Join Michael Lester for an in-depth discussion in this video Testing, training, and maintenance, part of CISA Cert Prep: 2 Information Technology Governance and Management for IS Auditors.
- [Instructor] Testing and training and maintenance…of your business continuity plan.…Alright so let's talk about test objectives.…So we want to identify specific success criteria…and then test for those things.…Like was our response within an acceptable time frame?…Remember our MTDs, our maximum tolerable downtimes,…were we able to get up and running well within those MTDs?…Operations at the alternative locations adequate.…Were we able to get up and running…at the hotsite successfully…and was that processing sufficient to handle the load?…Were the backups successfully restored?…Did they actually restore when we went to restore them?…You know the old story of the guy who took…the backup tapes home on the train every night…and he left them on top of a magnet…that was running underneath an electrical train…and all of his tapes were blank by the time…he came to restore them.…
Well in this case, can you restore those tapes?…Are they actually restorable?…Were the emergency personnel and the service personnel,…your contractors, reached within an acceptable timeframe?…
Instructor Michael Lester starts out with a description of IT governance and the role of IT policies, processes, and standards, providing examples of many of the most common types. He reviews three key areas for auditing: risk management, business continuity, and disaster recovery planning. He also explains how an IT department and its auditing team should be organized. At each stage, he explains how the auditor would address these topics in a typical audit environment.
- IT governance
- Policies, processes, and standards
- Risk management
- IT organization
- Business continuity
- Disaster recovery