CISA Domain: Governance and Management of IT - Part 2

Target Audience
Expected Duration
Lesson Objectives
Course Number

Information Security Management Practices should adhere to the business goals of an organization, aligning to the objectives that management set down for company improvement. This course examines different types of management practices such as human resource management, sourcing management, change management, financial management, and quality management. This course also looks at how segregation of duties is used to better control information security. Finally, this course examines business continuity and impact analysis and how it can be used as part of information security management practices. The Certified Information Systems Auditor (CISA) certification is known world-wide as the standard of achievement for those who assess, audit, control, and monitor an organization’s information systems. CISA has been given ISO/IEC 17024:2003 certification by The American National Standards Institute (ANSI). This course will help to prepare learners for the CISA examination and follows the 2014 ISACA Candidate Information Guide.

Target Audience
Information Systems professionals with an interest in information systems audit, control and security. A minimum of five years of professional information systems auditing, control or security work experience is required for certification.

Expected Duration (hours)

Lesson Objectives

CISA Domain: Governance and Management of IT - Part 2

  • recognize human resource management practices and how they relate to the IS function
  • match IS management approaches with their related features
  • recognize how to optimize IT performance
  • recognize various outsourcing practices and strategies
  • specify how governance relates to outsourcing
  • describe how to manage third-party service delivery
  • describe IS roles and responsibilities
  • recognize how segregation of duties in IS can prevent fraudulent or malicious acts
  • match segregation of duties controls and compensating controls to their correct descriptions
  • recognize IS management practices
  • recognize IS sourcing practices
  • recognize IS organizational structure and responsibilities
  • interpret IT governance documentation and contractual agreements before auditing the IS function
  • compare business continuity planning and IS business continuity planning
  • recognize the business continuity planning process and policy
  • recognize how to implement business continuity planning incident management
  • identify what happens in the business impact analysis phase
  • identify the factors to consider while developing the business continuity plan
  • recognize the key components of a business continuity plan
  • match the plan testing phases with their correct description
  • recognize how to review the business continuity plan as part of the IS audit
  • describe other tasks related to auditing business continuity
  • review IT governance documentation and describe business continuity planning
  • recognize how business impact analysis contributes to the development of a business continuity plan
  • recognize how to test and audit business continuity
  • Course Number: