This lessons continues to cover knowledge statements. Examples include: - Knowledge of the Information Infrastructure Library - Knowledge of the IT control functionary of IT infrastructure Participants also learn about physical security components and understanding digital forensic techniques. [toggle_content title="Transcript"] So, starting with the implementation of our systems and operations at the high level, what we're thinking about here is how do we deal with all of the different various moving parts an organization has within its IT departments? There are a lot of things to think about. We have the hardware, software and firmware as broad categories. We also have to think about licensing, our change control process, how we implement our security controls, how we deal with physical security. So, typically, we think about physical security as gates, guns, guards, locks, security cameras lighting is even considered a physical security component. And then tying all this together we have to also understand who's responsible for all these different aspects of the organization. What are the roles and responsibilities involved and how do they interact with each other when discussions arise or maybe when you're revising your procedures and your policies. We have to think about how we manage our databases. If databases are not managed correctly, they can become unwieldy and exhibit poor performance. So that's one area where some expertise will be expected, whether it's a database administrator or a consulting firm that comes in to do some work. The bottom line is that we want our databases to perform well and be maintained properly. We have to think about how we do our system analysis, performance monitoring of those systems. How do we manage our logs? What kind of log monitoring tools do we use? How do we deal with the storage of confidential information? How do we retrieve that safely? How long do we have to keep the information around? Then, pulling some of this all together in the events of problems related to hacking, and so on we have to have some understanding of digital forensic techniques. [/toggle_content]
Certified Information System Auditor (CISA)
In order to face the dynamic requirements of meeting enterprise vulnerability management challenges, CISA course covers the auditing process to ensure that you have the ability to analyze the state of your organization and make changes where needed.