CISA Domain: Governance and Management of IT - Part 2

Overview/Description
Information Security Management Practices should adhere to the business goals of an organization, aligning to the objectives that management set down for company improvement. This course examines different types of management practices such as human resource management, sourcing management, change management, financial management, and quality management. This course also looks at how segregation of duties is used to better control information security. Finally, this course examines business continuity and impact analysis and how it can be used as part of information security management practices. The Certified Information Systems Auditor (CISA) certification is known world-wide as the standard of achievement for those who assess, audit, control, and monitor an organization’s information systems. CISA has been given ISO/IEC 17024:2003 certification by The American National Standards Institute (ANSI). This course will help to prepare learners for the CISA examination.

Target Audience
Information Systems professionals with an interest in information systems audit, control and security. A minimum of five years of professional information systems auditing, control or security work experience is required for certification.

Expected Duration (hours)
3.0

Lesson Objectives

CISA Domain: Governance and Management of IT - Part 2

recognize human resource management practices and how they relate to the IS function

match IS management approaches with their related features

recognize how to optimize IT performance

recognize various outsourcing practices and strategies

specify how governance relates to outsourcing

describe how to manage third-party service delivery

describe IS roles and responsibilities

recognize how segregation of duties in IS can prevent fraudulent or malicious acts

match segregation of duties controls and compensating controls to their correct descriptions

recognize IS management practices

recognize IS sourcing practices

recognize IS organizational structure and responsibilities

interpret IT governance documentation and contractual agreements before auditing the IS function

compare business continuity planning and IS business continuity planning

recognize the business continuity planning process and policy

recognize how to implement business continuity planning incident management

identify what happens in the business impact analysis phase

identify the factors to consider while developing the business continuity plan

recognize the key components of a business continuity plan

match the plan testing phases with their correct description

recognize how to review the business continuity plan as part of the IS audit

describe other tasks related to auditing business continuity

review IT governance documentation and describe business continuity planning

recognize how business impact analysis contributes to the development of a business continuity plan

recognize how to test and audit business continuity