02_GEIT
Auditing Business Continuity
Reviewing the Business continuity plan
Reviewing the alternative processing contract
Evaluation of prior test results
Evaluation of offsite storage
Interviewing key personnel
Evaluation of security at offsite facility
Reviewing Insurance coverage
Business Continuity Planning
IT BCP
Disasters & other disruptive events
Busi.conti.
planning
process
BC policy
Risk assessment & analysis
BIA
BC strategy development
Str.execution (Risk countermeasures)
BC plan development
BC awareness training
BC plan testing
BC Plan-monitoring,
maintenance & updation
BC planning incident mgt.
Negligible incidents
Minor incidents
Major incidents
Crisis
Busi.Impact analysis
Auditing IT Governance Structure & Implementation
Reviewing documentation
Reviewing
contractual commitment
Info. Tech. Mgt. Practices
Human resource management
Hiring
Employee handbook
Promotion policies
Training
Scheduling & time reporting
Employee performance evaluations
Required vacations
Termination policies
Sourcing practices
Outsourcing practices
Industry standards/benchmarking
Globalization practices & strategies
Cloud computing
Outsourcing & 3rd party audit reports
Financial management practices
IS budgets
Software development
Quality management
Info.security mgt.
Performance optimisation
PDCA
Six sigma & lean sigma
IT BSC
KPI
Benchmarking
BPR
Root cause analysis
Life cycle cost-benefit analysis
Organisational change management
Roles & responsibilities
SoD within IT
SoD controls
Transaction authorisation
Custody of assets
Access to data
Compensating controls
Audit trails
Reconciliation
Exception reporting
Transaction logs
Supervisory reviews
Independent reviews
Risk management
Developing a risk mgt.program
Risk mgt.process
Asset identification
Evaluation of threats & vulnerabilities to assets
Evaluation of impact
Calculation of risk
Evaluation of & response to risk
Risk analysis methods
Qualitative analysis
Words or descriptive
Semi-quantitiative analysis
Descriptive ranking associated with numeric scale
Quantitative analysis
Numeric values
Corporate
Governance
Definition
Governance of Enterprise IT
Broad processes
IT resource management
Performance management
Compliance management
Good practices for GEIT
Mgt.frameworks
COBIT5
ISO/IEC 27001
Standards
ITIL
IT-Grundschutz catalogs
ISM3-Info.security Mgt.maturity model
ISO/IEC 38500:2008
Cor.gov. of info.technology
ISO/IEC 20000-Specification for service mgt.
IT Governing
Committees
IT Balanced Scorecard
Perspectives
1
Mission
Strategies
Measures
Sources
2
Future orientation
Operational excellence
User orientation
Business contribution
Info.security governance
Board of directors / senior mgt.
Senior mgt.
Info.security standards committee
Chief information security officer
Enterprise Architecture
Informations Systems Strategy
Strategic planning
IT Steering committee
Maturity & Process Improvement Models
COBIT Process Assessment Model (PAM)
IDEAL model
Initiating
Diagnosing
Establishing
Acting
Learning
IT investment & allocation practices
Policies &
procedures
Policies
Info.security policy
Document
Procedures
IT Strategu committee
IT steering committee
FEA (Federal Ent.Archi.)
(USA)
Performance reference model
Business reference model
Service component reference model
Technical reference model
Data reference model