defter*
defter / katalog / CTIS 474
CTIS 474

Information Systems Auditing

CTIS 474 teaches you to evaluate IT systems the way an external auditor would: not whether the code works, but whether the controls around it can be trusted by regulators, executives, and risk officers. You'll work through the ISACA CISA domains and standards like ISO 27001, NIST, and GDPR, then apply them in case studies where teams build audit plans, gather evidence, and write findings on real scenarios. It's a useful capstone-level elective if you're aiming for compliance, GRC, or security consulting roles, since it bridges the technical CTIS background with the governance vocabulary those jobs actually run on.

Credit3ECTS5BölümInformation Systems and TechnologiesPreCTIS 310

Değerlendirme 100% — 6 adım

18%
20%
18%
30%
10%
4%
Case study Case Study 1, Case Study 2 36%
Midterm Midterm 20%
Final Final 30%
Homework Homework 10%
In-class participation Performance 4%

Önerilen kaynaklar 2 kitap

📖
Önerilen
CISA® Review Manual
ISACA
28th Edition · ISACA
📖
Önerilen
CISA® : Certified Information Systems Auditor Study Guide
ISACA
4th Edition · ISACA

Haftalık müfredat 14 hafta

Hafta 1
Definitions of the Information Systems (IS) technologies and auditing process encompasses the standards, principles, methods, guidelines, practices and techniques based on the ISACA CISA domains and ISO 27001/27701 objectives. General roadmap of CTIS-474 course content and studies. Introduction to Information Systems Auditing, the auditor’s mindset, professional ethics, and the global standards and frameworks governing IS audits.
Hafta 2
Global IS Audit Standards, Frameworks and Certifications. Describe and discuss on IS Audit Global Standards and Frameworks; IS related Professional Certifications; ISACA Frameworks and Certifications; ISO Standards and Certifications; AICPA SOC 1-2-3 Reports; NIST, DORA, NIS2, CMMI, GDPR, Turkish Information and Communication Security (Audit) Guide, etc.
Hafta 3
IS Audit Planning and Execution. Planning: IS Audit Standards, Guidelines and Codes of Ethics, Business Processes, Types of Controls, Risk-Based Audit Planning, Types of Audits and Assessments. Execution: Audit Project Management, Sampling Methodology, Audit Evidence Collection Techniques, Data Analytics, AI/ML Effects on Audit, Reporting and Communication Techniques, Quality Assurance and Improvement of the Audit Process
Hafta 4
Audit on IT Governance: IT Governance and IT Strategy, IT-Related Frameworks, IT Standards, Policies, and Procedures, Organizational Structure, Enterprise Architecture, Enterprise Risk Management, Maturity Models Laws, Regulations, and Industry Standards Affecting the Organization. Audit on IT Management, IT Resource Management, IT Service Provider Acquisition and Management, IT Performance Monitoring and Reporting, Quality Assurance and Quality Management of IT.
Hafta 5
Audit on IT Management: IT Resource Management, IT Service Provider Acquisition and Management, IT Performance Monitoring and Reporting, Quality Assurance and Quality Management of IT
Hafta 6
Audit on Information Systems Acquisition and Development: Project Governance and Management, Business Case and Feasibility Analysis, System Development Methodologies, Control Identification and Design
Hafta 7
Audit on Information System Implementation: Testing Methodologies, Configuration and Release Management, System Migration, Infrastructure Deployment, and Data Conversion, Post-Implementation Review. Describe the key features of Computer Assisted Audit Techniques (CAAT). Review on the audit objectives of the CAATs and the use of CAATs in the performance of an IS Audit.
Hafta 8
--MIDTERM--
Hafta 9
CASE STUDY – 1: As a team of 3 participants, Examine the related IS auditing standards and guidelines; Preparing the audit checklists on the topics, frameworks and methodology previously discussed in class then apply techniques necessary to conduct an IS audit.
Hafta 10
Audit on Information Security: Security Awareness Training and Programs, Information System Attack Methods and Techniques, Vulnerability Analysis and Penetration Testing Methods, Security Testing Tools and Techniques, Security Monitoring Tools and Techniques, Incident Response Management, Evidence Collection and Forensics
Hafta 11
Audit on Information Asset Security and Control: Privacy Principles, Physical Access and Environmental Controls, Identity and Access Management, Network and End-point Security, Data Classification, Data Encryption and Encryption-related Techniques, Public Key Infrastructure (PKI), Web-based Communication Technologies, Virtualized Environments, Mobile, Wireless, and Internet-of-Things (IOT) Devices
Hafta 12
Audit on Information System Operations. Computer Hardware Components and Architectures, IT Asset Management, System Interfaces, Systems Performance Management, Problem and Incident Management, Change, Configuration, Release, and Patch Management, IT Service Level Management. Evaluating the opportunities and risks created by disruptive technologies (AI, ML, BigData, etc.) for IS auditing.
Hafta 13
Audit on Information Security and Privacy: Privacy Principles and Practices, Security Awareness Training and Programs, Information System Attack Methods and Techniques, Vulnerability Analysis and Penetration Testing Methods, Security Testing Tools and Techniques, Security Monitoring Tools and Techniques, Incident Response Management, Evidence Collection and Forensics
Hafta 14
Audit on Business Resilience: Business Impact Analysis (BIA), System Resiliency, Data Backup, Storage, and Restoration, Business Continuity Plan (BCP), Disaster Recovery Plans (DRPs) Week 15: CASE STUDY – 2: : As a team of 3 participants, Plan and conduct information systems audits on the specific scenarios related to different organizational structures, technological infrastructures and business sectors given by instructor based on topics previously discussed in class.

🤖 GenAI politikası

Students are advised to consult their instructors regarding the use of Generative AI tools and their appropriateness in each course. Responsible use of GenAI is encouraged in accordance with Bilkent University's GenAI Guidelines. Link: https://w3.bilkent.edu.tr/bilkent/generative-artificial-intelligence-genai-guideline/

Ders notları — henüz yok

CTIS 474 için defter ekibi henüz not yazmadı.

İlk dosyayı sen atarsan — not, slayt, geçmiş sınav, çözüm, cheat-sheet, ne varsa — defter ekibi öğrenci paylaşımlarından bu dersin notlarını yazar. Drive linki / PDF / ZIP, hepsi olur.

← katalog

Geçmiş GPA dağılımı 7 dönem · ort. 2.64

DönemCourse CPA
2024-2025 Spring 2.42 1 sec · 26 öğr
2023-2024 Spring 2.66 1 sec · 24 öğr
2022-2023 Fall 2.76 1 sec · 20 öğr
2022-2023 Spring 2.79 1 sec · 26 öğr
2021-2022 Spring 2.67 1 sec · 23 öğr
2020-2021 Fall 2.28 1 sec · 28 öğr
2020-2021 Spring 2.91 1 sec · 17 öğr

Aggregate course GPA — Bilkent STARS'tan public data. Hoca-bazlı per-section detayı için STARS evaluation report →. Öğrenci anket cevapları KVKK kapsamında defter'de tutulmaz.

⚠️ FZ engelleyen şartlar

20 out of 70 points from the midterm, homework, participation and the case studies. Do not miss more than 20 hours of lecture without excuse.

Hocalar 1 bu dönem · 0 geçmiş

Bu dönem (2025-2026 Spring) · 1 section
Volkan Evrin