Join Michael Lester for an in-depth discussion in this video Collect information: Part 1, part of CISA Cert Prep: 2 Information Technology Governance and Management for IS Auditors.
- All right, now, let's get into the second phase…of our risk management process, the collection phase.…So, in a collection phase, we're dealing with…pulling information from all the different sources.…We might be doing surveys.…We might walk around with a clipboard,…and actually do some interviewing of people.…We will be doing that.…You might look at some vulnerability test results.…You might look at some penetration test results.…And pull that out, and analyze it,…and try and collect the information…to make some sense of it all.…So, here we are in the second phase…of our risk management process.…We did the planning.…
We scoped it.…We figured out what assets were involved.…We set the team up, et cetera, et cetera.…And now, we're going to do the actual grunt work,…in this second box here of collecting the information.…All right, so, the first step in our collection phase…is to identify which assets we are dealing with.…Now, we've already, in our scope, back in the…planning phase, figured out which are going to…
Michael Lester
Human Element LLC
Released
1/30/2018Instructor Michael Lester starts out with a description of IT governance and the role of IT policies, processes, and standards, providing examples of many of the most common types. He reviews three key areas for auditing: risk management, business continuity, and disaster recovery planning. He also explains how an IT department and its auditing team should be organized. At each stage, he explains how the auditor would address these topics in a typical audit environment.
- IT governance
- Policies, processes, and standards
- Risk management
- IT organization
- Business continuity
- Disaster recovery
Skill Level Intermediate
Duration
Views
-
Introduction
-
Welcome1m
-
What you should know1m 46s
-
-
1. Governance
-
IT governance8m 16s
-
-
2. Policies, Processes, and Standards
-
Policies8m 58s
-
-
3. Risk Management
-
Risk management process3m 19s
-
Planning3m 45s
-
Collect information: Part 15m 59s
-
Collect information: Part 212m 10s
-
Dealing with risk2m 55s
-
Auditing risk management3m 33s
-
-
4. IT Management, Structure, and Responsibilities
-
IT organization7m 17s
-
Audting management structure1m 25s
-
-
5. Business Continuity and Disaster Recovery
-
Introduction3m 25s
-
BCP step-by-step6m 59s
-
Business impact analysis8m 20s
-
-
Conclusion
-
Next steps33s
-
Take notes with your new membership!
Type in the entry box, then click Enter to save your note.
Press on any video thumbnail to jump immediately to the timecode shown.
Notes are saved with you account but can also be exported as plain text, MS Word, PDF, Google Doc, or Evernote.
Share this video
Embed this video
Video: Collect information: Part 1