Esquema Detallado del Curso
- The Process of Auditing Information Systems
- Exam Relevance
- Agenda
- Chapter 1 Learning Objectives
- Learning Objectives (continued)
- Audit Charter
- Definition of Auditing
- Definition of Information Systems
- Auditing Audit Objectives
- Audit Planning
- Audit Planning cont.
- IS Audit Resource Management
- Types of Audits
- Elements of an Audit
- Creating the Plan for an Audit
- Planning the Audit
- Audit Methodology
- Phases of an Audit
- Audit Work papers
- Audit Procedures
- Types of Tests for IS Controls
- Forensic Audits
- Fraud Detection
- Risk Based Auditing
- Risk –Based Auditing
- Definition of Risk
- Purpose of Risk Management
- Risk Management
- Purpose of Risk Analysis
- Why Use Risk Based Auditing
- Risk Assessment and Treatment
- Risk Assessment and Treatment cont.
- General Controls
- Internal Controls
- Areas of Internal Control
- IS Controls Versus Manual Controls
- IS Controls
- IS Controls cont.
- Internal Control Objectives
- Assessing and Implementing Countermeasures
- Performing an Audit Risk Assessment
- A Risk Based Audit Approach
- Risk –based Auditing
- Risk –based Auditing
- Audit Plannng and Performance
- Audit Planning
- Effect of Laws and Regulations on IS Audit
- Planning
- Performing the Audit
- ISACA IT Audit and Assurance Tools and Techniques
- ISACA IT Audit and Assurance Standards Framework
- Relationship Among Standards, Guidelines and Tools and Techniques
- ISACA IT Audit and Assurance Standards
- Framework cont.
- Evidence
- Gathering Evidence
- Sampling
- Compliance vs. Substantive Testing
- Testing Controls
- Integrated Auditing
- Using the Services of Auditors and Experts
- Audit Risk
- Computer-assisted Audit Techniques
- Reporting on Audit
- Audit Analysis and Reporting
- Audit Documentation
- Automated Work Papers
- Automated Work Papers cont.
- Evaluation of Audit Strengths and Weaknesses
- Communicating Audit Results
- Management Implementation of Audit
- Recommendations
- IT Governance and Management of IT
- Exam Relevance
- Agenda
- Task Statements
- Governance and Management of IT
- Corporate Governance
- IT Governance
- Information Technology Monitoring and Assurance
- Practices for Management
- Best Practices for IT Governance
- Information Security Governance
- Result of Security Governance
- Strategic Planning and Models
- IS Strategy
- Strategic Enterprise Architecture Plans
- IT Strategy Committee
- Standard IT Balanced Scorecard
- Enterprise Architecture
- Maturity and Process Improvement Models
- IT Investment and Allocation Practices
- Auditing IT Governance Structure and
- Implementation
- Policies, Standards and Procedures
- Policies and Procedures
- Policies
- Procedures
- Standards
- Risk Management
- Risk Management Process
- Risk Analysis Methods
- Risk Mitigation
- Resource Management
- Organization of the IT Function
- IS Roles and Responsibilities
- Segregation of Duties Within IS
- Segregation of Duties Controls
- Human Resource Management
- Sourcing Practices
- Management of IT Functional Operations
- Organizational Change Management
- Change Management cont.
- Quality Management
- Performance Optimization
- Reviewing Documentation
- Reviewing Contractual Commitments
- Business Continuity Planning
- Business Continuity Planning
- IS Business Continuity Planning
- Disasters and Other Disruptive Events
- Business Continuity Planning Process
- Business Continuity Policy
- Business Continuity Planning Incident
- Management
- Business Impact Analysis cont.
- Development of Business Continuity Plans
- Other Issues in Plan Development
- Components of a Business Continuity Plan
- Components of a Business Continuity Plan cont.
- Insurance
- Plan Testing
- Summary of Business Continuity
- Auditing Business Continuity
- Reviewing the Business Continuity Plan
- Evaluation of Prior Test Results
- Evaluation of Offsite Storage
- Interviewing Key Personnel
- Evaluation of Security at Offsite Facility
- Reviewing Alternative Processing Contract
- Reviewing Insurance Coverage
- End of Domain
- Information Systems Acquisition, Development and Implementation
- Exam Relevance
- Agenda
- Learning Objectives
- Learning Objectives cont.
- Program and Project Management
- Portfolio/Program Management
- Portfolio/Program Management cont.
- Business Case Development and Approval
- Benefits Realization Techniques
- General IT Project Aspects
- Project Context and Environment
- Project Organizational Forms
- Project Communication
- Project Objectives
- Roles and Responsibilities of Groups and Individuals
- Project Management Practices Project
- Planning Project Planning cont.
- General Project Management
- Project Controlling Project Risk
- Closing a Project
- Systems Development Models
- Business Application Development
- Traditional SDLC Approach
- Traditional SDLC Approach cont.
- Traditional SDLC Approach cont.
- Requirements Definition
- Business Process Reengineering and Process
- Change Projects
- Business Process Reengineering and Process
- Change Projects cont.
- Risk Associated with Software Development
- Use of Structures Analysis,
- Design and Development Techniques
- Alternative Development Methods
- Agile Development
- Prototyping
- Rapid Application Development
- Other Alternative Development Methods
- Computer-aided Software Engineering
- Fourth-generation Languages
- Types of Specialized Business Applications
- Electronic Commerce
- Electronic Data Interchange
- Electronic Mail Electronic Banking
- Electronic Finance
- Electronic Funds Transfer
- Automated Teller Machine
- Artificial Intelligence and Expert Systems
- Business Intelligence
- Decision Support Systems
- Decision Support Systems cont.
- Acquisition
- Infrastructure Development / Acquisition
- Practices
- Project Phases of Physical Architecture Analysis
- Hardware Acquisition
- System Software Acquisition
- Auditing Systems Development,
- Acquisition and Maintenance Auditing Systems Development Acquisition
- System Software Change Control
- Procedures
- Application Controls
- Application Controls
- Input/Origination Controls
- Processing Procedures and Controls
- Output Controls
- Types of Output Controls
- Business Process Control Assurance
- Auditing Application Controls
- Application Testing
- Precautions Regarding Testing
- System Change Procedures and the Program
- Migration Process
- System Change Procedures and the Program
- Migration Process cont.
- End of Chapter Three
- Information Systems Operations, Maintenance and Support
- Exam Relevance
- Agenda
- Learning Objectives
- Learning Objectives cont.
- Information Security Management
- Information Systems Operations
- IT Service Management
- Infrastructure Operations
- Monitoring Use of Resources
- Support/ Help Desk
- Change Management Process
- Release Management
- System and Communications Hardware
- Computer Hardware Components and Architectures
- Computer Hardware Components and Architectures cont.
- Security Risks with Portable Media
- Security Controls for Portable Media
- Hardware Maintenance Program
- Hardware Monitoring Procedures
- Capacity Management
- IS Architecture and Software
- Operating Systems
- Access Control Software
- Data Communications Software
- Data Management
- Database Management System cont.
- Tape and Disk Management Systems
- Utility Programs
- Software Licensing Issues
- Digital Rights Management
- Auditing Networks
- Network Infrastructure
- Enterprise Network Architectures
- Types of Networks
- Network Standards and Protocol
- OSI Architecture
- OSI Architecture (continued)
- Application of the OSI Model in Network
- Architectures cont.
- Network Architectures
- Network Components
- Communications Technologies
- Communications Technology cont.
- Wireless Networking
- Risks Associated with Wireless Communications
- Internet Technologies
- Auditing of Network Management
- Auditing of Applications Management
- Hardware Reviews
- Operating System Reviews
- Database Reviews
- Network Infrastructure and Implementation
- Reviews Network Infrastructure and Implementation Reviews
- Physical Security Audits
- Access Controls Review
- Scheduling Reviews
- Scheduling Reviews; Questions to Consider
- Auditing Job Scheduling
- Job Scheduling Reviews
- Personnel Reviews
- Business Continuity and Disaster Recovery
- Audits
- Auditing of Business Continuity Plans
- Recovery Point Objective and Recovery Time
- Objective
- Business Continuity Strategies
- Recovery Strategies
- Recovery Alternatives
- Audit of Third Party Recovery Agreements
- Organization and Assignment of Responsibilities
- Team Responsibilities
- Backup and Restoration
- Auditing Networks
- Network Infrastructure
- Enterprise Network Architectures
- Types of Networks
- Network Services
- Network Standards and Protocols
- OSI Architecture
- OSI Architecture (continued)
- Application of the OSI Model in Network
- Architectures cont.
- Network Architectures
- Network Components
- Communications Technologies
- Communications Technology cont.
- Wireless Networking
- Risk Associated with Wireless Communications
- Internet Technologies
- Auditing of Network Management
- Auditing of Applications Management
- Hardware Reviews
- Operating Systems Reviews
- Database Reviews
- Network Infrastructure and Implementation
- Reviews
- Network Infrastructure and Implementation
- Reviews
- Physical Security Audits
- Access Controls Review
- Access Controls Review cont.
- Scheduling Reviews
- Scheduling Reviews; Questions to Consider
- Auditing Job Scheduling
- Job Scheduling Reviews
- Personnel Reviews
- Business Continuity and Disaster Recovery Audits
- Auditing of Business Continuity Plans
- Recovery Point
- Objective and Recovery Time Objective
- Business Continuity Strategies
- Recovery Strategies
- Recovery Alternatives
- Audit of Third Party Recovery Agreements
- Organization and Assignment of Responsibilities
- Team Responsibilities
- Backup and Restoration
- End of Domain Four
- Protection of Information Assets
- Exam Relevance
- Course Agenda
- Chapter 5 Task Statements
- Knowledge Areas
- Information Security Management
- Importance of Information Security Management
- Key Elements of Information Security Management
- Critical Success Factors to Information Security
- Management
- Inventory and Classification of Information
- Assets
- Privacy Management Issues and the Role of IS Auditors
- Social Media Risks
- Access Controls
- System Access Permission
- Mandatory and Discretionary Access Controls
- IAAA
- Authentication
- Authorization
- Challenges with Identity Management
- Identification and Authentication
- Logical Access Exposures
- Paths of Logical Access
- Logical Access Control Software
- Auditing Logical Access
- Access Control Lists
- Centralized versus Decentralized Access
- Decentralized Access Risks
- Single Sign-on (SSO)
- Single Sign-on Advantages
- Single Sign-on Disadvantages
- Familiarization with the Organization’s IT
- Environment
- Remote Access
- Remote Access Security
- Auditing Remote Access
- Auditing Remote Access (cont.)
- Logging All System Access
- Equipment and Network Security
- Security of Portable Media
- Mobile Device Security
- Storing, Retrieving, Transporting and Disposing of Confidential
- Information Concerns
- Associated with Storage Media
- Network Infrastructure Security
- Network Infrastructure Security cont.
- LAN Security Issues
- Client-server Security
- Wireless Security Threats
- Wireless Security Threats cont.
- Audit Log Analysis Tools
- Internet Threats and Security
- Causes of Internet Attacks
- Firewalls
- Firewall Issues
- Network Security Architectures
- Honeypots and Honeynets
- Intrusion Detection and Prevention Systems
- IDS / IPS Components
- IDS / IPS Features
- Voice-Over IP (VoIP)
- Techniques for Testing Security
- Auditing Network Infrastructure Security
- Encryption
- Firewall Issues
- Network Security Architectures
- Honeypots and Honeynets
- Intrusion Detection and Prevention Systems
- IDS / IPS Components
- IDS / IPS Features
- Voice-Over IP (VoIP)
- Techniques for Testing Security
- Auditing Network Infrastructure Security
- Encryption
- Encryption Definition
- Encryption
- Symmetric Encryption
- Asymmetric Algorithms
- Hashing Algorithms
- Digital Signatures
- Digital Envelope
- Public Key Infrastructure (PKI)
- Uses of Encryption in Communications
- Auditing Encryption Implementations
- Malware
- Viruses
- Virus Protection
- Other Forms of Malware
- Incident Handling and Evidence
- Security Incident Handling and Response
- Evidence Handling
- Physical and Environmental Controls
- Physical Access Issues and Exposures
- Physical Access Issues and Exposures cont.
- Physical Access Controls
- Controls for Environmental Exposures
- Controls for Environmental Exposures cont.
- Controls for Environmental Exposures cont.
- Electrical Problems
- Auditing Physical Access
- End of Domain Five