Domain 1 - Information System Auditing Process

Topics:

• IS Audit Standards, Guidelines, Functions, and Codes of Ethics
• Types of Audits, Assessments, and Reviews
• Risk-based Audit Planning
• Types of Controls and Considerations
• Audit Project Management
• Audit Testing and Sampling Methodology
• Audit Evidence Collection Techniques
• Audit Data Analytics
• Reporting and Communication Techniques
• Quality Assurance and Improvement of Audit Process

Domain 2 ¤ Governance and Management of IT

Topics

• Laws, Regulations, and Industry Standards
• Organizational Structure, IT Governance, and IT Strategy
• IT Policies, Standards, Procedures, and Guidelines
• Enterprise Architecture and Considerations
• Enterprise Risk Management (ERM)
• Privacy Program and Principles
• Data Governance and Classification
• IT Resource Management
• IT Vendor Management
• IT Performance Monitoring and Reporting
• Quality Assurance and Quality Management of IT

Domain 3 ¤ Information Systems Acquisition, Development, and Implementation

Topics:

• Project Governance and Management
• Business Case and Feasibility Analysis
• System Development Methodologies
• Control Identification and Design
• System Readiness and Implementation Testing
• Implementation Configuration and Release Management
• System Migration, Infrastructure Deployment, and Data Conversion
• Postimplementation Review

Domain 4 ¤ Information Systems Operations and Business Resilience

Topics:

• IT Components
• IT Asset Management
• Job Scheduling and Production Process Automation
• System Interfaces ‹ End-user Computing and Shadow IT
• Systems Availability and Capacity Management
• Problem and Incident Management
• IT Change, Configuration, and Patch Management
• Operational Log Management
• IT Service Level Management
• Database Management
• Business Impact Analysis
• System and Operational Resilience
• Data Backup, Storage, and Restoration
• Business Continuity Plan
• Disaster Recovery Plans

Domain 5 ¤ Protection of Information Assets

Topics:

• Information Asset Security Policies, Frameworks, Standards, and Guidelines
• Physical and Environmental Controls
• Identity and Access Management
• Network and End-Point Security
• Data Loss Prevention
• Data Encryption
• Public Key Infrastructure (PKI)
• Cloud and Virtualized Environments
• Mobile, Wireless, and Internet-of-Things Devices
• Security Awareness Training and Programs
• Information System Attack Methods and Techniques
• Security Testing Tools and Techniques
• Security Monitoring Logs, Tools, and Techniques
• Security Incident Response Management ‹ Evidence Collection and Forensics