Hafta 1
Definitions of the Information Systems (IS) technologies and auditing process encompasses the standards, principles, methods, guidelines, practices and techniques based on the ISACA CISA domains and ISO 27001/27701 objectives. General roadmap of CTIS-474 course content and studies. Introduction to Information Systems Auditing, the auditor’s mindset, professional ethics, and the global standards and frameworks governing IS audits.
Hafta 2
Global IS Audit Standards, Frameworks and Certifications. Describe and discuss on IS Audit Global Standards and Frameworks; IS related Professional Certifications; ISACA Frameworks and Certifications; ISO Standards and Certifications; AICPA SOC 1-2-3 Reports; NIST, DORA, NIS2, CMMI, GDPR, Turkish Information and Communication Security (Audit) Guide, etc.
Hafta 3
IS Audit Planning and Execution. Planning: IS Audit Standards, Guidelines and Codes of Ethics, Business Processes, Types of Controls, Risk-Based Audit Planning, Types of Audits and Assessments. Execution: Audit Project Management, Sampling Methodology, Audit Evidence Collection Techniques, Data Analytics, AI/ML Effects on Audit, Reporting and Communication Techniques, Quality Assurance and Improvement of the Audit Process
Hafta 4
Audit on IT Governance: IT Governance and IT Strategy, IT-Related Frameworks, IT Standards, Policies, and Procedures, Organizational Structure, Enterprise Architecture, Enterprise Risk Management, Maturity Models Laws, Regulations, and Industry Standards Affecting the Organization. Audit on IT Management, IT Resource Management, IT Service Provider Acquisition and Management, IT Performance Monitoring and Reporting, Quality Assurance and Quality Management of IT.
Hafta 5
Audit on IT Management: IT Resource Management, IT Service Provider Acquisition and Management, IT Performance Monitoring and Reporting, Quality Assurance and Quality Management of IT
Hafta 6
Audit on Information Systems Acquisition and Development: Project Governance and Management, Business Case and Feasibility Analysis, System Development Methodologies, Control Identification and Design
Hafta 7
Audit on Information System Implementation: Testing Methodologies, Configuration and Release Management, System Migration, Infrastructure Deployment, and Data Conversion, Post-Implementation Review. Describe the key features of Computer Assisted Audit Techniques (CAAT). Review on the audit objectives of the CAATs and the use of CAATs in the performance of an IS Audit.
Hafta 9
CASE STUDY – 1: As a team of 3 participants, Examine the related IS auditing standards and guidelines; Preparing the audit checklists on the topics, frameworks and methodology previously discussed in class then apply techniques necessary to conduct an IS audit.
Hafta 10
Audit on Information Security: Security Awareness Training and Programs, Information System Attack Methods and Techniques, Vulnerability Analysis and Penetration Testing Methods, Security Testing Tools and Techniques, Security Monitoring Tools and Techniques, Incident Response Management, Evidence Collection and Forensics
Hafta 11
Audit on Information Asset Security and Control: Privacy Principles, Physical Access and Environmental Controls, Identity and Access Management, Network and End-point Security, Data Classification, Data Encryption and Encryption-related Techniques, Public Key Infrastructure (PKI), Web-based Communication Technologies, Virtualized Environments, Mobile, Wireless, and Internet-of-Things (IOT) Devices
Hafta 12
Audit on Information System Operations. Computer Hardware Components and Architectures, IT Asset Management, System Interfaces, Systems Performance Management, Problem and Incident Management, Change, Configuration, Release, and Patch Management, IT Service Level Management. Evaluating the opportunities and risks created by disruptive technologies (AI, ML, BigData, etc.) for IS auditing.
Hafta 13
Audit on Information Security and Privacy: Privacy Principles and Practices, Security Awareness Training and Programs, Information System Attack Methods and Techniques, Vulnerability Analysis and Penetration Testing Methods, Security Testing Tools and Techniques, Security Monitoring Tools and Techniques, Incident Response Management, Evidence Collection and Forensics
Hafta 14
Audit on Business Resilience: Business Impact Analysis (BIA), System Resiliency, Data Backup, Storage, and Restoration, Business Continuity Plan (BCP), Disaster Recovery Plans (DRPs) Week 15: CASE STUDY – 2: : As a team of 3 participants, Plan and conduct information systems audits on the specific scenarios related to different organizational structures, technological infrastructures and business sectors given by instructor based on topics previously discussed in class.