• Types of Controls

• Risk-Based Audit Planning

• Different Types of Audits and Assessments

 

Module 2: Execution

• Managing Audit Projects

• Sampling Techniques in Audits

• Methods for Collecting Audit Evidence

• Data Analytics in Auditing

• Reporting and Communication Strategies

• Ensuring Quality Assurance in Audits

 

Domain 2: Governance and Management of IT
Module 3: IT Governance and IT Strategy

• Overview of IT Governance and Strategy

• IT-Related Frameworks

• IT Standards, Policies, and Procedures

• Organizational Structures

• Enterprise Architecture and Risk Management

• Maturity Models and Industry Regulations

 

Module 4: IT Management

• Managing IT Resources

• Acquiring and Managing IT Service Providers

• Monitoring IT Performance and Reporting

• IT Quality Assurance and Management

 

Domain 3: Information Systems Acquisition and Development
Module 5: Information Systems Acquisition and Development

• Governance in IT Projects

• Feasibility Analysis and Business Cases

• System Development Methodologies

• Control Identification and Design

 

Module 6: Information Systems Implementation

• Testing Methodologies

• Configuration and Release Management

• System Migration and Infrastructure Deployment

• Post-Implementation Review

 

Domain 4: Information Systems Operations and Business Resilience
Module 7: Information Systems Operations

• Introduction to IS Operations

• Common Technology Components

• IT Asset Management

• Job Scheduling and Automation

• System Interfaces and End-User Computing

• Data Governance and Performance Management

• Change, Configuration, Release, and Patch Management

• IT Service Level Management

• Database Management

 

Module 8: Business Resilience

• Business Impact Analysis

• System Resiliency Strategies

• Data Backup, Storage, and Recovery

• Business Continuity and Disaster Recovery Plans

• Developing and Auditing Business Continuity Plans

• Incident Management in Business Continuity

 

Domain 5: Protection of Information Assets
Module 9: Information Asset Security Frameworks, Standards, and Guidelines

• Introduction to Security Frameworks and Standards

• Privacy Principles

• Physical and Environmental Security Controls

• Identity and Access Management Techniques

• Network, Endpoint Security, and Shadow IT

• Data Classification, Encryption, and PKI

• Security in Virtual, Mobile, and IoT Environments

 

Module 10: Security Event Management

• Security Awareness Programs

• Information System Attack Techniques

• Security Testing Tools

• Incident Response Management

• Evidence Collection and Forensics