know-About-Auditing-Information-Security1.aspx Trull, J. (2012). Security Through Effective Penetration Testing. Retrieved October 31, 2014, from ISACA: http://www.isaca.org/Journal/Past-Issues/2012/Volume-2/Pages/Security-Through-Effective-Penetration-Testing.aspx Wood, M. (2014, October 1). Mobile Malware: Small Numbers, But Growing. Retrieved October 31, 2014, from New York Times: http://www.nytimes.com/2014/10/02/technology/personaltech/mobile-malware-small-numbers-but-growing.html?_r=0