The Lessons

Lesson 1: Orientation to the Field of Information Assurance

By the end of this lesson, you will be able to understand the implications of th
e dynamic nature of the emerging field of information assurance, where you might
fit professionally, and be able to articulate the resulting need for continuous
learning.
Lesson 2: Information Assurance (IA) in Governance, Risk, and Compliance (GRC)-The Role of the Chief Information Security Officer
By the end of this lesson, you will be able to define what the discipline of IA
includes in organizations; describe the role of the CISO in managing organizatio
nal IA; and describe how IA fits into GRC .
Lesson 3: GRC, Law/Regulations, and Information Assurance (IA)
By the end of this lesson, you will be able to identify and describe what main I
A laws and regulations apply to organizations and with which they must comply; d
escribe how organizational IA policies implement these laws and regulations; and
write a good IA policy.
Lesson 4: IA Planning, Procedural Framework
By the end of this lesson, you will be able to describe several IA procedural fr
ameworks that can guide IA planning; draft a basic IA plan for an organization;
and build a plan for maintaining currency in IA.
Lesson 5: Technologies
By the end of this lesson, you will be able to describe the role technology play
s in mitigating IA vulnerabilities; describe several basic technologies availabl
e to CISOs to mitigate IA vulnerabilities; and explain the role of incident resp
onse in a robust IA plan.
Lesson 6: Human Factors: Vetting Personnel, Security Awareness
By the end of this lesson, you will be able to describe how the human element fa
ctors into IA planning; explain the role of security awareness in successful IA
programs; and identify the key principles that should drive good security awaren
ess programs.
Lesson 7: Business Continuity, Disaster Recovery, Incident Response and Digital
Forensics
By the end of this lesson, you will be able to describe the threat spectrum arra
yed against an organization s information systems; describe business continuity an
d disaster recovery planning; and describe digital forensics as an element in an
incident response plan.
Lesson 8: Audit, Compliance and Monitoring
By the end of this lesson, you will be able to explain the role of IA audit in e
nsuring that an IA program implements an organization s IA policies and complies w
ith relevant laws and regulations; describe how an IA audit is conducted; and in
tegrate an IA monitoring program in an IA plan.
Lesson 9: Reporting and PR
By the end of this lesson, you will be able to identify an appropriate reporting

structure for IA plan output; explain the influence of PR in an IA program; and

devise an appropriate IA reporting and PR plan.
Lesson 10: Security in Social Media
By the end of this lesson, you will be able to describe the human factors drivin
g incorporation of social media into an organzation s information infrastructure;
identify the IA issues involved with use of social media in organizations; and i
dentify emerging issues such as virtual worlds security concerns.