Join Michael Lester for an in-depth discussion in this video Recovery strategies and solutions, part of CISA Cert Prep: 2 Information Technology Governance and Management for IS Auditors.
- [Instructor] All right let's talk about…recovery strategies and solutions…without our business continuity planning.…So we want to come up with solutions for all of the following…and we're going to go through each one of these steps…in our video here.…First of all, let's talk about business process recovery.…Well step one is, outline all your business processes…and get them drawn out.…Now this typically mean Visio diagram style.…We're going to diagram this out.…We'll go to the whiteboard and write out…all the inputs and decision points an outputs…to a business process and full understand it.…
And we look at alternative ways…to get that same business process accomplished,…if any one particular thing is missing.…If a resource is missing…or if the entire business process were to go away.…What's an alternative process that we could put in place…to accomplish the same thing?…That's what we talk about when we talk about…business process recovery.…Then we're going to look at things like facility recovery.…And by the way, when we talk about information system…
Instructor Michael Lester starts out with a description of IT governance and the role of IT policies, processes, and standards, providing examples of many of the most common types. He reviews three key areas for auditing: risk management, business continuity, and disaster recovery planning. He also explains how an IT department and its auditing team should be organized. At each stage, he explains how the auditor would address these topics in a typical audit environment.
- IT governance
- Policies, processes, and standards
- Risk management
- IT organization
- Business continuity
- Disaster recovery