Information Security Auditing (IAU)

Students develop competencies in forensically analyzing cyber evidence, enforcing data process controls, certifying information protection programs, and managing risk and compliance.


IA8030 Design, Development and Evaluation of Security Controls
In this course, students transform high-level policies and procedures into quantifiable and measurable controls and mechanisms that enforce data and process integrity, availability and confidentiality.(3 credits)
DELIVERABLES: General IT Controls Review; Application Controls Review

  • To analyze and evaluate the interrelationship between risk management objectives and the application of effective business and IT controls.
  • To identify, define and evaluate key business and IT processes, requirements and performance metrics used by management to monitor and control risk.
  • To identify, analyze and evaluate organizational, administrative, network, and application-specific controls and risk mitigation strategies to meet business and technical objectives.
  • To demonstrate knowledge of the management of business and IT controls assessment projects
  • To transform high-level business and technical objectives into quantifiable and measurable controls and mechanisms which enforce data and process integrity, availability and confidentiality.
IA8110 Certification and Accreditation
In this course, students analyze an enterprise-wide view of information systems and the establishment of appropriate, cost-effective information protection programs. Within this context, students examine a set of standard policies, procedures, activities and a management structure to certify and accredit information systems for the protection of the data as well as the systems. (3 credits)
DELIVERABLES: C&A Plan; Accreditation Recommendation

  • To select a certification and accreditation methodology appropriate to an organization's compliance requirements.
  • To demonstrate knowledge of the components necessary to perform a certification assessment.
  • To develop a certification plan to meet an organization's compliance requirements.
  • To assess residual risk and produce an accreditation recommendation.
IA8190 Forensic Evaluation and Incident Response Management
In this course, students explore the essentials of electronic discovery and analyze issues related to cyber evidence. Using this evidence, students identify and analyze the nature of security incidents, the source of potential threats and the methods used in incident management and mitigation. Students also analyze the technical and business issues which affect the actions of the enterprise in responding to a security incident. (3 credits)
DELIVERABLES: Forensic Evaluations; Incident Response Plan

  • To identify and analyze the nature of computer security incidents and the source of potential threats.
  • To demonstrate knowledge of a methodology for end-to-end incident management and mitigation.
  • To analyze and evaluate the business and non-technical drivers as well as technical issues associated with incident management.
  • To apply the rules of evidence to electronic security incidents in the identification of criminal actions using network trace back and computer forensics.
IA8210 Risk Management and Compliance
In this course, students evaluate the procedures and results of risk analysis, as well as compliance processes which address the regulatory requirements that drive the need for risk analysis within the enterprise. Security-related regulations such as SOX, GLBA, FISMA and HIPAA are examined (3 credits)
DELIVERABLES: Security Audit Report; Risk Mitigation Plan

  • To analyze security-related regulations and policies and formulate appropriate compliance requirements.
  • To assess the security posture of an organization and perform a compliance audit.
  • To analyze the risks associated with deficiencies identified in the compliance audit.
  • To develop a mitigation plan to achieve compliance.
Credits required for Certificate: 12

» Take the next step. Submit an inquiry of interest.


Join the Cybersecurity Elite
U of F Cybersecurity Education Path

Education Path
Distinguish yourself and advance your cybersecurity career by following the University of Fairfax Online Cybersecurity Education Path. No matter which graduate program you pursue, all of your courses will explore relevant cybersecurity policy and management issues, and you will complete a cybersecurity project in each course. You can apply what you learn and make significant contributions in your workplace right away.
» Download PDF or register for a