Content
Areas
1. Management,
Planning, and Organization of IS (11%)
Evaluate the strategy, policies, standards,
procedures and related practices for the
management, planning, and organization of
IS.
2. Technical Infrastructure
and Operational Practices (13%)
Evaluate the effectiveness and efficiency
of the organization's implementation and
ongoing management of technical and operational
infrastructure to ensure that they adequately
support the organization's business objectives.
3. Protection
of Information Assets (25%)
Evaluate the logical, environmental, and
IT infrastructure security to ensure that
it satisfies the organization's business
requirements for safeguarding information
assets against unauthorized use, disclosure,
modification, damage, or loss.
4. Disaster Recovery
and Business Continuity (10%)
Evaluate the process for developing and
maintaining documented, communicated, and
tested plans for continuity of business
operations and IS processing in the event
of a disruption.
5. Business Application
System Development, Acquisition, Implementation,
and Maintenance (16%)
Evaluate the methodology and processes by
which the business application system development,
acquisition, implementation, and maintenance
are undertaken to ensure that they meet
the organization's business objectives.
6.
Business Process Evaluation and Risk Management
(15%)
Evaluate business systems
and processes to ensure that risks are managed
in accordance with the organization's business
objectives.
7. The IS Audit
Process (10%)
Conduct IS audits in accordance with generally
accepted IS audit standards and guidelines
to ensure that the organization's information
technology and business systems are adequately
controlled, monitored, and assessed.
|