Preparing for the CISA Exam Agenda

Agenda

• Risk-Based Auditing
• Developing The Audit Strategy
• Planning And Executing The Audit

• Organization And Management Structure
• IT Strategy And Planning
• Risk Management Practices
• IT Governance Practices
• International IT Standards And Guidelines

• Centralized/Decentralized Environments
• Problem And Incident Management
• Technical Support
• Quality Assurance (QA)
• Segregation Of Duties

• Hardware Acquisition, Contracts And Inventories
• Equipment Maintenance/Utilization

• Operating Systems
• Database Management System (DBMS)
• System Software Controls

• Physical Security Objectives, Risks And Controls
• Environmental Exposures, Risks And Controls

• Logical Access Controls Objectives
• Authentication: Password Controls, Tokens, Biometrics, Managing User Accounts
• Authorization
• Audit Trail
• Managing Security Administration
• Single Sign-On (SSO) Authentication

• Network Terminology
• Centralized And Distributed Computing

• Cabling: Twisted Pair, Coaxial, Fiber-Optics
• LAN Network Topologies
• Wireless Communications And Associated Risks

• Network Communication Standards
• Common Network Protocols
• TCP/IP
• OSI Model, Encapsulation, Security Issues

• Network Interface Cards
• Wiring Hubs
• Wireless Access Points
• Bridges
• Switches
• Routers
• Gateways
• Device Security

• Differences Between LANs And WANs
• WAN Connection Methods
• Dial-Up And Wireless Connections And Risks
• Switching Techniques: Circuit, Message, Packet, Cell

• Internet Technologies
• IP Addressing
• URL
• DNS
• Web Application Programming Techniques
• Internet Risks And Controls

• Network Security Risk Analysis
• Vulnerability Testing
• Network Security Strategy

• Network Security Strategies
• Firewalls
• DMZ
• Intrusion Detection Systems
• Remote Access

• Types Of Encryption
• Digital Signatures And Certificates

• Objectives Of Application Audits
• Auditing The Transaction Life Cycle
• Auditing The Business Application Components
• Planning And Executing Application Audits

• Change Management Objectives/Risks
• Change Request Requirements
• Emergency Changes
• Library Control Software
• Vendor-Supplied Source Code
• New Programming Technologies

• Audits Role On Development Projects
• Business Risks Of Development Projects
• Project Governance Practices
• Traditional System Development Life Cycle
• Rapid Application Development
• System Testing And Acceptance
• Cutover And Implementation

• Project Management Risks
• Budgeting And Scheduling
• Auditing Project Management

• Disasters And Disruptive Events
• Business Continuity Planning Steps
• Business Impact Analysis (BIA)
• Disaster Recovery Strategies
• Testing The Recovery Plan
• Continuity Plan Maintenance