Information Security Management and Auditing

  1. Specialized Security Auditing Areas
    1. Cloud Security Auditing
      1. Cloud Service Models
        1. Infrastructure as a Service (IaaS)
          1. Platform as a Service (PaaS)
            1. Software as a Service (SaaS)
            2. Cloud Deployment Models
              1. Public Cloud
                1. Private Cloud
                  1. Hybrid Cloud
                    1. Multi-Cloud
                    2. Shared Responsibility Model
                      1. Provider Responsibilities
                        1. Customer Responsibilities
                          1. Shared Controls
                          2. Cloud Audit Challenges
                            1. Visibility Limitations
                              1. Data Location and Sovereignty
                                1. Vendor Lock-in Risks
                                2. Cloud Security Alliance (CSA) Framework
                                  1. Cloud Controls Matrix (CCM)
                                    1. Consensus Assessments Initiative Questionnaire (CAIQ)
                                      1. Security Trust Assurance and Risk (STAR)
                                    2. Application Security Auditing
                                      1. Secure Development Lifecycle Auditing
                                        1. Requirements Phase Security
                                          1. Design Phase Security
                                            1. Implementation Phase Security
                                              1. Testing Phase Security
                                                1. Deployment Phase Security
                                                  1. Maintenance Phase Security
                                                  2. Code Review and Analysis
                                                    1. Static Application Security Testing (SAST)
                                                      1. Dynamic Application Security Testing (DAST)
                                                        1. Interactive Application Security Testing (IAST)
                                                          1. Manual Code Review
                                                          2. Web Application Security
                                                            1. OWASP Top 10 Vulnerabilities
                                                              1. Web Application Firewalls
                                                                1. API Security
                                                                2. Mobile Application Security
                                                                  1. Mobile Platform Security
                                                                    1. Application Store Security
                                                                      1. Mobile Device Management
                                                                    2. Identity and Access Management (IAM) Auditing
                                                                      1. Identity Governance
                                                                        1. Identity Lifecycle Management
                                                                          1. Role Management
                                                                            1. Segregation of Duties
                                                                            2. Access Management
                                                                              1. Authentication Systems
                                                                                1. Authorization Mechanisms
                                                                                  1. Single Sign-On (SSO)
                                                                                  2. Privileged Access Management
                                                                                    1. Privileged Account Discovery
                                                                                      1. Session Management
                                                                                        1. Activity Monitoring
                                                                                        2. Access Certification
                                                                                          1. Periodic Access Reviews
                                                                                            1. Automated Certification
                                                                                              1. Exception Management
                                                                                            2. Third-Party Risk Auditing
                                                                                              1. Vendor Risk Assessment
                                                                                                1. Due Diligence Processes
                                                                                                  1. Risk Rating Methodologies
                                                                                                    1. Contract Security Requirements
                                                                                                    2. Supply Chain Security
                                                                                                      1. Supplier Security Standards
                                                                                                        1. Supply Chain Risk Management
                                                                                                          1. Vendor Monitoring Programs
                                                                                                          2. Outsourcing Security
                                                                                                            1. Service Level Agreements
                                                                                                              1. Right to Audit Clauses
                                                                                                                1. Performance Monitoring
                                                                                                              2. Privacy and Data Protection Auditing
                                                                                                                1. Privacy Program Assessment
                                                                                                                  1. Privacy Governance
                                                                                                                    1. Privacy Policies and Procedures
                                                                                                                      1. Privacy Training and Awareness
                                                                                                                      2. Data Protection Impact Assessment (DPIA)
                                                                                                                        1. DPIA Process Steps
                                                                                                                          1. Risk Identification and Mitigation
                                                                                                                            1. Stakeholder Consultation
                                                                                                                            2. Data Handling Audits
                                                                                                                              1. Data Collection Practices
                                                                                                                                1. Data Processing Activities
                                                                                                                                  1. Data Retention and Disposal
                                                                                                                                    1. Cross-Border Data Transfers

                                                                                                                                Previous

                                                                                                                                10. Security Frameworks and Standards

                                                                                                                                Go to top

                                                                                                                                Next

                                                                                                                                12. Emerging Technologies and Future Considerations