Certified Information Systems Auditor Course Outline
The course content surrounds the pivotal Five Domains. The information imparted within each domain is as follows:
Domain 1: Information Systems Auditing Process
Module 1: Planning
- Introduction
- IS Audit Standards, Guidelines, and Codes of Ethics
- Business Processes
- Types of Controls
- Risk-Based Audit Planning
Module 2: Execution
- Audit Project Management
- Sampling Methodology
- Audit Evidence Collection Techniques
- Data Analytics
- Reporting and Communication Techniques
- Quality Assurance and Improvement of the Audit Process
Domain 2: Governance and Management of IT
Module 3: IT Governance and IT Strategy
- Introduction to IT Governance and IT Strategy
- IT-Related Frameworks
- IT Standards, Policies, and Procedures
- Organisational Structure
- Enterprise Architecture
- Enterprise Risk Management
- Maturity Models
- Laws, Regulations, and Industry Standards Affecting the Organisation
Module 4: IT Management
- IT Resource Management
- IT Service Provider Acquisition and Management
- IT Performance Monitoring and Reporting
- Quality Assurance and Quality Management of IT
Domain 3: Information Systems Acquisition and Development
Module 5: Information Systems Acquisition and Development
- Project Governance and Management
- Business Case and Feasibility Analysis
- System Development Methodologies
- Control Identification and Design
Module 6: Information Systems Implementation
- Testing Methodologies
- Configuration and Release Management
- System Migration, Infrastructure Deployment, and Data Conversion
- Post-Implementation Review
Domain 4: Information Systems Operations and Business Resilience
Module 7: Information Systems Operations
- Introduction
- Common Technology Components
- IT Asset Management
- Job Scheduling and Production Process Automation
- System Interfaces
- End User Computing
- Data Governance
- System Performance Management
- Problem and Incident Management
- Change, Configuration, Release, and Patch Management
- IT Service Level Management
- Database Management
Module 8: Business Resilience
- Business Impact Analysis
- System Resiliency
- Data Backup, Storage, and Restoration
- Backup and Restoration
- Backup Schemes
- IT Business Continuity Planning
- Disasters and Other Disruptive Events
- Business Continuity Policy
- Business Continuity Planning Incident Management
- Development of Business Continuity Plans
- Other Issues in Plan Development
- Components of a Business Continuity Plan
- Key Decision-Making Personnel
- Backup of Required Supplies
- Insurance
- Plan Testing
- Auditing Business Continuity
Domain 5: Protection of Information Assets
Module 9: Information Asset Security Frameworks, Standards, and Guidelines
- Introduction to Asset Security Frameworks, Standards, and Guidelines
- Auditing the Information Security Management Framework
- Privacy Principles
- Physical Access and Environmental Controls
- Identity and Access Management
- Network and End-Point Security
- Shadow IT
- Data Classification
- Data Encryption and Encryption Related Techniques
- Symmetric Key Cryptographic Systems
- Public (Asymmetric) Key Cryptographic Systems
- Applications of Cryptographic Systems
- Public Key Infrastructure
- Web-Based Communication Technologies
- Virtualised Environments
- Mobile, Wireless, and Internet of Things
Module 10: Security Event Management
- Security Awareness Training and Programs
- Information System Attack Methods and Techniques
- Security Testing Tools and Techniques
- Incident Response Management
- Evidence Collection and Forensics