Professional Documents
Culture Documents
Course Agenda
Learning Objectives
Discuss Task and Knowledge Statements
Discuss specific topics within the chapter
Case studies
Sample questions
Exam Relevance
Ensure that the CISA
candidate
Understands and can provide
assurance that the necessary
leadership and organizational
structures and processes are in
place to achieve the objectives
and to support the enterprises
strategy.
Chapter 5
30%
Chapter 1
14%
Chapter 2
14%
Chapter 4
23%
Chapter 3
19%
10/20/2014
Learning Objectives
T2.3
T2.4
T2.5
10/20/2014
T2.7
T2.8
T2.9
10/20/2014
KS2.7
KS2.8
KS2.9
KS2.10
KS2.5
KS2.6
KS2.12
KS2.13
KS2.14
KS2.16
11
10
12
10/20/2014
13
Effective governance of
enterprise IT focuses on:
15
10/20/2014
16
17
18
10/20/2014
19
Responsibility
Authority
Membership
20
Sponsoring executive
Business executive (key users)
CIO
Key advisors as required (IT, audit, legal, finance)
21
10/20/2014
22
23
24
10/20/2014
Performance measurement
measure, monitor and report
on information security
processes
Strategic alignmentalign
with business strategy
Risk managementmanage
and execute appropriate
measures to mitigate risks
Resource management
utilize information security
knowledge and infrastructure
efficiently and effectively
Value deliveryoptimize
security investments
Process integration
integration of management
assurance processes for
security
25
26
27
10/20/2014
28
29
Functional
Network
People
Process
(Application)
(Technology)
(Organization)
(Workflow)
Strategy
Scope
Enterprise
model
Systems model
Technology
model
Detailed
representation
30
10
10/20/2014
31
(cont.)
32
33
11
10/20/2014
34
35
36
12
10/20/2014
2.7.1 Policies
37
38
2.7.2 Procedures
39
13
10/20/2014
40
41
42
14
10/20/2014
43
44
Qualitative
Semiquantitative
Quantitative
Probability and expectancy
Annual loss expectancy method
45
15
10/20/2014
46
Hiring
Employee handbook
Promotion policies
Training
Scheduling and time reporting
Employee performance evaluations
Required vacations
Termination policies
47
48
16
10/20/2014
49
50
51
Governance in outsourcing
Mechanism that allows organizations to transfer the delivery
of services to third parties
Accountability remains with the management of the client
organization
Transparency and ownership of the decision-making process
must reside within the purview of the client
17
10/20/2014
52
53
54
18
10/20/2014
55
56
57
19
10/20/2014
58
59
60
20
10/20/2014
61
(cont.)
62
63
Database administration
Systems analyst
Security architect
Applications development and maintenance
Infrastructure development and maintenance
Network management
21
10/20/2014
64
65
66
22
10/20/2014
67
68
69
23
10/20/2014
70
71
72
24
10/20/2014
73
74
75
25
10/20/2014
76
77
78
26
10/20/2014
79
80
81
27
10/20/2014
82
83
84
28
10/20/2014
85
86
87
29
10/20/2014
88
89
90
30
10/20/2014
91
92
93
An IS auditor must:
Evaluate presence, synchronization and currency of media
and documentation
Perform a detailed inventory review
Review all documentation
Evaluate availability of facility
31
10/20/2014
94
95
An IS auditor must:
Evaluate the physical and environmental access controls
Examine the equipment for current inspection and
calibration tags
96
32
10/20/2014
97
98
99
33
10/20/2014
100
101
102
34
10/20/2014
103
104
105
35
10/20/2014
106
107
108
36
10/20/2014
109
110
111
37
10/20/2014
112
113
114
38
10/20/2014
115
116
117
39
10/20/2014
118
119
120
40
10/20/2014
121
122
123
41
10/20/2014
124
125
126
42
10/20/2014
Questions
QUESTIONS
Thanks
Sanjiv Arora
sa@tech-controls.com
+91 9810293733
www.tech-controls.com
43