PAPER NO.12 (E2) INFORMATION SYSTEMS SECURITY
UNIT DESCRIPTION
This paper is intended to equip the candidate with the knowledge, skills and attitude that will enable him/her to manage the information security in an organization
LEARNING OUTCOMES
A candidate who passes this paper should be able to:
• Develop Information Systems (IS) security policies for any organization
• Conduct penetration testing to monitor vulnerabilities and threats in IS systems
• Develop suitable countermeasures to protect organization IS
• Design and implement disaster recovery and business continuity planning systems
CONTENT
1. Overview Information Systems Security
1.1 Objectives of IS security
1.2 Organizational information assets and classifications
1.3 Threats, vulnerabilities and risks
1.4 Scope of IS security in an organization
1.5 IS security metrics
2. IS Security Standards and Frameworks
2.1 IS Security Frameworks
2.2 IS security laws and regulations
2.3 IS security governance
3. Network and Computer Security
3.1 Intrusion detection systems
3.2 Intrusion prevention
3.3 Recovery from failures
4. Data Protection
4.1 Identifying critical IS assets
4.2 Data loss prevention
4.3 Data privacy
4.4 Local and international laws & regulations
5. IS Security Controls
5.1 Management controls
5.2 Operational controls
5.3 Technological controls
6. IS Security Policies
6.1 Organizational security policies
6.2 IS security and organizational strategy
6.3 IS security roles and responsibilities
6.4 Evaluation of org IS security
6.5 Developing and implementing an IS security policy
7. Penetration Testing
7.1 Penetration testing tools
7.2 Process of penetration testing
7.3 Reporting and communication of results
8. Designing & Building Secure Systems
8.1 Architectural risk analysis
8.2 Security requirements
8.3 Embedding an IS security culture in an organization
9. Business Continuity & Disaster Recovery
9.1 Incident management
9.2 Business impact analysis
9.3 Business Continuity Planning
9.4 Disaster recovery planning
10. IS Security Audit
10.1 Overview of IS security audit
10.2 IS audit tools and techniques
10.3 IS audit process
10.4 IS audit reporting