Certified Information Systems Auditor (CISA) 2019: BCP & Network Security

Certified Information Systems Auditor (CISA) 2019: BCP & Network Security

• discover the key concepts covered in this course
• define which types of solutions provide IT system and data high availability
• describe common characteristics of a disaster recovery plan including RTO and RPO
• describe common characteristics of a business continuity plan, BIA, and related insurance options
• describe common characteristics of an incident response plan
• plan for alternate site usage in the event of a disaster
• identify common RAID level characteristics
• configure RAID 5 in Windows Server 2016
• configure Azure SQL Database geo-redundancy
• describe common network attacks such as man-in-the-middle attacks, ARP and DNS poisoning, and DDoS
• describe how 802.1X, VLANs, MAC filtering, and other network configuration options can enhance network security
• recognize the different types of firewalls including WAF, their placement such as in the DMZ, and when they should be used
• use the free Wireshark tool to capture and analyze plaintext traffic
• configure Windows Advanced Firewall rules
• configure URL content and keyword filtering on a wireless router
• proactively plan for business interruptions and malicious network activity

This course addresses why and how organizations must have a Disaster Recovery Plan (DRP), for resiliency in the face of malicious attacks, as well as natural and man-made disasters. The DRP is part of the overall Business Continuity Plan (BCP), which ensures the ongoing functionality of business processes. In this course, you will learn a variety of disaster planning strategies, as well as network security configurations order when planning for business disruptions. Learners will explore the auditing process, and what IS auditors need to consider as the audit objective and the audit scope, and which may include reviewing business continuity plans within the organization. This course identifies common redundant array of independent disks (RAID)-level characteristics, and you will learn how to configure RAID 5 in Windows Server 2016. You will learn how to configure Microsoft Azure cloud computing and SQL database georedundancy. Finally, the course explores numerous network security topics, such as wired and wireless network security and network threat mitigation through configuration of firewalls. This course helps learners prepare for the ISACA Certified Information Systems Auditor  (CISA) certification exam.

Certified Information Systems Auditor (CISA) 2019: Continuous Monitoring

Certified Information Systems Auditor (CISA) 2019: Continuous Monitoring

• discover the subject areas covered in this course
• describe how monitoring is an important aspect of the IS auditing process
• recognize the importance of monitoring business processes for continuous process improvement
• list how various sampling types such as attribute, variable, statistical, and discovery sampling play a role in the audit process
• filter Windows logs to show only relevant log entries
• send Linux log events to a centralized logging host
• plan optimal settings for packet capturing placement and configuration
• capture and filter network traffic using the free Wireshark tool
• recognize how SIEM systems provide centralized security event monitoring and management
• recognize how an IDS can identify suspicious host and network activity
• describe IS audit sampling and the purpose of SIEM, list IPS characteristics, and capture and filter traffic with Wireshark

Explore the continuous needs of monitoring business processes and supporting IT solutions, and how IS auditing can identify where this can be improved upon.

Certified Information Systems Auditor (CISA) 2019: Data Privacy & Risk

Certified Information Systems Auditor (CISA) 2019: Data Privacy & Risk

• define how the CIA triad enhances IT security
• recognize examples of Personally Identifiable Information
• recognize examples of Protected Health Information
• describe how GDPR assures data privacy
• align data protection policies with GDPR
• describe how PCI DSS protects cardholder information
• identify network devices with insufficient antimalware protection using the free Spiceworks tool
• describe how HIPAA protects sensitive medical information
• describe how FedRAMP standards are used to secure U.S. government information systems
• recognize the importance of identifying assets that have the most value to a specific organization
• determine the ALE value using an online ALE calculator
• scan a network using Nmap to determine which devices are present
• map IT solutions to data privacy requirements

Discover how assessing IT asset risks and applying appropriate data privacy standards helps keep sensitive data from unauthorized entities in preparation for the CISA exam.

Certified Information Systems Auditor (CISA) 2019: Data Storage & Malware

Certified Information Systems Auditor (CISA) 2019: Data Storage & Malware

• distinguish between data and information and describe how they are secured
• define the relationship between big data and the value of data analytics
• list methods of securing a SAN
• enable password authentication for iSCSI target access
• recognize common security options available with cloud storage
• ensure that decommissioned storage media does not contain retrievable data artifacts
• identify common database hardening techniques
• deploy Microsoft SQL Database in the Azure cloud
• implement a database replication strategy
• identify data availability strategies, including whether security controls are still in place after data recovery
• protect data using the Windows Backup feature
• protect data by backing it up to the cloud
• distinguish between malware types
• identify the various forms of social engineering and the related security risks
• implement controls that provide data availability

Explore the variety of methods through which stored data can be secured and made highly available, despite the realization of malware threats, as you prepare for the CISA exam.

Certified Information Systems Auditor (CISA) 2019: Digital Asset Protection

Certified Information Systems Auditor (CISA) 2019: Digital Asset Protection

• discover the key concepts covered in this course
• recognize how an IT maturity model provides an assessment as to whether technology is effectively meeting business needs
• align business needs with secured technological solutions
• map security hardware and software to the OSI model
• enable requirements for complex passwords and user account intruder detection
• configure endpoint antimalware policy settings centrally using SCCM
• determine when DLP solutions should be used for data privacy
• describe why IoT devices are generally considered to be unsecure
• browse the shodan.io site to locate vulnerable IoT devices
• use techniques such as network isolation and changing default settings to harden IoT devices
• harden mobile devices
• manually harden an Android smartphone
• configure Microsoft SCCM policies to ensure mobile device security compliance
• identify how users can unwittingly install malicious apps on mobile devices
• compare OSI Layer 3 and Layer 7 security solutions, provide mitigation recommendations, list common IoT devices, and describe how to harden mobile devices

Security technicians must determine which security controls most effectively protect assets at a reasonable cost. Explore IT maturity models, and endpoint, Internet of Things (IoT), and mobile device security in this 15-video course. Key concepts covered here include: how IT maturity models provide assessments as to whether technology effectively meets business needs; how to map security hardware and software to the Open Systems Interconnection model (OSI model); and how to enable requirements for complex passwords and user account intruder detection. Next, learn to configure endpoint antimalware policy settings centrally with System Center Configuration Manager (SCCM); how to determine when data loss prevention (DLP) solutions are needed for data privacy; and why IoT devices are generally considered unsecure. Learn to use the shodan.io site to locate vulnerable IoT devices; use techniques such as network isolation and changing default settings to harden IoT and mobile devices; and manually harden an Android smartphone. Finally, learn how to configure SCCM policies to ensure mobile device security compliance and compare OSI Layer 3 and Layer 7 security solutions. This course helps learners prepare for the ISACA Certified Information Systems Auditor  (CISA) certification exam.

Certified Information Systems Auditor (CISA) 2019: Digital Evidence Gathering

Certified Information Systems Auditor (CISA) 2019: Digital Evidence Gathering

• discover the subject areas covered in this course
• describe the purpose of digital forensics
• describe digital forensic hardware
• describe digital forensic software
• identify which IT components should be collected as evidence and the recommended order of collection
• recognize the importance of evidence handling and adherence to the chain of custody
• use the Kali Linux Autopsy Forensic Browser to view user data
• use the Kali Linux Foremost tool to retrieve data from a disk image
• acquire a hard disk image using the Linux dd command
• describe how forensic disk write blockers work, the evidence order of volatility, how to prove evidence integrity, and use Linux commands to acquire a disk image

Discover the importance of taking appropriate care when gathering, handling, and storing digital evidence so that it remains admissible in a court of law. Explore digital forensics, chain of custody, order of volatility, and hard disk imaging.

Certified Information Systems Auditor (CISA) 2019: IAM & Data Classification

Certified Information Systems Auditor (CISA) 2019: IAM & Data Classification

• recognize authentication categories and how authorization then follows
• create Active Directory users and groups on-premises
• create Microsoft Azure AD users and groups
• recognize how multifactor authentication enhances security
• enable MFA for an Azure AD user
• assign built-in Microsoft Azure roles to Azure AD groups
• assign built-in AWS policies
• use the delegation of control wizard to enable others to manage AD objects
• recognize the role of identity federation across organizations, including SSO
• recognize how resource tagging aids in tracking and granting permissions
• configure shared folder and NTFS Windows file system permissions
• configure standard Linux file system permissions
• classify Windows Server files with metadata
• use resource and Active Directory attributes to conditionally grant file system permissions
• create and manage authentication accounts and data tags

Explore how multifactor authentication and role-based access control lessen the risk of system compromise and privilege abuse, and how data classification uses tags to organize data, in preparation for the CISA exam.

Certified Information Systems Auditor (CISA) 2019: Information System Auditing

Certified Information Systems Auditor (CISA) 2019: Information System Auditing

• recall how IS auditing shows whether IT solutions meet business objectives efficiently and effectively
• recognize expectations of conduct for CISA certified individuals
• recall how auditing standards provide guidance for conducting efficient audits
• interpret various types of documentation when preparing an IS audit
• identify client needs that map to business objectives
• recognize the importance of network documentation
• list different categories of security controls including internal business process controls, IT controls, and sampling types
• identify control objectives required to secure organizational assets along with the controls themselves
• plan for audit funding, personnel, and related items
• schedule audit phases
• report serious discoveries including fraud or serious IT vulnerabilities
• generate audit reports including which existing controls have passed or failed
• communicate with stakeholders after audit recommendations are reported
• identify how IS auditing identifies weak security controls

Discover the keys to conducting a successful audit - the nature of a business, its driving processes, and its underlying IT solutions. Examine controls and audit reporting in preparation for the CISA exam.

Certified Information Systems Auditor (CISA) 2019: IT Management Frameworks

Certified Information Systems Auditor (CISA) 2019: IT Management Frameworks

• identify how IT governance provides a structured approach to ensuring IT solutions are aligned with business goals, including outsourced tasks
• describe how COBIT can ensure business objectives are met by aligning appropriate IT processes
• list how ITIL practices can streamline IT service delivery
• recognize how ISO/IEC standards can result in proper IT governance
• describe how risk management can improve business operations
• map various risk treatments to threats
• recognize how the Business Model for Information Security encompasses information security planning, implementation, and management
• describe the Information Technology Assurance Framework
• describe the purpose of IT balanced scorecards
• map common framework characteristics to IS audits

Explore how IT management frameworks provide a structured approach to managing and auditing IT assets and how risk assessments often drive the IS audit in preparation for the CISA exam.

Certified Information Systems Auditor (CISA) 2019: Performance & Management

Certified Information Systems Auditor (CISA) 2019: Performance & Management

• recognize how performance is related to SLAs, and the difference between SLAs and operational level agreements
• establish a baseline of normal performance in Windows
• monitor performance metrics in a Windows environment
• monitor performance metrics in a Linux environment
• monitor performance metrics in a cloud computing environment
• configure cloud-based alerting
• describe enterprise change management procedures
• describe enterprise configuration management procedures and terms such as CMS, CMDB, and CI
• describe enterprise vulnerability management procedures
• configure which administrators can manage GPOs
• configure application deployment centrally using SCCM
• configure Windows patch deployment centrally using SCCM
• configure Ubuntu Linux to check for updates
• tweak IT system performance and implement controlled changes centrally

Efficient delivery of IT systems includes cost reduction and optimized system performance. Discover how a structured approach for implementing changes and patches can reduce security incidents and downtime, in preparation for the CISA exam.

Certified Information Systems Auditor (CISA) 2019: PKI & Data Protection

Explore how PKI provides a hierarchy of digital security certificates used to secure data and authenticate users and devices and how data is protected with encryption and file integrity verification, as you prepare for the CISA exam.

Certified Information Systems Auditor (CISA) 2019: Scenario-Based Practice

Certified Information Systems Auditor (CISA) 2019: Scenario-Based Practice

• apply IS auditing techniques to audit planning
• apply IS auditing techniques to security controls
• apply IS auditing techniques to Wi-Fi configurations
• apply IS auditing techniques to traveling users
• apply IS auditing techniques to PKI key usage
• apply IS auditing techniques to determine effective compensating controls
• recommend changes based on IS auditing standards

Discover how to apply the IS audit process to ensure adequate risk mitigation for audit planning, security control selection, travelling user vulnerability mitigation, Wi-Fi hardening, and proper PKI key implementation.

Certified Information Systems Auditor (CISA) 2019: System Design & Analysis

Certified Information Systems Auditor (CISA) 2019: System Design & Analysis

• identify the phases of the SDLC
• recognize common project management practices
• recognize common secure coding practices
• recognize how structured approaches such as Agile and Six Sigma can improve IT system quality
• isolate larger IT solutions into smaller components for focused testing
• recognize how regression testing strives to ensure current changes do not have unintended adverse affects
• test IT solutions to ensure they align with design requirements
• bring together modular IT system components that result in a larger solution while ensuring system security and integrity
• monitor IT solution performance when under stress
• provide large amounts of unexpected data to an application to observe the behavior
• identify how automated build and deployment processes provide IT solution development efficiencies
• deploy an Azure cloud-based infrastructure using a template
• plan IT system and data migration to a cloud environment
• run an Azure on-premises cloud migration assessment
• apply security to all SDLC phases while testing for stability

Explore systems planning, testing, integration, and delivery to ensure the timely delivery of system changes or entire new solutions, as you prepare for the CISA exam.

Certified Information Systems Auditor (CISA) 2019: Testing & Vulnerability

Certified Information Systems Auditor (CISA) 2019: Testing & Vulnerability

• discover the subject areas covered in this course
• distinguish between white, gray, and black-box testing
• recall the benefits of periodic vulnerability scans and awareness of CVEs
• use the free Nessus tool to execute a vulnerability scan
• compare baseline and current network scans to identify changes
• describe the pen test procedure from reconnaissance to exploiting vulnerabilities
• forge network traffic using hping3 in Kali Linux
• use OWASP ZAP to scan a web site for vulnerabilities
• analyze IPsec network traffic
• configure a cloud-based jump box to allow access to internal hosts
• recognize where honeypots can be used to monitor malicious traffic
• consider potential business process risks related to heating, ventilation, and air conditioning
• describe methods of securing assets using physical controls
• describe how drones can present eavesdropping and other risks
• identify different types of fire suppression
• differentiate between vulnerability and penetration testing, describe the purpose of a jump box, list physical security examples, and perform a non-credentialed vulnerability scan

Examine auditor responsibilities such as identifying network and host weaknesses and report them to stakeholders, along with recommendations to improve the organizational security posture.

Certified Information Systems Auditor (CISA) 2019: Virtualization & Cloud

Certified Information Systems Auditor (CISA) 2019: Virtualization & Cloud

• describe when various virtualization technologies should be used
• distinguish the difference between Type 1 and Type 2 hypervisors
• install the Microsoft Hyper-V hypervisor
• configure a Microsoft Hyper-V virtual network switch
• create a virtual machine hosted on Microsoft Hyper-V
• secure virtualized environments through dedicated management interfaces, patching, and changing default configurations
• define the NIST standard characteristics of cloud computing
• map cloud service offerings to business needs
• describe cloud-based security solutions such as the Azure Security Center, DDoS mitigation, and Azure network security groups
• deploy a Windows virtual machine in the Microsoft Azure cloud
• deploy a Linux virtual machine in the Microsoft Azure cloud
• identify cloud services that require endpoint security through the Azure Security Center
• map security solutions to the use of virtualization and cloud computing

Explore how virtualization provides efficient hardware usage and security boundaries and how cloud computing tracks pooled IT resource usage and charges fees accordingly as you prepare for the CISA exam.