In this chapter, you learned about relevant skills to conduct audits in accordance with IS audit standards and a risk-based IS audit strategy and to evaluate potential opportunities and threats associated with emerging technologies, regulations, and industry practices. The following is a recap of some important topics covered in this chapter: • In asymmetric encryption, two keys are used—one for encryption and the other for decryption. Messages encrypted by one key can be decrypted by another key. These two keys are known as private keys and public keys. A private key is available only to the owner of the key and a public key is available in the public domain. • A certifying authority is an entity that issues digital certificates. It is responsible for the issuance and management of digital certificates. • IoT is a concept wherein devices have the ability to communicate and transfer data with each other without any human interference. • Mobile computing is the use of devices that do not require a physical connection to process, transfer, or store data. Examples of mobile devices include smartphones, laptops, USB storage devices, and digital cameras. The next chapter will discuss various security testing and monitoring tools and techniques. You will also learn about different kinds of attacks and how to prevent them.