Course Outline

The Process of Auditing Information Systems

• ISACA Information Systems Auditing Standards and Guidelines
• Fundamental Business Processes
• Develop and Implement an Information Systems Audit Strategy
• Plan an Audit
• Conduct an Audit
• The Evidence Life Cycle
• Communicate Issues, Risks, and Audit Results
• Support the Implementation of Risk Management and Control Practices

IT Governance and Management

• Evaluate the Effectiveness of IT Governance
• Evaluate the IT Organizational Structure and HR Management
• Evaluate the IT Strategy and Direction
• Evaluate IT Policies, Standards, and Procedures
• Evaluate the Effectiveness of Quality Management Systems
• Evaluate IT Management and Monitoring of Controls
• IT Resource Investment, Use, and Allocation Practices
• Evaluate IT Contracting Strategies and Policies
• Evaluate Risk Management Practices
• Performance Monitoring and Assurance Practices
• Evaluate the Organizations Business Continuity Plan

Information Systems Acquisition, Development, and Implementation

• Evaluate the Business Case for Change
• Evaluate Project Management Frameworks and Governance Practices
• Development Life Cycle Management
• Perform Periodic Project Reviews
• Evaluate Control Mechanisms for Systems
• Evaluate Development and Testing Processes
• Evaluate Implementation Readiness
• Evaluate a System Migration
• Perform a Post-Implementation System Review

Information Systems Operations, Maintenance, and Support

• Perform Periodic System Reviews
• Evaluate Service Level Management Practices
• Evaluate Third-Party Management Practices
• Evaluate Operations and End User Management Practices
• Evaluate the Maintenance Process
• Evaluate Data Administration Practices
• Evaluate the Use of Capacity and Performance Monitoring Methods
• Evaluate Change, Configuration, and Release Management Practices
• Evaluate Problem and Incident Management Practices
• Evaluate the Adequacy of Backup and Restore Provisions

Protection of Information Assets

• Information Security Design
• Encryption Basics
• Evaluate the Functionality of the IT Infrastructure
• Evaluate Network Infrastructure Security
• Evaluate the Design, Implementation, and Monitoring of Logical Access Controls
• Risks and Controls of Virtualization
• Evaluate the Design, Implementation, and Monitoring of Data Classification Process
• Evaluate the Design, Implementation, and Monitoring of Physical Access Controls
• Evaluate the Design, Implementation, and Monitoring of Environmental Controls