100% satisfaction guarantee Immediately available after payment Both online and in PDF No strings attached
logo-home
ISACA Cybersecurity Audit Certificate $10.49   Add to cart

Exam (elaborations)

ISACA Cybersecurity Audit Certificate

 0 view  0 purchase
  • Course
  • Institution

ISACA Cybersecurity Audit Certificate Cybersecurity the "preservation of confidentiality, integrity and availability of information in the Cyberspace" Cyberspace the complex environment resulting from the interaction of people, software and services on the Internet by means of technology de...

[Show more]

Preview 2 out of 5  pages

  • June 27, 2024
  • 5
  • 2023/2024
  • Exam (elaborations)
  • Questions & answers
avatar-seller
ISACA Cybersecurity Audit Certificate
Cybersecurity
the "preservation of confidentiality, integrity and availability of information in the Cyberspace"


Cyberspace
the complex environment resulting from the interaction of people, software and services on the
Internet by means of technology devices and networks connected to it, which does not exist in any
physical form


NIST Cybersecurity Framework
Identify—Use organizational understanding to minimize risk to systems, assets, data and capabilities.

Protect—Design safeguards to limit the impact of potential events on critical services and
infrastructure.

Detect—Implement activities to identify the occurrence of a cybersecurity event.

Respond—Take appropriate action after learning of a security event.

Recover—Plan for resilience and the timely repair of compromised capabilities and services.


Lines of Defense
The first line is ownership, implementation and execution.

The second line is risk management, including monitoring/measurement.

The third line is independent testing and assurance.


The objectives of a cybersecurity audit are to:
Provide management with an independent assessment of the effectiveness of cybersecurity
processes, policies, procedures, governance and other controls

Identify security control concerns that could affect the confidentiality, integrity or availability of the
information assets due to weaknesses and vulnerabilities in the system of internal controls, including
key security controls

Evaluate the effectiveness of response and recovery programs

Evaluate compliance with cybersecurity relevant laws and regulations


Governance
the responsibility of the board of directors and senior management of the enterprise.


Goals of a governance program
•Provide strategic direction

•Ensure that objectives are achieved

•Ascertain whether risk is being managed appropriately

, •Verify that the enterprise's resources are being used responsibly


Risk Management
involves the coordination of activities that direct and control an enterprise regarding risk. Requires
the development and implementation of internal controls to manage and mitigate risk throughout the
enterprise, including financial, operational, reputational, investment, physical security and
cybersecurity risk.


Compliance
involves not only adhering to mandated requirements defined by laws and regulations, but also
demonstrating that adherence. Often extends to voluntary requirements resulting from contractual
obligations and internal policies.


Confidentiality
the protection of information from unauthorized access or disclosure. Different types of information
require different levels of confidentiality, and the need for confidentiality can change over time.
Personal, financial and medical information require a higher degree of confidentiality than publicly
available information. Similarly, some enterprises need to protect information on competitive
products (e.g., business strategies, marketing information, intellectual property).


Integrity
the protection of information from unauthorized modification. The concept of integrity also applies to
electronic messaging, files, software and configurations.


Availability
ensures the timely and reliable access to and use of information and systems. Includes safeguards to
make sure data are not accidentally or maliciously deleted. This is particularly important with mission-
critical systems because any interruptions in availability can result in significant loss of productivity
and revenue. Similarly, the loss of data can impact management's ability to make effective decisions
and responses. Can be protected by the use of redundancy, backups, and implementation of business
continuity management and planning.


Cybersecurity Policy
documents management requirements that relate to the protection of digital assets. (These
requirements may already be defined in an information security policy.) These requirements are
addressed through procedures that align to standards, baselines and guidelines.


Overarching Policy
communicates requirements that relate to the entire organization and to any other party that
interacts with the information asset.


Functional Policy
(sometimes referenced as a business unit policy) communicates expectations within supporting
business areas and aligns with the overarching policy.


Standard
describes specific, mandatory controls or rules to support and comply with a policy.

The benefits of buying summaries with Stuvia:

Guaranteed quality through customer reviews

Guaranteed quality through customer reviews

Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.

Quick and easy check-out

Quick and easy check-out

You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.

Focus on what matters

Focus on what matters

Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!

Frequently asked questions

What do I get when I buy this document?

You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.

Satisfaction guarantee: how does it work?

Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.

Who am I buying these notes from?

Stuvia is a marketplace, so you are not buying this document from us, but from seller LectDan. Stuvia facilitates payment to the seller.

Will I be stuck with a subscription?

No, you only buy these notes for $10.49. You're not tied to anything after your purchase.

Can Stuvia be trusted?

4.6 stars on Google & Trustpilot (+1000 reviews)

78799 documents were sold in the last 30 days

Founded in 2010, the go-to place to buy study notes for 14 years now

Start selling
$10.49
  • (0)
  Add to cart