Curriculum
- 6 Sections
- 130 Lessons
- 24 Hours
Expand all sectionsCollapse all sections
- Information System Auditing Process29
- 1.1Audit Planning
- 1.2Key Aspects – Audit Planning
- 1.3QAE – Audit Planning
- 1.4Audit Charter
- 1.5Electronic Data Interchange (EDI)
- 1.6Internal Controls
- 1.7Internal Controls – Key Aspects
- 1.8Internal Controls – QAE
- 1.9What is Risk?
- 1.10Understanding Vulnerabilities and threats
- 1.11Types of Risks
- 1.12Risk response methodology
- 1.13Key Aspects – Risk based Audit Planning
- 1.14QAE – Risk based Audit Planning
- 1.15Steps of Risk Assessment
- 1.16Key Aspects: Audit Project Management
- 1.17QAE – Audit Project Management
- 1.18Sampling Methodology
- 1.19Compliance and Substantive Testing
- 1.20Audit Evidence Collection Techniques
- 1.21Continous Auditing Techniques
- 1.22Data Analytics
- 1.23Reporting and Communication Techniques
- 1.24Control Self Assessment
- 1.25IS Internal Audit Function
- 1.26Managing third party IS Auditors and other experts
- 1.27Agile Auditing
- 1.28Quality Assurance of Audit Process
- 1.29Use of Artificial Intelligence in Audit Process
- Governance and Management of IT20
- 2.1Key Aspects Enterprise Governance of Information and Technology
- 2.2QAE Enterprise Governance of Information and Technology
- 2.3IT Standards, Policies and Procedures
- 2.4Approaches for Policy Development (Top down & Bottom up)
- 2.5Organizational Structure – Roles and Responsibility of Various Functions
- 2.6IT Strategy & Steering Commitee
- 2.7Enterprise Architecture
- 2.8Risk Treatment
- 2.9Risk Analysis Methods
- 2.10Enterprise Risk Management.
- 2.11Maturity Models
- 2.12Laws, Regulations and Industry Standards Affecting the Organization
- 2.13IT Resource Management Training Scheduling and Time Reporting Terms
- 2.14IT Service Provider Acquisition and Management
- 2.15IT Performance Monitoring and Reporting
- 2.16Balanced Score Card
- 2.17IT Performance Monitoring and Reporting
- 2.18Quality Assurance and Quality Management of IT
- 2.19Data Privacy Program and Principles
- 2.20Data Classification
- Information System Acquisition and Development and Implementation15
- 3.1Project Evaluation Methods
- 3.2Business Case and Feasibility Analysis
- 3.3Agile System Development Methodology
- 3.4Object Oriented system development methodology
- 3.5Prototype & Rapid Application Development (RAD)
- 3.6Key Aspects – System Development Methodologies
- 3.7QAE – System Development Methodologies
- 3.8Check Digit
- 3.9Parity Bit, Checksum and CRC
- 3.10Key Aspects – Control Identification and Design and Balancing
- 3.11QAE – Control Identification and Design and Balancing
- 3.12Testing Methodologies
- 3.13System Migration, Infrastructure Deployment and Data Conversion
- 3.14Post-implementation Review
- 3.15Configuration & Release Management
- Information System Operations, Maintenance and Support23
- 4.1RFID
- 4.2IT Asset Management
- 4.3Job Scheduling and Production Process Automation
- 4.4End-user Computing
- 4.5Systems Performance Management
- 4.6Problem and Incident Management
- 4.7Network Management Tools
- 4.8Change, Configuration, Release and Patch Management
- 4.9IT Service Level Management
- 4.10Relational database model
- 4.11Database Normalization
- 4.12Database checks and controls
- 4.13DBA Roles and Responsibilites & SoD
- 4.14Database Management
- 4.15Business Impact Analysis
- 4.16System Resiliency
- 4.17Business Continuity Plan
- 4.18Types of Backup
- 4.19RTO & RPO
- 4.20Alternate Recovery Site
- 4.21Disaster Recovery Plans
- 4.22DRP – Test Methods
- 4.23Operational Log Management
- Protection of Information Assests42
- 5.1Information Security Management Framework
- 5.2Privacy Principles
- 5.3Physical Access and Environmental Controls
- 5.4Fire Supression Systems
- 5.5Single Sign On
- 5.6Factor of Authentication
- 5.7Key Aspects – Identity and Access Management
- 5.8QAE 1 – Identity and Access Management
- 5.9Biometrics
- 5.10OSI Layers
- 5.11Firewall Types
- 5.12Firewall Implementation
- 5.13Next Generation Firewalls (NGFW)
- 5.14Unified Threat Management (UTM)
- 5.15Virtual Private Network
- 5.16Network LAN Components
- 5.17Network Physical Devices
- 5.18Other Network Devices
- 5.19Voice over Internet Protocols (VoIP)
- 5.20Wireless Network
- 5.21Email Security
- 5.22Classification of Information Assets
- 5.23Data Encryption and Encryption-related Techniques
- 5.24Other Encryption Techniques
- 5.25Public Key Infrastructure
- 5.26Cloud Computing
- 5.27Security Awareness Training and Programs
- 5.28Information System Attack Methods and Techniques
- 5.29Key Aspects – Information System Attack Methods and Techniques
- 5.30QAE – Information System Attack Methods and Techniques
- 5.31Security Testing Tools and Techniques
- 5.32IDS & IPS
- 5.33Incident Response Management
- 5.34Evidence Collection and Forensics
- 5.35Zero Trust
- 5.36Privilege Access Management
- 5.37Directory Services
- 5.38Identity as a Service (IaaS)
- 5.39Digital Right Management (DRM)
- 5.40Federated Identity Management (FIM)
- 5.41Data Loss Prevention (DLP)
- 5.42Virtualization
- Practice Questions1