Chapter 1, Audit Planning, deals with the audit processes, standards, guidelines, practices, and techniques that an IS auditor is expected to use during audit assignments. An IS auditor must have a detailed knowledge of IS processes, business processes, and risk management processes in order to protect an organization's assets.
Chapter 2, Audit Execution, covers project management techniques, sampling methodology, and audit evidence collection techniques. It provides details regarding data analysis techniques, reporting and communication techniques, and quality assurance processes.
Chapter 3, IT Governance, provides an introduction to IT governance and aspects related to IT enterprise governance. Enterprise governance includes the active involvement of management in IT management. Effective IT governance and management involves an organization's structure as well as IT standards, policies, and procedures.
Chapter 4, IT Management, walks you through various aspects of designing and approving IT management policy and effective information security governance. It will also teach you to audit and evaluate IT resource management, along with services provided by third-party service providers, while also covering IT performance monitoring and reporting.
Chapter 5, Information Systems Acquisition and Development, provides information about project governance and management techniques. This chapter discusses how an organization evaluates, develops, implements, maintains, and disposes of its information systems and related components.
Chapter 6, Information Systems Implementation, covers various aspects of information systems implementation. The implementation process comprises a variety of stages, including system migration, infrastructure deployment, data conversion or migration, user training, post-implementation review, and user acceptance testing.
Chapter 7, Information Systems Operations, explains how to identify risk related to technology components and how to audit and evaluate IT service management practices, systems performance management, problem and incident management policies and practices, change, configuration, release and patch management processes, and database management processes.
Chapter 8, Business Resilience, covers all aspects of the business impact analysis, system resiliency, data backup, storage and restoration, the business continuity plan, and disaster recovery plans.
Chapter 9, Information Asset Security and Control, provides information about the information security management framework, privacy principles, physical access and environmental controls, and identity and access management.
Chapter 10, Network Security and Control, provides an introduction to various components of networks, network-related risks and controls, types of firewalls, and wireless security.
Chapter 11, Public Key Cryptography and Other Emerging Technologies, details various aspects of public key cryptography, cloud computing, virtualization, mobile computing, and the Internet of Things.
Chapter 12, Security Event Management, looks in depth at how to evaluate an organization's information security and privacy policies and practices. It also discusses various types of information system attack methods and techniques, and covers different security monitoring tools and techniques as well as evidence collection and forensics methodology.
