Join Michael Lester for an in-depth discussion in this video Collect information: Part 2, part of CISA Cert Prep: 2 Information Technology Governance and Management for IS Auditors.
- [Instructor] Now when we talk about quantitative analysis,…now we're talking about dollar signs.…And one of the most important numbers that we consider…when we talk about quantitative analysis…is the ALE, the annualized loss expectancy.…That's how much we expect to lose, per year,…if we let the bad thing happen.…Let's say we let the hurricane hit us,…or the hacker attack us, or the fire occur.…That's what we're expecting.…Now in order to come up with this ALE,…we first start with the asset's value.…Now remember all those things a couple of slides ago,…we talked about went into calculating the asset's value.…
How much did it cost to acquire.…How much did it cost to replace.…How much are our adversaries willing to pay for it.…What laws might be in place to govern it,…or what liability constraints we may have around it.…All of those things go into calculating its value.…That's going to be a dollar amount.…Now we multiply that by something called…the exposure factor, the EF.…The exposure factor is the percentage of loss…
Instructor Michael Lester starts out with a description of IT governance and the role of IT policies, processes, and standards, providing examples of many of the most common types. He reviews three key areas for auditing: risk management, business continuity, and disaster recovery planning. He also explains how an IT department and its auditing team should be organized. At each stage, he explains how the auditor would address these topics in a typical audit environment.
- IT governance
- Policies, processes, and standards
- Risk management
- IT organization
- Business continuity
- Disaster recovery