IA Compliance
The intent of the IA Compliance Knowledge Unit is to provide students with an understanding of the rules, regulations and issues related to compliance with applicable laws and regulations.
Topics
- Audit Purposes
a. Compliance to specified requirements, specifications, policy, standards or laws
b. Regulatory compliance
c. Assessment of internal controls
- Audit process
a. Audit Charter
b. Audit Baseline
c. Audit Activities
d. Audit Reporting,
i. Results(Findings)
ii. Recommendations
e. Response
i. Mitigation Strategy
- Audit Purposes c. Assessment of internal controls
- Audit Reporting
- Compliance Monitoring
a. Compliance levels
- Relationship between compliance and audit
- Audit Types
- Internal
- External
- Audit Purposes
- Compliance to specified requirements, specifications, policy, standards or laws
- Regulatory compliance
- Assessment of internal controls
- Audit process
- Audit Charter
- Audit Baseline
- Audit Activities
- Audit Reporting,
- Results(Findings)
- Recommendations
- Response
Outcomes
- Compare and contrast voluntary and mandatory compliance requirements.
- Plan and conduct audits to determine compliance with policies, laws, regulations, and other standards.
KSA-T
Below are the Knowledge, Skills, Abilities and Tasks (KSA-T) identified as being required to perform this work role.
Learn More about the KAS-T's.
ID |
DESCRIPTION |
K0157 |
Knowledge of cyber defense and information security policies, procedures, and regulations. |
K0013 |
Knowledge of cyber defense and vulnerability assessment tools and their capabilities. |
K0315 |
Knowledge of the principal methods, procedures, and techniques of gathering information and producing, reporting, and sharing information. |
K0006 |
Knowledge of specific operational impacts of cybersecurity lapses. |
K0107 |
Knowledge of Insider Threat investigations, reporting, investigative tools and laws/regulations. |
ID |
DESCRIPTION |
S0080 |
Skill in performing damage assessments. |
S0085 |
Skill in conducting audits or reviews of technical systems. |
ID |
DESCRIPTION |
A0154 |
Ability to conduct a comprehensive assessment of the management, operational, and technical security controls and control enhancements employed within or inherited by a system to determine the effectiveness of the controls (i.e., the extent to which the security controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the security requirements for the system). |
A0046 |
Ability to monitor and assess the potential impact of emerging technologies on laws, regulations, and/or policies. |