Preparing for the CISA Exam Agenda
Seminar: ID# 1003745
Agenda
1. IS Audit Process- Risk-Based Auditing
- Developing The Audit Strategy
- Planning And Executing The Audit
2. IT Governance- Organization And Management Structure
- IT Strategy And Planning
- Risk Management Practices
- IT Governance Practices
- International IT Standards And Guidelines
3. IS Operations- Centralized/Decentralized Environments
- Problem And Incident Management
- Technical Support
- Quality Assurance (QA)
- Segregation Of Duties
4. Hardware Infrastructure- Hardware Acquisition, Contracts And Inventories
- Equipment Maintenance/Utilization
5. Software Infrastructure - Operating Systems
- Database Management System (DBMS)
- System Software Controls
6. Physical And Environmental Controls- Physical Security Objectives, Risks And Controls
- Environmental Exposures, Risks And Controls
7. Logical Access Controls - Logical Access Controls Objectives
- Authentication: Password Controls, Tokens, Biometrics, Managing User Accounts
- Authorization
- Audit Trail
- Managing Security Administration
- Single Sign-On (SSO) Authentication
8. Network Infrastructure- Network Terminology
- Centralized And Distributed Computing
9. Local Area Networks- Cabling: Twisted Pair, Coaxial, Fiber-Optics
- LAN Network Topologies
- Wireless Communications And Associated Risks
10. Network Standards And Protocols - Network Communication Standards
- Common Network Protocols
- TCP/IP
- OSI Model, Encapsulation, Security Issues
11. Network Devices- Network Interface Cards
- Wiring Hubs
- Wireless Access Points
- Bridges
- Switches
- Routers
- Gateways
- Device Security
12. Wide Area Networks- Differences Between LANs And WANs
- WAN Connection Methods
- Dial-Up And Wireless Connections And Risks
- Switching Techniques: Circuit, Message, Packet, Cell
13. Internet- Internet Technologies
- IP Addressing
- URL
- DNS
- Web Application Programming Techniques
- Internet Risks And Controls
14. Network Security- Network Security Risk Analysis
- Vulnerability Testing
- Network Security Strategy
15. Network Perimeter Security- Network Security Strategies
- Firewalls
- DMZ
- Intrusion Detection Systems
- Remote Access
16. Encryption- Types Of Encryption
- Digital Signatures And Certificates
17. Business Application Systems- Objectives Of Application Audits
- Auditing The Transaction Life Cycle
- Auditing The Business Application Components
- Planning And Executing Application Audits
18. Change Management - Change Management Objectives/Risks
- Change Request Requirements
- Emergency Changes
- Library Control Software
- Vendor-Supplied Source Code
- New Programming Technologies
19. System Development Life Cycle- Audits Role On Development Projects
- Business Risks Of Development Projects
- Project Governance Practices
- Traditional System Development Life Cycle
- Rapid Application Development
- System Testing And Acceptance
- Cutover And Implementation
20. Project Management- Project Management Risks
- Budgeting And Scheduling
- Auditing Project Management
21. Disaster Recovery And Business Continuity Planning - Disasters And Disruptive Events
- Business Continuity Planning Steps
- Business Impact Analysis (BIA)
- Disaster Recovery Strategies
- Testing The Recovery Plan
- Continuity Plan Maintenance
