Scribd Logo
Upload

Welcome to Scribd!

  • CISA Task Statements

    Uploaded by

    hans_106
    146 views3 pages
    CISA Task Statements

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    CISA Task Statements

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    146 views3 pages

    CISA Task Statements

    Uploaded by

    hans_106
    CISA Task Statements

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 3

    CISATaskStatements

    Domain1TheProcessofAuditingInformationSystems(21%)

    ProvideauditservicesinaccordancewithISauditstandardstoassisttheorganizationinprotectingand
    controllinginformationsystems.

    TaskStatements:
    T1.1 ExecuteariskbasedISauditstrategyincompliancewithISauditstandardstoensurethatkeyriskareas
    areaudited.
    T1.2 Planspecificauditstodeterminewhetherinformationsystemsareprotected,controlledandprovide
    valuetotheorganization.
    T1.3 ConductauditsinaccordancewithISauditstandardstoachieveplannedauditobjectives.
    T1.4 Communicateauditresultsandmakerecommendationstokeystakeholdersthroughmeetingsandaudit
    reportstopromotechangewhennecessary.
    T1.5 Conductauditfollowupstodeterminewhetherappropriateactionshavebeentakenbymanagementin
    atimelymanner.

    Domain2GovernanceandManagementofIT(16%)

    Provideassurancethatthenecessaryleadershipandorganizationalstructuresandprocessesarein
    placetoachieveobjectivesandtosupporttheorganization'sstrategy.

    TaskStatements:
    T2.1 EvaluatetheITstrategy,includingtheITdirection,andtheprocessesforthestrategysdevelopment,
    approval,implementationandmaintenanceforalignmentwiththeorganizationsstrategiesand
    objectives.
    T2.2 EvaluatetheeffectivenessoftheITgovernancestructuretodeterminewhetherITdecisions,directions
    andperformancesupporttheorganizationsstrategiesandobjectives.
    T2.3 EvaluateITorganizationalstructureandhumanresources(personnel)managementtodetermine
    whethertheysupporttheorganizationsstrategiesandobjectives.
    T2.4 EvaluatetheorganizationsITpolicies,standards,andprocedures,andtheprocessesfortheir
    development,approval,release/publishing,implementation,andmaintenancetodeterminewhether
    theysupporttheITstrategyandcomplywithregulatoryandlegalrequirements.
    T2.5 EvaluateITresourcemanagement,includinginvestment,prioritization,allocationanduseforalignment
    withtheorganizationsstrategiesandobjectives.
    T2.6 EvaluateITportfoliomanagement,includinginvestment,prioritizationandallocation,foralignment
    withtheorganizationsstrategiesandobjectives.
    T2.7 EvaluateriskmanagementpracticestodeterminewhethertheorganizationsITrelatedrisksare
    identified,assessed,monitored,reportedandmanaged.
    T2.8 EvaluateITmanagementandmonitoringofcontrols(e.g.,continuousmonitoring,qualityassurance
    [QA])forcompliancewiththeorganizationspolicies,standardsandprocedures.
    T2.9 EvaluatemonitoringandreportingofITkeyperformanceindicators(KPIs)todeterminewhether
    managementreceivessufficientandtimelyinformation.
    T2.10Evaluatetheorganizationsbusinesscontinuityplan(BCP),includingalignmentoftheITdisaster
    recoveryplan(DRP)withtheBCP,todeterminetheorganizationsabilitytocontinueessentialbusiness
    operationsduringtheperiodofanITdisruption.


    Domain3InformationSystemsAcquisition,DevelopmentandImplementation(18%)

    Provideassurancethatthepracticesfortheacquisition,development,testingandimplementationof
    informationsystemsmeettheorganizationsstrategiesandobjectives.

    TaskStatements:
    T3.1 Evaluatethebusinesscasefortheproposedinvestmentsininformationsystemsacquisition,
    development,maintenanceandsubsequentretirementtodeterminewhetheritmeetsbusiness
    objectives.
    T3.2 EvaluateITsupplierselectionandcontractmanagementprocessestoensurethattheorganizations
    servicelevelsandrequisitecontrolsaremet.
    T3.3 Evaluatetheprojectmanagementframeworkandcontrolstodeterminewhetherbusinessrequirements
    areachievedinacosteffectivemannerwhilemanagingriskstotheorganization.
    T3.4 Conductreviewstodeterminewhetheraprojectisprogressinginaccordancewithprojectplans,is
    adequatelysupportedbydocumentation,andhastimelyandaccuratestatusreporting.
    T3.5 Evaluatecontrolsforinformationsystemsduringtherequirements,acquisition,developmentand
    testingphasesforcompliancewiththeorganization'spolicies,standards,proceduresandapplicable
    externalrequirements.
    T3.6 Evaluatethereadinessofinformationsystemsforimplementationandmigrationintoproductionto
    determinewhetherprojectdeliverables,controlsandorganization'srequirementsaremet.
    T3.7 Conductpostimplementationreviewsofsystemstodeterminewhetherprojectdeliverables,controls
    andorganization'srequirementsaremet.

    Domain4ISOperations,Maintenance,andServiceManagement(20%)

    Provideassurancethattheprocessesforinformationsystemsoperations,maintenanceandservice
    managementmeettheorganizationsstrategiesandobjectives.

    TaskStatements:
    T4.1 EvaluateITservicemanagementframeworkandpractices(internalorthirdparty)todeterminewhether
    thecontrolsandservicelevelsexpectedbytheorganizationarebeingadheredtoandwhetherstrategic
    objectivesaremet.
    T4.2 Conductperiodicreviewsofinformationsystemstodeterminewhethertheycontinuetomeetthe
    organizationsobjectiveswithintheenterprisearchitecture(EA).
    T4.3 EvaluateIToperations(e.g.,jobscheduling,configurationmanagement,capacityandperformance
    management)todeterminewhethertheyarecontrolledeffectivelyandcontinuetosupportthe
    organizationsobjectives.
    T4.4 EvaluateITmaintenance(patches,upgrades)todeterminewhethertheyarecontrolledeffectivelyand
    continuetosupporttheorganizationsobjectives.
    T4.5 Evaluatedatabasemanagementpracticestodeterminetheintegrityandoptimizationofdatabases.
    T4.6 Evaluatedataqualityandlifecyclemanagementtodeterminewhethertheycontinuetomeetstrategic
    objectives.
    T4.7 Evaluateproblemandincidentmanagementpracticestodeterminewhetherproblemsandincidentsare
    prevented,detected,analyzed,reportedandresolvedinatimelymannertosupportorganizations
    objectives.
    T4.8 Evaluatechangeandreleasemanagementpracticestodeterminewhetherchangesmadetosystems
    andapplicationsareadequatelycontrolledanddocumented.
    T4.9 Evaluateendusercomputingtodeterminewhethertheprocessesforendusercomputingare
    effectivelycontrolledandsupporttheorganizationsobjectives.
    T4.10EvaluateITcontinuityandresilience(backups/restores,disasterrecoveryplan[DRP])todetermine
    whetheritiscontrolledeffectivelyandcontinuestosupporttheorganizationsobjectives.
    Domain5ProtectionofInformationAssets(25%)

    Provideassurancethattheorganizationspolicies,standards,proceduresandcontrolsensurethe
    confidentiality,integrityandavailabilityofinformationassets.

    TaskStatements:
    T5.1 Evaluatetheinformationsecurityandprivacypolicies,standardsandproceduresforcompleteness,
    alignmentwithgenerallyacceptedpracticesandcompliancewithapplicableexternalrequirements.
    T5.2 Evaluatethedesign,implementation,maintenance,monitoringandreportingofphysicaland
    environmentalcontrolstodeterminewhetherinformationassetsareadequatelysafeguarded.
    T5.3 Evaluatethedesign,implementation,maintenance,monitoringandreportingofsystemandlogical
    securitycontrolstoverifytheconfidentiality,integrityandavailabilityofinformation.
    T5.4 Evaluatethedesign,implementationandmonitoringofthedataclassificationprocessesandprocedures
    foralignmentwiththeorganizationspolicies,standards,proceduresandapplicableexternal
    requirements.
    T5.5 Evaluatetheprocessesandproceduresusedtostore,retrieve,transportanddisposeofassetsto
    determinewhetherinformationassetsareadequatelysafeguarded.
    T5.6 Evaluatetheinformationsecurityprogramtodetermineitseffectivenessandalignmentwiththe
    organizationsstrategiesandobjectives.

    You might also like