Course Description
The field of information systems is growing and changing at an increasingly fast pace. Organizations are investing in and relying on a secure and efficient IT infrastructure to maintain business and meet business goals and objectives. Information systems auditing plays a crucial role in developing and maintaining this business environment. The information systems auditor is responsible for evaluating security in all aspects of the infrastructure and to also guide business leaders in maintaining a secure organization. This course can enable you to evaluate the security and controls of the organization’s business structure and governance methods; the policies, procedures, and guidelines used; and the overall security of the business environment. In addition, this course will help you in your preparation if you plan to pursue the ISACA® CISA® certification examination. The intended audience for this course is information systems security professionals and internal review auditors and other individuals who have an interest in aspects of information systems audit, controls, and security. While this course will help prepare candidates for the CISA exam, it is not the only preparation that should be used. ISACA requires that the successful CISA candidate have at least five years of professional experience; because of this, the CISA exam will draw on material and experience that is beyond the scope of any single training course, most notably covering database administration, network components and theory, software and operating systems, and hardware devices. Candidates who wish to solidify their understanding of this material might choose to take additional training in these areas if they don’t feel their professional experience is sufficient.
In this course, you will perform evaluations of organizational policies, procedures, and processes to ensure that an organization’s information systems align with overall business goals and objectives.
Course Length
20 hours
Course Outline
The Information Systems Audit Process
Lesson Introduction
ISACA Information Systems Auditing Standards and Guidelines
Develop and Implement an Information Systems Audit Strategy
Plan an Audit
Conduct an Audit
The Evidence Lifecycle
Communicate Issues, Risks, and Audit Results
Support the Implementation of Risk Management and Control Practices
Lesson Lab
Lesson Follow Up
IT Governance
Lesson Introduction
Evaluate the Effectiveness of IT Governance
Evaluate the IT Organizational Structure
Evaluate the IT Strategy
Evaluate IT Policies, Standards, and Procedures for Compliance
Ensure Organizational Compliance
IT Resource Investment, Use, and Allocation Practices
Evaluate IT Contracting Strategies and Policies
Evaluate Risk Management Practices
Performance Monitoring and Assurance Practices
Lesson Lab
Lesson Follow Up
Systems and Infrastructure Lifecycle Management
Lesson Introduction
Determine the Business Case for Change
Evaluate Project Management Frameworks and Governance Practices
Perform Periodic Project Reviews
Evaluate Control Mechanisms for Systems
Evaluate Development and Testing Processes
Evaluate Implementation Readiness
Evaluate a System Migration
Lesson Lab
Lesson Follow Up
Systems and Infrastructure Lifecycle Maintenance
Lesson Introduction
Perform a Post-Implementation System Review
Perform Periodic System Reviews
Evaluate the Maintenance Process
Evaluate the Disposal Process
Lesson Lab
Lesson Follow Up
IT Service Delivery and Support
Lesson Introduction
Evaluate Service Level Management Practices
Evaluate Operations Management
Evaluate Data Administration Practices
Evaluate the Use of Capacity and Performance Monitoring Methods
Evaluate Change, Configuration, and Release Management Practices
Evaluate Problem and Incident Management Practices
Evaluate the Functionality of the IT Infrastructure
Lesson Lab
Lesson Follow Up
Protection of Information Assets
Lesson Introduction
Information Security Design
Encryption Basics
Evaluate the Design, Implementation, and Monitoring of Logical Access Controls
Evaluate the Design, Implementation, and Monitoring of Physical Access Controls
Evaluate the Design, Implementation, and Monitoring of Environmental Controls
Evaluate Network Infrastructure Security
Evaluate the Confidential Information Processes and Procedures
Lesson Lab
Lesson Follow Up
Business Continuity and Disaster Recovery
Lesson Introduction
Evaluate the Adequacy of Backup and Restore
Evaluate the BCP and DRP
Lesson Lab
Lesson Follow Up
Course Director
Patrick von Schlag
Mr. von Schlag has more than 25 years of real-world experience managing IT and business organizations. He has served as a consultant, facilitator, and instructor in support of more than 200 ITSM program deployments, with a focus on practical benefits. He holds all 11 ITIL 2011 certifications and runs an accredited learning consultancy focused on Making ITIL Work ™ in real organizations. His customer list includes The Walt Disney Company, Microsoft, Nike, Sears, US Marine Corps, US Army, US Air Force, 2nd and 5th Fleet US Navy, DISA, IRS, Federal Reserve, The Hartford, Citigroup, Amgen, Los Angeles County, Port of Long Beach, GDIT, Accenture, Serco, Deloitte, and hundreds of other market-leading companies.