CISA Domain: 2-Governance and Management of IT

• 17% of exam

• CISA: Corporate Governance
• 2.3 CISA: Governance of Enterprise IT
  • 2.3.1 CISA: Good Practices for Governance of Enterprise IT
    • Governance of Enterprise IT and Management Frameworks
    • Audit Role in Governance of Enterprise IT
  • 2.3.2 CISA: IT Governing Committees
  • 2.3.3 CISA: IT Balanced Scorecard
  • 2.3.4 CISA: Information Security Governance
    • Effective Information Security Governance
    • Roles and Responsibilities of Senior Management and Boards of Directors
    • Matrix of Outcomes and Responsibilities
  • 2.3.5 CISA: Enterprise Architecture
• 2.4 CISA: Information Systems Strategy
  • 2.4.1 CISA: Strategic Planning
  • 2.4.2 CISA: IT Steering Committee
• 2.5 CISA: Maturity and Process Improvement Models
• 2.6 CISA: IT Investment and Allocation Practices
  • 2.6.1 CISA: Value of IT
  • 2.6.2 CISA: Implementing IT Portfolio Management
  • 2.6.3 CISA: IT Portfolio Management Versus Balanced Scorecard
• 2.7 CISA: Policies and Procedures
  • 2.7.1 CISA: Policies
    • Information Security Policy
  • 2.7.2 CISA: Procedures
• 2.8 CISA: Risk Management
  • 2.8.1 CISA: Developing a Risk Management Program
  • 2.8.2 CISA: Risk Management Process
    • Step 1: Asset Identification
    • Step 2: Evaluation of Threats and Vulnerabilities to Assets
    • Step 3: Evaluation of the Impact
    • Step 4: Calculation of Risk
    • Step 5: Evaluation of and Response to Risk
  • 2.8.3 CISA: Risk Analysis Methods
    • CISA: Qualitative Analysis Methods
    • CISA: Semi-quantitative Analysis Methods
    • CISA: Quantitative Analysis Methods
• 2.9 CISA: Information Technology Management Practices
  • 2.9.1 CISA: Human Resource Management
    • CISA: Hiring
    • CISA: Employee Handbook
    • CISA: Promotion Policies
    • CISA: Training
    • CISA: Scheduling and Time Reporting
    • CISA: Employee Performance Evaluations
    • CISA: Required Vacations
    • CISA: Termination Policies
  • 2.9.2 CISA: Sourcing Practices
    • CISA: Outsourcing Practices and Strategies
    • CISA: Industry Standards/Benchmarking
    • CISA: Globalization Practices and Strategies
    • CISA: Cloud Computing
    • CISA: Outsourcing and Third-party Audit Reports
    • CISA: Governance in Outsourcing
    • CISA: Capacity and Growth Planning
    • CISA: Third-party Service Delivery Management
    • CISA: Service Improvement and User Satisfaction
  • 2.9.3 CISA: Organizational Change Management
  • 2.9.4 CISA: Financial Management Practices
    • IS Budgets
    • Software Development
  • 2.9.5 CISA: Quality Management
  • 2.9.6 CISA: Information Security Management
  • 2.9.7 CISA: Performance Optimization
    • CISA: Critical Success Factors
    • CISA: Methodologies and Tools
    • CISA: Tools and Techniques
  • 2.10 CISA: IT Organizational Structure and Responsibilities
  • 2.10.1 CISA: IT Roles and Responsibilities
    • CISA: Vendor and Outsourcer Management
    • CISA: Infrastructure Operations and Maintenance
    • CISA: Media Management
    • CISA: Data Entry
    • CISA: Supervisory Control and Data Acquisition
    • CISA: Systems Administration
    • CISA: Security Administration
    • CISA: Quality Assurance
    • CISA: Database Administration
    • CISA: Systems Analyst
    • CISA: Security Architect
    • CISA: System Security Engineer
    • CISA: Applications Development and Maintenance
    • CISA: Infrastructure Development and Maintenance
    • CISA: Network Management
  • 2.10.2 CISA: Segregation of Duties Within IT
  • 2.10.3 CISA: Segregation of Duties Controls
    • Transaction Authorization
    • Custody of Assets
    • Access to Data
    • Compensating Controls for Lack of Segregation of Duties
  • 2.11 CISA: Auditing IT Governance Structure and Implementation
  • 2.11.1 CISA: Reviewing Documentation
  • 2.11.2 CISA: Reviewing Contractual Commitments
• 2.12 CISA: Business Continuity Planning
  • 2.12.1 CISA: IT Business Continuity Planning
  • 2.12.2 CISA: Disasters and Other Disruptive Events
    • Pandemic Planning
    • Dealing With Damage to Image, Reputation or Brand
    • Unanticipated/Unforeseeable Events
  • 2.12.3 CISA: Business Continuity Planning Process
  • 2.12.4 CISA: Business Continuity Policy
  • 2.12.5 CISA: Business Continuity Planning Incident Management
  • 2.12.6 CISA: Business Impact Analysis
    • CISA: Classification of Operations and Criticality Analysis
  • 2.12.7 CISA: Development of Business Continuity Plans
  • 2.12.8 CISA: Other Issues in Plan Development
  • 2.12.9 CISA: Components of a Business Continuity Plan
    • CISA: Key Decision-making Personnel
    • CISA: Backup of Required Supplies
    • CISA: Insurance
  • 2.12.10 CISA: Plan Testing
    • CISA: Specifications
    • CISA: Test Execution
    • CISA: Documentation of Results
    • CISA: Results Analysis
    • CISA: Plan Maintenance
    • CISA: Business Continuity Management Good Practices
  • 2.12.11 CISA: Summary of Business Continuity
• 2.13 CISA: Auditing Business Continuity
  • 2.13.1 CISA: Reviewing the Business Continuity Plan
    • CISA: Review the Document
    • CISA: Review the Applications Covered by the Plan
    • CISA: Review the Business Continuity Teams
    • CISA: Plan Testing
  • 2.13.2 CISA: Evaluation of Prior Test Results
  • 2.13.3 CISA: Evaluation of Offsite Storage
  • 2.13.4 CISA: Interviewing Key Personnel
  • 2.13.5 CISA: Evaluation of Security at Offsite Facility
  • 2.13.6 CISA: Reviewing Alternative Processing Contract
  • 2.13.7 CISA: Reviewing Insurance Coverage

Related

• CISM Domain: 1-Information Security Governance