IT Audit Boot Camp

1.1 IS Auditing Standards and Guidelines and Code of Professional Ethics 

1.2 IS auditing practices and techniques 

1.3 Techniques to gather information and preserve evidence 

1.4 Control objectives and controls related to IS 

1.5 Types of risk: IS, business, and audit risk 

1.6 How to determine an organization’s use of system platforms, IT   infrastructure and applications 

1.7 Risk-analysis methods, principles, and criteria 

1.8 Audit planning and management techniques 

1.9 How to communicate the audit results 

1.10 Personnel-management techniques

2.1 IT governance, risk management, and control frameworks 

2.2 Components of IS strategies, policies, standards, and procedures 

2.3 Processes for the development, deployment, and maintenance of IS   strategies, policies, standards, and procedures 

2.4 IS project-management strategies and policies 

2.5 IS problem and change-management strategies and policies 

2.6 IS quality-management strategies and policies 

2.7 IS information security-management strategies and policies 

2.8 IS business continuity–management strategies and policies 

2.9 Contracting strategies, processes, and contract-management  practices 

2.10 Roles and responsibilities of IS functions (for example: segregation of duties) 

2.11 Principles of IS organizational structure and design 

2.12 IS management practices, key performance indicators, and performance measurement techniques 

2.13 Relevant legislative and regulatory issues (for example: privacy and intellectual property) 

2.14 Generally accepted international IS standards and guidelines

3.1 Risks and controls related to hardware platforms, system software and utilities, network infrastructure, and IS operational practices 

3.2 Systems performance and monitoring processes, tools, and   techniques (for example: network analyzers, system error messages,   system utilization reports, load balancing) 

3.3 The process of IT infrastructure acquisition, development,   implementation, and maintenance 

3.4 Change control and configuration-management principles for   hardware and system software 

3.5 Practices related to the management of technical and operational   infrastructure (for example: problem-management/resource-management   procedures, help desk, scheduling, service-level agreements) 

3.6 Functionality of systems software and utilities (for example:   database-management systems, security packages) 

3.7 Functionality of network components (for example: firewalls,   routers, proxy servers, modems, terminal concentrators, hubs,   switches) 

3.8 Network architecture (for example: network protocols, remote   computing, network topologies, Internet, intranet, extranet,  client/server) 

3.9 Cloud computing (for example: types, risks and measures)   

4.1 The processes of design, implementation, and monitoring of   security (gap analysis baseline, tool selection) 

4.2 Encryption techniques (DES, RSA) 

4.3 Public key infrastructure (PKI) components (certification   authorities, registration authorities) 

4.4 Digital signature techniques 

4.5 Physical security practices 

4.6 Techniques to identify, authenticate, and restrict users to authorized functions and data (dynamic passwords, challenge/response,  menus, profiles) 

4.7 Security software (single sign-on, intrusion-detection systems [IDS], automated permission, network address translation) 

4.8 Security testing and assessment tools (penetration testing, vulnerability scanning) 

4.9 Network and Internet security (SSL, SET, VPN, tunneling) 

4.10 Voice communications security 

4.11 Attack/fraud methods and techniques (hacking, spoofing, Trojan horses, denial of service, spamming) 

4.12 Sources of information regarding threats, standards, evaluation   criteria, and practices in regard to information security 

4.13 Security monitoring, detection, and escalation processes and   techniques (audit trails, intrusion detection, computer emergency  response team) 

4.14 Viruses and detection 

4.15 Environmental protection practices and devices (fire suppression,   cooling systems)   

5.1 Crisis management and business impact analysis techniques 

5.2 Disaster recovery and business continuity planning and processes 

5.3 Backup and storage methods and practices 

5.4 Disaster recovery and business continuity testing approaches and   methods 

5.5 Insurance in relation to business continuity and disaster recovery 

5.6 Human resource issues (such as evacuation planning and response   teams)   

6.1 System-development methodologies and tools (prototyping, RAD,   SDLC, object-oriented design techniques) 

6.2 Documentation and charting methods 

6.3 Application implementation practices (piloting, parallel run) 

6.4 Software quality-assurance methods 

6.5 Application architecture (client/server applications,   object-oriented design, data warehousing, web-based applications,   interfaces) 

6.6 Testing principles, methods, and practices 

6.7 Project-management principles, methods, and practices (PERT, CPM,   estimation techniques) 

6.8 Application system-acquisition processes (evaluation of vendors,   preparation of contracts, vendor management, escrow) 

6.9 Application-maintenance principles (versioning, packaging, change   request) 

6.10 System migration and data-conversion tools, techniques, and   procedures 

6.11 Application change-control and emergency change-management   procedures 

6.12 Post-implementation review techniques    

7.1 Methods and approaches for designing and improving business   procedures (e-business, B2B, BPR) 

7.2 Business process controls (management, automated, and manual   controls) 

7.3 Business performance indicators (balanced scorecard, key   performance indicators (KPI)) 

7.4 Business project organization, management, and control practices 

7.5 Project progress monitoring and reporting mechanisms 

7.6 Project success criteria and pitfalls 

7.7 Corporate governance risk and control frameworks   

8.1 IS planning, calculations and budgeting (capex, opeх) 

8.2 Proper IS sizing and purchasing 

8.3 IS Total Cost of Ownership (TCO) calculation 

8.4 Software license compliance