0 évaluation0% ont trouvé ce document utile (0 vote)
24 vues6 pages
Map a program to the ISACA (r) Model Curriculum for Information Security Management. Enter the name of the course(s) or session(s) in the program that cover each topic area or subtopic description. The total time spent, in hours, should be at least 244 hours.
Map a program to the ISACA (r) Model Curriculum for Information Security Management. Enter the name of the course(s) or session(s) in the program that cover each topic area or subtopic description. The total time spent, in hours, should be at least 244 hours.
Map a program to the ISACA (r) Model Curriculum for Information Security Management. Enter the name of the course(s) or session(s) in the program that cover each topic area or subtopic description. The total time spent, in hours, should be at least 244 hours.
Model Curriculum for Information Security Management
To map a program to the ISACA
Model Curriculum for Information Security Management, enter
the name of the course(s) or session(s) in the program that covers each topic area or subtopic description along with the amount of time (in hours) devoted to covering the topic in each table. If a described topic is not covered, record a 0 (zero) in the column for contact hours. To be in alignment with the model, the total time spent, in hours, should be at least 244 hours and all areas in the model curriculum should have reasonable coverage. ote! "hen mapping a graduate program, include the prere#uisites from the undergraduate program. $efore beginning this process! The current course s%llabi should be obtained. &urrent and e'panded course outlines provide more detail and are better sources. The current te'tboo( supporting the classes and the visual media)pro*ects used in those classes should be accessible. +or a #uestion on content, refer to the course te'tboo( or ,ower,oint slides. If some of the sub*ect matter is taught in other departments or colleges, a representative who is (nowledgeable of what is taught in those classes ma% need to provide assistance. +or this reason, an undergraduate program ma% ta(e more time to map than a graduate program. -ee if a second monitor is available. the process is facilitated b% loo(ing at the model matri' on one and the s%llabus)e'panded course outline on another The mapping process steps are listed in figure 6. Figure 6Mapping Process Steps / Identif% all direct and support courses that appl% to the program. &ourse s%llabi are to contain at least the following information! school name and address, course title, course number, contact hours, facult% member names and credentials, terms offered, the purpose of the course, the ob*ectives of the course, and the course te't. 2 0a(e sure the current s%llabi or e'panded course outlines and support materials for the courses are accessible. It ta(es appro'imatel% /1 hours to complete the mapping, if e'panded course outlines are available from which information can be e'tracted. 2 ,roceed one b% one. -elect the first course in the program, e'amine the elements and sub*ect matter, and map to the model. 3iterall%, proceed wee( b% wee(. 4 4se (e% words from the I-5&5 template subtopics to search the s%llabi to identif% matches. 6nce a match is made, estimate the amount of time the sub*ect was covered based on the s%llabus. 7 If unsure of the content of the sub*ect covered, go to the te'tboo( and ,ower,oint slides)materials used. ote that generic titles used often cover more than what is implied. 1 8emember to allocate the time per course and identif% the course covering each sub*ect. +or e'ample, a #uarter s%stem ma% have /0 wee(s and four contact hours per wee( (40 hours), but some courses ma% have lab or pro*ect re#uirements that ma% result in more than 40 hours. 9 0ap course b% course, and (eep trac( of allocation. This is easiest for those familiar with the program and who have the information available. : 5fter completing all courses, go bac( and double;chec( that the selections)placement are the best possible and seem reasonable. < =ave a colleague chec( the mapping. /0 -ubmit the completed tables to I-5&5 for review b% e;mail! sdonahue@isaca.org , fa' >/.:49.272./442 or mail to the attention of the 0anager of Information -ecurit% ,ractices at I-5&5, 290/ 5lgon#uin 8oad, -uite /0/0, 8olling 0eadows, I3 1000:, 4-5. 200: I-5&5. 5ll rights reserved. ,age / Alignment Grid for the ISACA
Model Curriculum for Information Security Management
If the program is found to be in alignment with the ISACA Model Curriculum for Information Security Management, the program ma% be posted on the I-5&5 web site and graduates of the program will #ualif% for one %ear of wor( e'perience toward the &I-0 certification. The following pages include figures / through 7 with blan( columns added for the course and number of hours which institutions can use to map their programs to the model curriculum. Figure 1Information Security Governance Domain opics !ours Su"topics #ourse #overing opic !ours -ecurit% governance 22 ?ffective information securit% governance (&ourse number, item number on s%llabus, paragraph description) 8oles and responsibilities of senior management Information securit% concepts (e.g., certified internal auditor @&I5A model, borders and trust, encr%ption, trusted s%stems, certifications, defense b% diversit%, depth, obscurit%, least privilege, life c%cle management, technologies) Information securit% manager (responsibilities, senior management commitment, reporting structures) -cope and charter of information securit% governance (laws, regulations, policies, assurance process integration, convergence) Information securit% metrics Information securit% strateg% 20 Biews of strateg% Ceveloping an information securit% strateg% aligned to business strateg% Information securit% strateg% ob*ectives 5rchitectures and framewor(s (&6$IT, I-6 29002) Cetermining current state of securit% -trateg% resources (e.g., policies, standards, controls, education, personnel) -trateg% constraints (e.g., regulator%, culture, costs, resources) 5ction plan for strateg% otal !ours $% 200: I-5&5. 5ll rights reserved. ,age 2 Alignment Grid for the ISACA
Model Curriculum for Information Security Management
Figure %Information &is' Management opics !ours Su"topics #ourse #overing opic !ours 8is( management 24 6verview of ris( management 8is( management strateg% ?ffective information securit% ris( management Information securit% ris( management concepts (e.g., threats, vulnerabilities, ris(s, attac(s, $C,)C8, -35, governance) and technologies (e.g., authentication, access controls, nonrepudiation, environmental controls, availabilit%)reliabilit% management) Implementing ris( management 8is( assessment 20 8is( assessment (e.g., ris( assessment methodologies, options on handling ris() &ontrols and countermeasures Information resource valuation 8ecover% time ob*ectives Integration with life c%cle processes IT control baselines 8is(, monitoring and communication otal !ours $( 200: I-5&5. 5ll rights reserved. ,age 2 Alignment Grid for the ISACA
Model Curriculum for Information Security Management
Figure )Information Security Program Development opics !ours Su"topics #ourse #overing opic !ours ,rogram development 44 ?ffective information securit% program development Information securit% manager (roles, responsibilities, obtaining senior management commitment) -cope and charter of information securit% program development (assurance function integration, challenges in development) Information securit% program development ob*ectives (goal, ob*ectives, outcomes, ris(s, testing, standards, updating) Cefining an information securit% program development road map Information securit% program resources (e.g., documentation, controls, architecture, personnel, change processes) Implementing an information securit% program (e.g., policies, training and awareness, controls) Information infrastructure, architecture, laws, regulations and standards ,h%sical and environmental controls Information securit% program integration Information securit% program development metrics (e.g., strategic alignment, value deliver%, resource management, performance) otal !ours (( 200: I-5&5. 5ll rights reserved. ,age 4 Alignment Grid for the ISACA
Model Curriculum for Information Security Management
Figure (Information Security Program Management opics !ours Su"topics #ourse #overing opic !ours Information securit% management overview // Importance and outcomes of effective securit% management 6rganizational and individual roles and responsibilities Information securit% management framewor( 0easuring information securit% program management 24 0easuring information securit% management performance &ommon information securit% management challenges Cetermining the state of information securit% management Information securit% management resources Implementing information securit% management 22 Information securit% management considerations Implementing information securit% management (e.g., action plans, policies, service providers, assessments) otal !ours $* 200: I-5&5. 5ll rights reserved. ,age 7 Alignment Grid for the ISACA
Model Curriculum for Information Security Management
Figure $Information Management and &esponse Domain opics !ours Su"topics #ourse #overing opic !ours Incident management and response overview /2 Incident management and response Incident management concepts -cope and charter of incident management Information securit% manager Incident management ob*ectives Incident management metrics and indicators Cefining incident management procedures /2 Cefining incident management procedures Incident management resources &urrent state of incident response capabilit% Ceveloping an incident response plan /2 ?lements of an incident response plan (gap anal%sis) Ceveloping response and recover% plans Testing response and recover% plans ?'ecuting response and recover% plans Cocumenting events ,ostincident reviews otal !ours )6 Grand otal %(( Total hours for figures / through 7 200: I-5&5. 5ll rights reserved. ,age 1