Certified Information Systems Auditor CISA, Part 3 of 5: Acquisition and Implementation
with expert Kenneth Mayer
Course description
The focus of this course is on information systems acquisition, development and implementation. You as the CISA candidate provide assurance for the acquisition of information systems. Some of these tasks include: evaluate business cases, project management practices and controls, conducting reviews to determine project progression, evaluate controls for information services during all phases, evaluate readiness for implementation and migration and conduct post implementation reviews. This course is part of a series covering the ISACA Certified Information Systems Auditor (CISA).
Prerequisites
This is part 3 of the series
Learning Paths
This course will help you prepare for the following certification and exam:
Certified Information Systems Auditor
Meet the expert
As a certified Microsoft Instructor, Ken has focused his career on various security aspects of computer and network technology since the early 1980s. He has offered a wide variety of IT training and high level consulting projects for Fortune 500 companies globally. Through the course of his extensive career, he has taught a full line of Microsoft, CompTIA, Cisco, and other high level IT Security curricula.
Course outline
Business Application Development
Buisness Realization (09:25)
- Introduction (01:33)
- Portfolio/Program Management (01:42)
- Program Management Objectives (00:43)
- Program Organization (00:38)
- Project Portfolio (00:58)
- Business Case Development and Approval (01:12)
- Business Case Development and Approval Continued (00:52)
- Benefits Realization Techniques (01:36)
- Summary (00:08)
Project Management Structure (08:35)
- Introduction (00:40)
- Project Context and Organizational Forms (00:48)
- Influece Project Organization (00:50)
- Project Communication and Culture (01:28)
- Project Objectives (01:16)
- WBS and Work Packages (00:47)
- Audit Function (00:49)
- Roles and Responsibilities (01:45)
- Summary (00:08)
Project Management Practices (18:24)
- Introduction (00:47)
- Project Charter (00:20)
- Project Planning (02:00)
- Example of Project Management for New Software (01:44)
- Software Size Estimation (01:08)
- Lines of Source Code (00:40)
- Function Point Analysis (00:37)
- Function Points (00:51)
- Cost Budgets (00:58)
- Software Cost Estimation and Scheduling (02:46)
- Gantt Charts (01:36)
- Time Box Management (00:51)
- General Project Management (00:19)
- Project Controlling (01:03)
- Management of Resource Usage (00:38)
- Inherent Project Risks (00:35)
- Management of Risk and Closing (01:16)
- Summary (00:08)
Business Application Development (42:40)
- Introduction (00:42)
- Business Application Development (01:26)
- Reduce Project Risk (02:14)
- Reduce Project Risk Continued (00:50)
- Traditional SDLC Approach (00:56)
- SDLC Phases (01:35)
- ERP Solutions (01:08)
- Description of SDLC Phases (02:24)
- Description of SDLC Phases Continued (01:45)
- Contents of an RFP (01:52)
- Designing an RFP (01:16)
- Choosing Vendors (00:45)
- Design Phase (01:08)
- Key Design Phase Activities (01:55)
- Auditor Involvement in Design Phase (00:51)
- Development Phase (01:10)
- Development Phase Documentation (02:57)
- Development Phase Continued (01:07)
- Debugging (01:41)
- Testing (01:17)
- IT Approaches to Testing (01:01)
- Final Testing (00:51)
- Certification and Accreditation (00:11)
- Other Types of Testing (01:41)
- Implementation Phase (03:04)
- Implementation Transition Phase (01:08)
- Establish Support Functions (01:44)
- Implementation Phase Continued (01:38)
- Risk Associated with Software Development (02:03)
- Summary (00:08)
Business Application Systems
Business Applications Systems (38:09)
- Introduction (00:14)
- Electronic Commerce (01:40)
- E-Commerce Architectures (01:47)
- E-Commerce Requirements (01:20)
- Components of PKI (02:19)
- Electronic Data Interchange (00:51)
- General Requirements of EDI (02:03)
- Web-Based EDI (01:46)
- Controls in EDI Environment (02:46)
- E-Mail (02:31)
- Security Standards for E-Mail (00:39)
- Standards for E-Mail Security Continued (00:55)
- Symmetric and Asymmetric Encryption (01:28)
- Point-of-Sale Systems and Electronic Banking (03:30)
- Ongoing Risk Assessment (01:46)
- Legal and Reputational Risk Management (01:01)
- Payment Systems and Electronic Checks Model (01:06)
- Electronic Transfer Model (01:22)
- EFT Security (00:48)
- Automated Teller Machines (01:42)
- Image Processing (01:10)
- Imaging System Controls (01:14)
- Business Intelligence (01:44)
- DSS Frameworks (00:29)
- CRM and SCM (00:26)
- Supply Chain Management (01:11)
- Summary (00:08)
Alternative Forms of Software Project Organization (03:55)
- Introduction (00:28)
- Alternative Development Methods (01:13)
- Agile Development (00:28)
- Prototyping (00:36)
- Rapid Application Development (01:00)
- Summary (00:08)
Data-Oriented System Development (10:58)
- Introduction (00:49)
- Data- and Object-Oriented System Development (02:11)
- Object Creation (02:13)
- Component-Based Development (02:29)
- Web-Based Application Development (01:35)
- Software Reengineering (01:31)
- Summary (00:08)
System Development and Controls
Infrastructure Acquistion Practices (09:19)
- Introduction (00:31)
- Infrastructure Development and Acquisition (01:38)
- Review Existing Architecture (01:20)
- Project Phases of Physical Architecture Analysis (00:26)
- Planning Implementation (00:28)
- Planning Implementation Continued (00:49)
- Hardware Acquisition (00:52)
- Acquisition Steps (01:51)
- System Software Acquisition and Implementation (00:41)
- Change Control (00:29)
- Summary (00:08)
Information Systems Maintenance Practices (10:04)
- Introduction (00:56)
- Change Authorization Methodology (00:38)
- Deploying Changes (01:04)
- Documentation (00:50)
- Testing and Auditing Changed Programs (01:17)
- Emergency Changes (02:28)
- Change Exposures (01:09)
- Configuration Management (01:31)
- Summary (00:08)
System Development Tools and Productivity (05:40)
- Introduction (00:34)
- Code Generator (00:17)
- Computer Aided Software Engineering (02:14)
- Fourth-Generation Languages (01:05)
- Fourth-Generation Languages Continued (01:20)
- Summary (00:08)
Process Reengineering (08:04)
- Introduction (01:05)
- Business Process Reengineering (00:49)
- Impact of Reengineering (00:35)
- Benchmarking Process (01:26)
- ISO 9126 (00:46)
- Software Capability Maturity Model (02:31)
- ISO 15504 (00:41)
- Summary (00:08)
Application Controls (07:42)
- Introduction (00:41)
- Input Controls (02:13)
- Control Techniques (00:41)
- Processing Procedures and Controls (01:10)
- Processing Controls (00:35)
- Data File Control Procedures (00:38)
- Output Controls (00:11)
- Ouput Controls Continued (00:34)
- Business Process Control Assurance (00:48)
- Summary (00:08)
Auditing Application Controls (12:48)
- Introduction (00:32)
- Auditing Application Controls (00:46)
- Risk Assessment Model (01:01)
- Observing and Testing User Performing Procedures (00:49)
- Data Integrity (00:49)
- Example of Referential and Relational Integrity (04:25)
- Data Integrity in Online Systems (02:07)
- Testing Application Control Effectiveness (00:49)
- Online Auditing Techniques (01:17)
- Summary (00:08)
Auditing Systems Dev Acquisition and Maintenance (07:33)
- Introduction (01:10)
- Project Management (00:40)
- Feasibility Study and Requirements Definition (01:15)
- Software Acquisition Process (00:39)
- Detailed Design and Development (00:51)
- Testing (00:42)
- Implementation Phase (01:29)
- System Change Procedures (00:37)
- Summary (00:08)