Chapter 1





            Information Security and Cyber Risk






            Learning objectives

              Identify the key areas of information security, including strategy, policies and procedures, control
               environments, and business continuity and disaster recovery.

              Differentiate fundamental knowledge of various IT governance frameworks.

              Recognize logical access at the various levels of the “stack.”


              Identify the internal control structure of design, implementation, monitoring, detection, and reporting.

              Determine the major threat vectors for systems, including cyber adversaries, the cybercrime
               economy, and various types of attacks

              Identify data breaches and their impact on information privacy.

              Determine how to manage system vulnerabilities.


              Apply the SOC for Cybersecurity report, including report content, target users, and use of the report in
               conjunction with an entity’s overall cybersecurity risk mitigation strategy












            © 2019 Association of International Certified Professional Accountants. All rights reserved.    1-1