Information Systems Audit / CISA

Information Systems Audit / CISA

Information Systems Audit / CISA

 

The Process of Auditing Information Systems

- ISACA IT Audit and Assurance Standards, Guidelines, Tools and Techniques
- Risk assessment concepts, tools and techniques
- Business processes and the role of IS in these processes
- Various types of audits
- The applicable laws and regulations for audit

 

Governance and Management of IT

- Purpose of IT strategy, policies, standards and procedures
- IT governance, management, security and control frameworks
- Organization’s technology direction and IT architecture
- Process optimization techniques
- Use of capability and maturity models
- IT resource investment and allocation practices
- Enterprise risk management (ERM)
- Business impact analysis (BIA)

 

Information Systems Acquisition, Development and Implementation

- Benefits realization practices
- IT acquisition and vendor management practices
- Enterprise architecture (EA) 
- Project management control frameworks, practices and tools
- Requirements analysis and management
- System development methodologies and tools
- Testing methodologies & practices
- Configuration and release management
- System migration & infrastructure deployment practices

 

Information Systems Operations, Maintenance and Service Management

- Service management frameworks
- System resiliency techniques
- IT asset management, software licensing & inventory practices
- Data backup, storage, maintenance & restoration
- Data quality and life cycle management
- Regulatory and contractual issues related to disaster recovery

 

Domain 5: Protection of Information Assets

- Techniques for the design, implementation, maintenance, monitoring and reporting of security controls
- Physical and logical access controls
- Risk and controls associated with virtualization of systems
- Public key infrastructure and digital signature techniques
- Data classification standards
- Security risk and controls related to end-user computing
- Security testing techniques
- Fraud risk factors related to the protection of information assets