Course description
The goal of this course is to address why IT governance is necessary. An IS auditor has to understand and provide assurance to achieve corporate governance for IT and possess the knowledge for evaluating control practices and mechanisms. Eleven tasks will be covered several of which include evaluating effectiveness of IT structure and also human resources management. This course is part of a series covering the ISACA Certified Information Systems Auditor (CISA).
Each LearnNowOnline training course is made up of Modules (typically an hour in length). Within each module there are Topics (typically 15-30 minutes each) and Subtopics (typically 2-5 minutes each). There is a Post Exam for each Module that must be passed with a score of 70% or higher to successfully and fully complete the course.
Prerequisites
This is Part 2 of the series
Meet the expert
Kenneth Mayer
As a certified Microsoft Instructor, Ken has focused his career on various security aspects of computer and network technology since the early 1980s. He has offered a wide variety of IT training and high level consulting projects for Fortune 500 companies globally. Through the course of his extensive career, he has taught a full line of Microsoft, CompTIA, Cisco, and other high level IT Security curricula.
Video Runtime
209 Minutes
Time to complete
269 Minutes
Course Outline
Business and IT Governance
Introduction to Governance (03:49)
- Introduction (00:23)
- Corporate Governance (00:25)
- Corporate Governance Framework and Goal (02:06)
- IT Governance (00:45)
- Summary (00:08)
IT Governance (40:51)
- Introduction (00:31)
- IT Monitoring and Assurance for Senior Management (02:04)
- IT Monitoring and Assurance Continued (01:47)
- Best Practices for IT Governance (02:29)
- Importance of IT Governance (00:42)
- Focus Areas (03:15)
- Best Practices Continued (00:53)
- IT Governance Frameworks (01:30)
- Audit Role in IT Governance (01:54)
- Defining an Audit and Things to Assess (01:50)
- IT Strategy Committee (01:14)
- IT Balanced Scorecard (00:33)
- BSC Mission (04:03)
- IS Governance (01:36)
- IS Governance Continued (01:46)
- Information Protection (03:09)
- Information Security Risks (01:22)
- Importance of IS Governance (03:19)
- Outcomes of Security Governance (01:52)
- Effective Information Security Governance (00:52)
- Roles and Responsibilities of Senior Management (00:59)
- Effective Security Governance (02:08)
- Enterprise Architecture (00:44)
- Summary (00:08)
Strategy and Models (06:11)
- Introduction (02:11)
- Strategic Planning (00:57)
- Strategic Planning Continued (00:43)
- Steering Committee (01:34)
- Maturity and Process Improvement Models (00:36)
- Summary (00:08)
IT Investment and Allocation (05:52)
- Introduction (01:35)
- IT Investment and Allocation Practices (01:04)
- Portfolio and Investment Management (01:47)
- Implement IT Portfolio Management (00:47)
- IT Portfolio Management vs. Blanaced Scorecard (00:29)
- Summary (00:08)
Policies and Procedures (18:02)
- Introduction (00:13)
- Policies (00:43)
- Policies Continued (02:32)
- Policy Reviews (01:20)
- Information Security Policiy (00:57)
- Policy Document (02:04)
- Policy Document Subdivisions (02:52)
- Acceptable Use Policy (01:35)
- Reviewing the Information Security Policy (00:29)
- IS Auditory Policy Tasks (01:03)
- Procedures (02:29)
- Procedures Continued (01:31)
- Summary (00:08)
IS Management
Risk Management (31:33)
- Introduction (02:03)
- Risk Management (03:28)
- Develop Risk Management Program (02:37)
- Risk Management Process (00:58)
- Identify Vulnerable Assets (01:55)
- Assess Threats and Vulnerabilities (02:28)
- Impacts (01:58)
- Evaluate Controls (02:19)
- Levels of Risk Management (00:59)
- Risk Analysis Methods (00:14)
- Qualitative Analysis (02:14)
- Quantitative Analysis (00:47)
- Business Impact Analysis (05:30)
- Risk Analysis Methods Continued (03:49)
- Summary (00:08)
IS Management Practices (50:21)
- Introduction (00:24)
- Human Resource Management (00:16)
- Hiring (02:24)
- Hiring Practices (04:09)
- What to Look At (04:13)
- Sourcing Practices (01:26)
- Sourcing Policies (03:47)
- Outsourcing Practices (02:51)
- Outsourcing Considerations (04:15)
- Worldwide Practices and Strategies (01:45)
- Options for Auditing a Third Party (01:17)
- Governance and Outsourcing (01:49)
- Outsourcing as Strategic Resource (02:02)
- Outsourcing Monitoring and Review (00:53)
- Service Improvement Expectations (01:55)
- Organizational Change Management (02:23)
- Financial Management Practices (02:32)
- Quality Management (00:57)
- Documenting Quality Management (02:47)
- Gap Analysis (01:56)
- Performance Optimization (00:00)
- Information Security Management (02:16)
- Performance Measurements (03:46)
- Summary (00:08)
Auditing and Business Continuity Planning
IS Structure and Responsibilities (17:18)
- Introduction (00:55)
- Is Roles and Responsibilities (02:29)
- IS Roles and Responsibilities Continued (01:33)
- More IS Roles and Responsibilities (01:16)
- Segregation of Duties (00:36)
- Custody of Assets (02:33)
- Other Things to Separate (03:11)
- Compensating Controls (04:33)
- Summary (00:08)
Auditing IT Governance (06:53)
- Introduction (01:07)
- Reviewing Documentation (00:50)
- Reviewing Documentation Continued (00:53)
- Contractual Committments (03:54)
- Summary (00:08)
Business Continuity Planning (28:47)
- Introduction (00:15)
- Business Continuity Planning (01:11)
- Disaster Recovery Plan (01:50)
- IS Business Continuity Planning (00:53)
- Disasters and Other Disruptive Events (02:26)
- Business Continuity Strategies (02:01)
- Business Continuity Planning Process (03:19)
- Business Continuity Policy (01:13)
- Business Impact Analysis (01:38)
- Business Impact Analysis Strategies (00:46)
- Classification of Operations (00:58)
- Development of Business Continuity Plans (02:30)
- Other Issues and Plan Development (00:48)
- Components of a BCP (01:14)
- Components of a BCP Continued (02:08)
- Testing the BCP (01:43)
- BCP Testing Continued (02:02)
- BCP Maintenance (00:53)
- Summary of BCP (00:41)
- Summary (00:08)