Information Technology
Information Systems Auditor
This course gets into auditing information systems. Topics covered include the IS audit process, governance and management of IT, IS operations, maintenance, and support, IS operations and business resilience, and protection of information assets
365 Days
2920 Hrs
5 Lessons
Agenda
- Topic A: The Auditing Process and Auditors
- Definitions
- Types of Auditors
- The Auditing Process (1)
- The Auditing Process (2)
- The Auditing Process (3)
- Audit Planning Process
- Topic B: Risk Analysis
- Risk Analysis Defined
- Assessing Countermeasures
- Steps of Assessment
- Motivations for Risk Analysis
- Topic C: Internal Controls
- Internal Controls: Objectives & Procedures
- Internal Control Types
- Internal Controls (Preventative)
- Internal Controls (Detective)
- Internal Controls (Corrective)
- Goals of Internal Controls
- General Control Methods/Types
- Audit Classifications
- Phases of the Audit Process (Page 1)
- Phases of the Audit Process (Page 2)
- Inherent Risks During Audits
- A Risk-Based Audit Approach
- Evidence
- Evidence Gathering Techniques
- Computer Assisted Audit
- Control Self-Assessment (CSA)
- Chapter 1 Review
- Topic A: The Role of Governance
- IT Governance
- Governance Defined
- Relationship Structure
- Role of Auditor
- Practices & Procedures
- Information Security Governance
- Results of Security Governance
- Goals of Security Governance
- Topic B: Policies, Procedures, and Risk
- Policies
- Information Security Policy Document
- Management Reviews
- Procedures
- Risk Management
- Approaches
- IT Risk Management
- Levels
- Topic C: IT Governance & Personnel Management
- IS Management Practices
- Personnel Management
- Sourcing IS Functions
- Insourcing and Outsourcing Strategy
- Change Management
- Organizational Quality Management
- Quality Management
- Performance Management
- Chapter 2 Review
- Topic A: Project Management
- Project Management Structure
- Example Organizational Chart
- Practical Project Management
- 5 Steps
- Topic B: Software Development and Acquisition
- Business Application Development
- Traditional SDLC Approach
- Software Development Risks
- Alternative Development Methods
- Agile Development
- Prototyping
- R.A.D.
- Rapid Application Deployment
- 4 Stages
- Other Alternative Development Methods
- Topic C: Infrastructure Development and Acquisition
- Infrastructure Development and Acquisition
- Analysis of Physical Infrastructures
- 4 Steps to Planning Infrastructure Implementation
- Hardware / Software Acquisition
- Maintaining Information Systems
- Change Management Standards
- Application Controls
- Auditor Tasks
- Input Controls
- Data Validation Checks
- Output Controls
- Chapter 3 Review
- Topic A: Networking Models
- Networking Models
- Advantages of Reference Models
- The OSI Model
- Reliability
- Topic B: IS Network Infrastructure
- Network Types
- Network Topology
- VPN Defined
- Wireless Specifications
- Topic C: Business Continuity & Disaster Recovery
- BCP/DR
- Definitions
- 7 Steps to Recovery
- BCP/DR Incident Classification
- Business Impact Analysis
- BIA
- RPO and RTO
- Recovery Strategies
- Topic D: Recovery
- Categories of Recovery Strategies
- Business Recovery
- Facilities, Materials, and Supplies
- Data Recovery
- Topic E: Disaster Recovery
- Disaster Recovery Plan (DRP) Development
- BCP & DR – Teams
- BCP Components
- R.A.I.D.
- Insurance
- Business Continuity Plan (BCP) Testing
- Types of BCP/DR Testing Strategies
- Auditing BCP/DR
- Business Continuity Management (BCM) Institutes and Organizations
- Business Continuity Management (BCM)
- Chapter 4 Review
- Topic A: Protecting Data
- Key Elements, Roles, and Responsibilities
- Classifying Information Assets
- System Access Permission
- Topic B: Threats and Vulnerabilities
- 4 Categories of Attacks
- Exposures and Vulnerabilities
- Topic C: Access Controls
- Logical Access Paths
- Identification and Authentication Mechanisms
- Strong Password Policy
- Authorization
- Dealing with Data
- LAN Security
- Client-Server Security
- Firewall
- Intrusion Prevention Service (IPS)
- Honeypot (HP)
- Topic D: Encryption
- Encryption Mechanisms
- Symmetric vs. Asymmetric
- Topic E: Auditing Practices
- Auditing IS Management Framework
- Auditing Logical Access
- Penetration Testing
- Computer Forensics
- Chapter 5 Review
FREE
Interested in course?
Course Type: Self Paced