Learn your way! Get started

Certified Information Systems Auditor CISA, Part 2: Governance and Management of IT

with expert Kenneth Mayer


Watch trailer


Course at a glance

Included in these subscriptions:

  • Dev & IT Pro Video
  • Dev & IT Pro Power Pack

Release date 3/1/2018
Level Intermediate
Runtime 3h 29m
Closed captioning N/A
Transcript N/A
eBooks / courseware N/A
Hands-on labs N/A
Sample code N/A
Exams Included


Enterprise Solutions

Need reporting, custom learning tracks, or SCORM? Learn More



Course description

The goal of this course is to address why IT governance is necessary. An IS auditor has to understand and provide assurance to achieve corporate governance for IT and possess the knowledge for evaluating control practices and mechanisms. 11 tasks will be covered several of which include evaluating effectiveness of IT structure and also human Resources management. This course is part of a series covering the ISACA Certified Information Systems Auditor (CISA).

Prerequisites

This is Part 2 of the series

Learning Paths

This course will help you prepare for the following certification and exam:
Certified Information Systems Auditor

Meet the expert

Kenneth Mayer As a certified Microsoft Instructor, Ken has focused his career on various security aspects of computer and network technology since the early 1980s. He has offered a wide variety of IT training and high level consulting projects for Fortune 500 companies globally. Through the course of his extensive career, he has taught a full line of Microsoft, CompTIA, Cisco, and other high level IT Security curricula.


Course outline



Business and IT Governance

Introduction to Governance (03:49)
  • Introduction (00:23)
  • Corporate Governance (00:25)
  • Corporate Governance Framework and Goal (02:06)
  • IT Governance (00:45)
  • Summary (00:08)
IT Governance (40:51)
  • Introduction (00:31)
  • IT Monitoring and Assurance for Senior Management (02:04)
  • IT Monitoring and Assurance Continued (01:47)
  • Best Practices for IT Governance (02:29)
  • Importance of IT Governance (00:42)
  • Focus Areas (03:15)
  • Best Practices Continued (00:53)
  • IT Governance Frameworks (01:30)
  • Audit Role in IT Governance (01:54)
  • Defining an Audit and Things to Assess (01:50)
  • IT Strategy Committee (01:14)
  • IT Balanced Scorecard (00:33)
  • BSC Mission (04:03)
  • IS Governance (01:36)
  • IS Governance Continued (01:46)
  • Information Protection (03:09)
  • Information Security Risks (01:22)
  • Importance of IS Governance (03:19)
  • Outcomes of Security Governance (01:52)
  • Effective Information Security Governance (00:52)
  • Roles and Responsibilities of Senior Management (00:59)
  • Effective Security Governance (02:08)
  • Enterprise Architecture (00:44)
  • Summary (00:08)
Strategy and Models (06:11)
  • Introduction (02:11)
  • Strategic Planning (00:57)
  • Strategic Planning Continued (00:43)
  • Steering Committee (01:34)
  • Maturity and Process Improvement Models (00:36)
  • Summary (00:08)
IT Investment and Allocation (05:52)
  • Introduction (01:35)
  • IT Investment and Allocation Practices (01:04)
  • Portfolio and Investment Management (01:47)
  • Implement IT Portfolio Management (00:47)
  • IT Portfolio Management vs. Blanaced Scorecard (00:29)
  • Summary (00:08)
Policies and Procedures (18:02)
  • Introduction (00:13)
  • Policies (00:43)
  • Policies Continued (02:32)
  • Policy Reviews (01:20)
  • Information Security Policiy (00:57)
  • Policy Document (02:04)
  • Policy Document Subdivisions (02:52)
  • Acceptable Use Policy (01:35)
  • Reviewing the Information Security Policy (00:29)
  • IS Auditory Policy Tasks (01:03)
  • Procedures (02:29)
  • Procedures Continued (01:31)
  • Summary (00:08)

IS Management

Risk Management (31:33)
  • Introduction (02:03)
  • Risk Management (03:28)
  • Develop Risk Management Program (02:37)
  • Risk Management Process (00:58)
  • Identify Vulnerable Assets (01:55)
  • Assess Threats and Vulnerabilities (02:28)
  • Impacts (01:58)
  • Evaluate Controls (02:19)
  • Levels of Risk Management (00:59)
  • Risk Analysis Methods (00:14)
  • Qualitative Analysis (02:14)
  • Quantitative Analysis (00:47)
  • Business Impact Analysis (05:30)
  • Risk Analysis Methods Continued (03:49)
  • Summary (00:08)
IS Management Practices (50:21)
  • Introduction (00:24)
  • Human Resource Management (00:16)
  • Hiring (02:24)
  • Hiring Practices (04:09)
  • What to Look At (04:13)
  • Sourcing Practices (01:26)
  • Sourcing Policies (03:47)
  • Outsourcing Practices (02:51)
  • Outsourcing Considerations (04:15)
  • Worldwide Practices and Strategies (01:45)
  • Options for Auditing a Third Party (01:17)
  • Governance and Outsourcing (01:49)
  • Outsourcing as Strategic Resource (02:02)
  • Outsourcing Monitoring and Review (00:53)
  • Service Improvement Expectations (01:55)
  • Organizational Change Management (02:23)
  • Financial Management Practices (02:32)
  • Quality Management (00:57)
  • Documenting Quality Management (02:47)
  • Gap Analysis (01:56)
  • Performance Optimization (00:00)
  • Information Security Management (02:16)
  • Performance Measurements (03:46)
  • Summary (00:08)

Auditing and Business Continuity Planning

IS Structure and Responsibilities (17:18)
  • Introduction (00:55)
  • Is Roles and Responsibilities (02:29)
  • IS Roles and Responsibilities Continued (01:33)
  • More IS Roles and Responsibilities (01:16)
  • Segregation of Duties (00:36)
  • Custody of Assets (02:33)
  • Other Things to Separate (03:11)
  • Compensating Controls (04:33)
  • Summary (00:08)
Auditing IT Governance (06:53)
  • Introduction (01:07)
  • Reviewing Documentation (00:50)
  • Reviewing Documentation Continued (00:53)
  • Contractual Committments (03:54)
  • Summary (00:08)
Business Continuity Planning (28:47)
  • Introduction (00:15)
  • Business Continuity Planning (01:11)
  • Disaster Recovery Plan (01:50)
  • IS Business Continuity Planning (00:53)
  • Disasters and Other Disruptive Events (02:26)
  • Business Continuity Strategies (02:01)
  • Business Continuity Planning Process (03:19)
  • Business Continuity Policy (01:13)
  • Business Impact Analysis (01:38)
  • Business Impact Analysis Strategies (00:46)
  • Classification of Operations (00:58)
  • Development of Business Continuity Plans (02:30)
  • Other Issues and Plan Development (00:48)
  • Components of a BCP (01:14)
  • Components of a BCP Continued (02:08)
  • Testing the BCP (01:43)
  • BCP Testing Continued (02:02)
  • BCP Maintenance (00:53)
  • Summary of BCP (00:41)
  • Summary (00:08)