Lesson 1: Orientation to the Field of Information Assurance
By the end of this lesson, you will be able to understand the implications of th e dynamic nature of the emerging field of information assurance, where you might fit professionally, and be able to articulate the resulting need for continuous learning. Lesson 2: Information Assurance (IA) in Governance, Risk, and Compliance (GRC)-The Role of the Chief Information Security Officer By the end of this lesson, you will be able to define what the discipline of IA includes in organizations; describe the role of the CISO in managing organizatio nal IA; and describe how IA fits into GRC . Lesson 3: GRC, Law/Regulations, and Information Assurance (IA) By the end of this lesson, you will be able to identify and describe what main I A laws and regulations apply to organizations and with which they must comply; d escribe how organizational IA policies implement these laws and regulations; and write a good IA policy. Lesson 4: IA Planning, Procedural Framework By the end of this lesson, you will be able to describe several IA procedural fr ameworks that can guide IA planning; draft a basic IA plan for an organization; and build a plan for maintaining currency in IA. Lesson 5: Technologies By the end of this lesson, you will be able to describe the role technology play s in mitigating IA vulnerabilities; describe several basic technologies availabl e to CISOs to mitigate IA vulnerabilities; and explain the role of incident resp onse in a robust IA plan. Lesson 6: Human Factors: Vetting Personnel, Security Awareness By the end of this lesson, you will be able to describe how the human element fa ctors into IA planning; explain the role of security awareness in successful IA programs; and identify the key principles that should drive good security awaren ess programs. Lesson 7: Business Continuity, Disaster Recovery, Incident Response and Digital Forensics By the end of this lesson, you will be able to describe the threat spectrum arra yed against an organization s information systems; describe business continuity an d disaster recovery planning; and describe digital forensics as an element in an incident response plan. Lesson 8: Audit, Compliance and Monitoring By the end of this lesson, you will be able to explain the role of IA audit in e nsuring that an IA program implements an organization s IA policies and complies w ith relevant laws and regulations; describe how an IA audit is conducted; and in tegrate an IA monitoring program in an IA plan. Lesson 9: Reporting and PR By the end of this lesson, you will be able to identify an appropriate reporting
structure for IA plan output; explain the influence of PR in an IA program; and
devise an appropriate IA reporting and PR plan. Lesson 10: Security in Social Media By the end of this lesson, you will be able to describe the human factors drivin g incorporation of social media into an organzation s information infrastructure; identify the IA issues involved with use of social media in organizations; and i dentify emerging issues such as virtual worlds security concerns.