Pasiruošimas informacinių sistemų auditoriaus sertifikatui gauti (CISA)

Kurso aprašymas

Šiame 4 dienų kurse pristatomas informacinių sistemų audito procesas, mokoma įvertinti IT valdymo struktūrą, IT sistemų ir infrastruktūros gyvavimo ciklą, IT paslaugų teikimo ir palaikymo valdymo atitikimą teikiamų paslaugų lygiui, įvertinti, ar pakankamai apsaugotos IT priemonės, kad nelaimės atveju užtikrintų nenutrūkstamą verslo procesą. Kurso metu šalia teorijos bus pristatomi geriausios praktikos pavyzdžiai.

Tikslinė auditorija:

IT specialistai, atsakingi už informacinių technologijų ir sistemų saugumą, IT auditoriai, o taip pat besirengiantys CISA egzamino laikymui.

Dėstamos temos:

  • The Information Systems Audit Process
  • IT Governance
  • Systems and Infrastructure Lifecycle Management
  • Systems and Infrastructure Lifecycle Maintenance
  • IT Service Delivery and Support
  • Protection of Information Assets
  • Business Continuity and Disaster Recovery

Kurso turinys

The Information Systems Audit Process

  • ISACA Information Systems Auditing Standards and Guidelines
  • Develop and Implement an Information Systems Audit Strategy
  • Plan an Audit
  • Conduct an Audit
  • The Evidence Lifecycle
  • Communicate Issues, Risks, and Audit Results
  • Support the Implementation of Risk Management and Control Practices

IT Governance

  • Evaluate the Effectiveness of IT Governance
  • Evaluate the IT Organizational Structure
  • Evaluate the IT Strategy
  • Evaluate IT Policies, Standards, and Procedures for Compliance
  • Ensure Organizational Compliance
  • IT Resource Investment, Use, and Allocation Practices
  • Evaluate IT Contracting Strategies and Policies
  • Evaluate Risk Management Practices
  • Performance Monitoring and Assurance Practices

Systems and Infrastructure Lifecycle Management

  • Determine the Business Case for Change
  • Evaluate Project Management Frameworks and Governance Practices
  • Perform Periodic Project Reviews
  • Evaluate Control Mechanisms for Systems
  • Evaluate Development and Testing Processes
  • Evaluate Implementation Readiness
  • Evaluate a System Migration

Systems and Infrastructure Lifecycle Maintenance

  • Perform a Post-Implementation System Review
  • Perform Periodic System Reviews
  • Evaluate the Maintenance Process
  • Evaluate the Disposal Process

IT Service Delivery and Support

  • Evaluate Service Level Management Practices
  • Evaluate Operations Management
  • Evaluate Data Administration Practices
  • Evaluate the Use of Capacity and Performance Monitoring Methods
  • Evaluate Change, Configuration, and Release Management Practices
  • Evaluate Problem and Incident Management Practices
  • Evaluate the Functionality of the IT Infrastructure

Protection of Information Assets

  • Information Security Design
  • Encryption Basics
  • Evaluate the Design, Implementation, and Monitoring of Logical Access Controls
  • Evaluate the Design, Implementation, and Monitoring of Physical Access Controls
  • Evaluate the Design, Implementation, and Monitoring of Environmental Controls
  • Evaluate Network Infrastructure Security
  • Evaluate the Confidential Information Processes and Procedures

Business Continuity and Disaster Recovery

  • Evaluate the Adequacy of Backup and Restore
  • Evaluate the BCP and DRP