Certified Information Systems Auditor

Modules / Chapter

• Domain 1: Information System Auditing Process (21%)

  ·        Planning

  o   IS Audit Standards, Guidelines and Codes of Ethics

  o   Business Processes

  o   Types of Controls

  o   Risk-based Audit Planning

  o   Types of Audits and Assessments

  ·        Execution

  o   Audit Project Management

  o   Sampling Methodology

  o   Audit Evidence Collection Techniques

  o   Data Analytics

  o   Reporting and Communication Techniques

  o   Quality Assurance and Improvement of the Audit Process

  Domain 2: Governance and Management of IT (17%)

  ·        IT Governance and IT Strategy

  o   IT-related Frameworks

  o   IT Standards, Policies and Procedures

  o   Organizational Structure             

  o   Enterprise Architecture

  o   Enterprise Risk Management

  o   Maturity Models

  o   Laws, Regulations and Industry Standards Affecting the Organization

  ·        IT Management
  

  o   IT Resource Management

  o   IT Service Provider Acquisition and Management

  o   IT Performance Monitoring and Reporting           

  o   Quality Assurance and Quality Management of IT

  
  

  Domain 3: Information Systems Acquisition, Development and Implementation (12%)

  ·        Information Systems Acquisition and Development

  o   Project Governance and Management

  o   Business Case and Feasibility Analysis

  o   System Development Methodologies

  o   Control Identification and Design

  ·        Information Systems Implementation o

  o   Testing Methodologies

  o   Configuration and Release Management

  o   System Migration, Infrastructure Deployment and Data Conversion o Post-implementation Review

   

  Domain 4:  IS Operations and Business Resilience (23%)

  ·        Information Systems Operations

  o   Common Technology Components            

  o   IT Asset Management

  o   Job Scheduling and Production Process Automation

  o   System Interfaces o End-user Computing

  o   Data Governance

  o   Systems Performance Management

  o   Problem and Incident Management

  o   Change, Configuration, Release and Patch Management

  o   IT Service Level Management

  o   Database Management

  ·        Business Resilience

  o   Business Impact Analysis

  o   System Resiliency

  o   Data Backup, Storage and Restoration o

  o   Business Continuity Plan

  o   Disaster Recovery Plans

   

  Domain 5: Information Asset Security and Control (27%)

  ·        Information Asset Security Frameworks, Standards and Guidelines

  o   Privacy Principles

  o   Physical Access and Environmental Controls

  o   Identity and Access Management            

  o   Network and End-point Security

  o   Data Classification

  o   Data Encryption and Encryption-related Techniques

  o   Public Key Infrastructure

  o   Web-based Communication Technologies

  o   Virtualized Environments

  o   Mobile, Wireless and Internet-of-things Devices

   ·        Security Event Management

  o   Security Awareness Training and Programs

  o   Information System Attack Methods and Techniques

  o   Security Testing Tools and Techniques

  o   Security Monitoring Tools and Techniques

  o   Incident Response Management

  o   Evidence Collection and Forensics