•    Employment
  •    Academia
  •    Research
    • NICE Framework
    • CAE Program

IA Compliance

The intent of the IA Compliance Knowledge Unit is to provide students with an understanding of the rules, regulations and issues related to compliance with applicable laws and regulations.

Topics

  1. Audit Purposes a. Compliance to specified requirements, specifications, policy, standards or laws b. Regulatory compliance c. Assessment of internal controls
  2. Audit process a. Audit Charter b. Audit Baseline c. Audit Activities d. Audit Reporting, i. Results(Findings) ii. Recommendations e. Response i. Mitigation Strategy
  3. Audit Purposes c. Assessment of internal controls
  4. Audit Reporting
  5. Compliance Monitoring a. Compliance levels
  6. Relationship between compliance and audit
  7. Audit Types
  8. Internal
  9. External
  10. Audit Purposes
  11. Compliance to specified requirements, specifications, policy, standards or laws
  12. Regulatory compliance
  13. Assessment of internal controls
  14. Audit process
  15. Audit Charter
  16. Audit Baseline
  17. Audit Activities
  18. Audit Reporting,
  19. Results(Findings)
  20. Recommendations
  21. Response

Outcomes

  1. Compare and contrast voluntary and mandatory compliance requirements.
  2. Plan and conduct audits to determine compliance with policies, laws, regulations, and other standards.

KSA-T

Below are the Knowledge, Skills, Abilities and Tasks (KSA-T) identified as being required to perform this work role.
Learn More about the KAS-T's.

  • Knowledge
  • Skills
  • Abilities
  • Tasks
ID DESCRIPTION
K0157 Knowledge of cyber defense and information security policies, procedures, and regulations.
K0013 Knowledge of cyber defense and vulnerability assessment tools and their capabilities.
K0315 Knowledge of the principal methods, procedures, and techniques of gathering information and producing, reporting, and sharing information.
K0006 Knowledge of specific operational impacts of cybersecurity lapses.
K0107 Knowledge of Insider Threat investigations, reporting, investigative tools and laws/regulations.
ID DESCRIPTION
S0080 Skill in performing damage assessments.
S0085 Skill in conducting audits or reviews of technical systems.
ID DESCRIPTION
A0154 Ability to conduct a comprehensive assessment of the management, operational, and technical security controls and control enhancements employed within or inherited by a system to determine the effectiveness of the controls (i.e., the extent to which the security controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the security requirements for the system).
A0046 Ability to monitor and assess the potential impact of emerging technologies on laws, regulations, and/or policies.
ID DESCRIPTION