Table of Contents
Domain 1: The Process of Auditing Information Systems
Lesson 1: Audit Fundamentals
1.1: Understanding the Audit Function
1.2: Adhering to ISACA IS Audit and Assurance Standards and Guidelines
1.3: Identifying the Risk/Audit Relationship
1.4: Surveying IS Controls
Lesson 1 Review
Lesson 2: Auditing
2.1: Performing an IS Audit
2.2: Gathering Audit Evidence
2.3: Understanding Sampling Techniques
2.4: Reporting and Communicating Audit Results
2.5: Audit Evolutions
Lesson 2 Review
Module 1 Summary
Domain 2: Governance and Management of IT
Lesson 3: Governance Structure, Processes, and Models
3.1: Understanding Corporate and Information Security Governance (Defining Governance)
3.2: Designing Strategic Plans, Policies, and Procedures
3.3: Surveying IT Organizational Structures and SOD
3.4: Surveying Maturity and Process Implementation Models
3.5: Understanding Performance Optimization
3.6: Auditing IT Governance
Lesson 3 Review
Lesson 4: Risk Management
4.1: Evaluating a Risk Management Program
4.2: Conducting a Risk Assessment
4.3: Auditing Risk Management
Lesson 4 Review
Lesson 5: Third-Party Relationships
5.1: Examining Outsourcing and Third-Party Management
5.2: Deconstructing Cloud Computing
5.3: Auditing Third-Party Relationships
Lesson 5 Review
Lesson 6: Business Continuity
6.1: Defining Business Continuity Planning
6.2: Examining a Business Impact Analysis (BIA)
6.3: Designing Business Continuity Plans
6.4: Evaluating Business Continuity Testing and Readiness
6.5: Auditing Business Continuity
Lesson 6 Review
Module 2 Summary
Domain 3: Information Systems Acquisition, Development, and Implementation
Lesson 7: Project Management
7.1: Developing a Business Case
7.2: Understanding Portfolio Management
7.3: Defining Project Management
7.4: Auditing Project Management
Lesson 7 Review
Lesson 8: Application Development
8.1: Exploring Business Application Development
8.2: Identifying Software Development Testing Techniques
8.3: Recognizing Source Code Vulnerabilities
8.4: Auditing the Development Process
Lesson 8 Review
Lesson 9: System Acquisition and Implementation
9.1: Exploring Acquisition Processes
9.2: Deconstructing System Implementation
9.3: Recognizing Application Controls
9.4: Understanding Configuration and Change Management
9.5: Auditing Acquisition and Implementation
Lesson 9 Review
Module 3 Summary
Domain 4: Information Systems Operations, Maintenance, and Service Management
Lesson 10: IS Operational Management
10.1: Surveying Information Systems Management and Frameworks
10.2: Managing Operational Processes
10.3: Understanding Asset Management
10.4: Auditing IS Operational Management
Lesson 10 Review
Lesson 11: Data Management
11.1: Defining Data Management
11.2: Exploring Database Management Systems (DBMS)
11.3: Auditing Data Management
Lesson 11 Review
Lesson 12: Network Architecture
12.1: Examining OSI Model and TCP/IP Models
12.2: Exploring Transmission Media and Telecommunications
12.3: Understanding Wireless Networks
12.4: Exploring VoIP
12.5: Auditing Network Architecture
Lesson 12 Review
Lesson 13: Disaster Response and Recovery
13.1: Understanding Disaster Response and Recovery Objectives
13.2: Identifying Recovery Strategies
13.3: Assessing Backup and Replication Strategies
13.4: Evaluating Disaster Recovery Plan Maintenance
13.5: Auditing Disaster Response and Recovery
Lesson 13 Review
Module 4 Summary
Domain 5: Protection of Information Assets
Lesson 14: Information Security Program Management
14.1: Surveying Information Security Management Systems (ISMS)
14.2: Identifying Information Security Classifications and Controls
14.3: Exploring Cyberthreats and Adversaries
14.4: Understanding Incident Management
14.5: Evaluating Investigative and Evidence Handling Capabilities
14.6: Auditing Information Security Program Management
Lesson 14 Review
Lesson 15: Authentication and Authorization
15.1: Examining Identification and Authentication
15.2: Exploring Access Control
15.3: Monitoring Access
15.4: Auditing User Access Controls
Lesson 15 Review
Lesson 16: Infrastructure Security
16.1: Surveying Perimeter Security
16.2: Managing Malware
16.3: Security Endpoint
16.4: Mobile Device Challenges
16.5: Testing Network Infrastructure Security
16.6: Auditing Infrastructure Security Controls
Lesson 16 Review
Lesson 17: Cryptography
17.1: Demystifying Encryption
17.2: Applying Asymmetric Encryption
17.3: Examining Hashing and Digital Signatures
17.4: Understanding Digital Certificates
17.5: Identifying Cryptographic Protocols and Attacks
17.6: Auditing Cryptographic Protocols
Lesson 17 Review
Lesson 18: Physical and Environmental Security
18.1: Examining Environmental Threats
18.2: Securing People and Places
18.3: Auditing Environmental and Physical Access
Lesson 18 Review
Module 5 Summary
Module 6: Acing Your Exam
Lesson 19: Understanding the Exam Structure
Lesson 20: Test Taking Strategies
Lesson 21: What to Expect at the Testing Center
Lesson 22: Attaining and Maintaining Your CISA Certification