CHAPTER 1 – CONCEPTS OF GOVERNANCE AND MANAGEMENT OF INFORMATION SYSTEMS
Exam Year Questions Asked
May 19 Benefits of Governance Key Management Practices of IT Compliance Nov 18 1.12.5 Evaluating and Assessing the System of Internal Controls - key management practices for assessing and evaluating the system of internal controls in an enterprise 1.8.4 Key Management Practices for Aligning IT Strategy with Enterprise Strategy 1.10.10 Using COBIT 5 Best Practices for GRC - Specific success of a Governance, Risk and Compliance (GRC) program using COBIT 5 can be measured by using the following goals and metrics: May 18 1.9.7 Metrics of Risk Management 1.9.6 Key Management Practices of Risk Management 1.10.4 Benefits of COBIT 5 (b) Internal Controls as per COSO: Internal Control is comprised of following five interrelated components:
CHAPTER 2 – INFORMATION SYSTEMS CONCEPTS
Exam Year Questions Asked May 19 The Executive Decision-Making Environment - The characteristics of the types of information used in executive decision-making: Overview of Underlying IT Technologies - (iv) Business Intelligence short note Nov 18 (f) Limitations of MIS (b) Benefits of Expert Systems characteristics of Computer Based Information Systems (CBIS) May 18 Misconceptions about MIS To operate Information Systems (IS) effectively and efficiently a business manager should have following knowledge about it: Some of the business application areas of Expert Systems are as follows:
CHAPTER 3 – PROTECTION OF INFORMATION SYSTEMS
Exam Year Questions Asked May 19 Phases of Program Development Life Cycle Controls over Data Integrity and Security - Classification of Information are as follows: Nov 18 (c) Asynchronous Attacks: + Subversive Threats: 3.13.1 Cyber Attacks Table 3.6.2: Logical Access Controls - Network Access Control can be achieved through following means. May 18 Technical Exposures: Trojan Horse: 3.10.2 Data Integrity Policies (iii) Issues and Revelations related to Logical Access – (d) Remote and distributed data processing applications can be controlled in many ways. Some of these are given as follows: CHAPTER 4 – BUSINESS CONTINUITY PLANNING AND DISASTER RECOVERY PLANNING Exam Year Questions Asked May 19 Components of BCM Process Nov 18 4.15 Alternate Processing Facility Arrangements - If a third-party site is to be used for backup and recovery purposes, security administrators must ensure that a contract is written to cover issues such as 4.12 BCM Training Process May 18 4.11.1 BCM Testing - In case of Development of BCP, the objectives of performing BCP tests are to ensure that: advantages and disadvantages of Full Backup type. 4.11.3 Reviewing BCM Arrangements
CHAPTER 5 – ACQUISITION, DEVELOPMENT AND IMPLEMENTATION OF INFORMATION SYSTEMS
Exam Year Questions Asked May 19 System Acquisition - (c) Other Acquisition Aspects and Practices: (v) Methods of Validating the proposal: (v) Systems Specification: Systems Requirement Specifications (SRS). A well documented SRS contains the following sections: 5.4.6 Agile Model - (a) Strengths: Nov 18 5.5.5 System Development : Programming Techniques and Languages - A good coded application and programs should have the following characteristics: (ii) System Maintenance can be categorized in the following ways: 5.2 Business Process Design involves a sequence of the steps described briefly below - (i) Present Process Documentation: (ii) Proposed Process Documentation: (iii) Implementation of New Process: May 18 Different types of System Testing are as follows: (b) Acquiring Systems Components from Vendors: The following considerations are valid for acquisition of both hardware and software when Request for Proposal (RFP) is called from vendors: 5.5.8 Post Implementation Review and Systems Maintenance - Various evaluation methods in post-implementation review in respect to user satisfaction with the Information System include the following:
CHAPTER 6 – AUDITING OF INFORMATION SYSTEMS
Exam Year Questions Asked May 19 Effect of Computers on Audit - Changes to Evidence Collection; Advantages and Disadvantages of Continuous Auditing: - Disadvantages of Continuous Audit Understanding the Layers and Related Audit Issues - Tactical Layer of the Application Security Layer: Categories of Information Systems Audits 6.7.5 Quality Assurance Management Controls Nov 18 6.6.1 Role of IS Auditor in Physical Access Controls 6.5.1 Inherent Limitations of Audit - Information Systems (IS) Audit 6.2.1 Need for Audit of Information Systems - Factors influencing an organization toward controls and audit of computers 6.4.2 Preliminary Review - (ii) Understanding the Technology: An important task for the auditor as a part of his preliminary evaluation is to gain a good understanding of the technology environment and related control issues. (iii) System Control Audit Review File (SCARF): - Auditors might use SCARF to collect the following types of information: May 18 (c) Audit of Environmental Controls: Audit of environmental controls requires the IS auditor to conduct physical inspections and observe practices. The Auditor should verifythat: 6.9.2 Understanding the Layers and Related Audit Issues - (i) Operational Layer: The operational layer audit issues include: Integrated Test Facility - Following are the ways through which an auditor may use Integrated Test Facility (ITF) as a continuous audit tool: 6.3.4 Steps in Information System Audit
CHAPTER 7 – INFORMATION TECHNOLOGY REGULATORY ISSUES
Exam Year Questions Asked May 19 Define the following terms with reference to Information Technology Act. - (i) Electronic Form (ii) Information (iii) Key Pair Requirements of IRDA for System Controls & Audit - System Audit: [Section 76] Confiscation - Some key steps for ensuring compliance with cyber laws are given below: Nov 18 define the term Electronic Signature Section 3A (2) of IT Act, 2000] Electronic Signature - (2) For the purposes of this section any electronic signature or electronic authentication technique shall be considered reliable if- The objectives of the Information Technology Act, 2000 are as follows: May 18 A company may adopt ISO 27001 for the following reasons: [Section 43A] Compensation for failure to protect data [Section 44] Penalty for failure to furnish information return etc.
CHAPTER 8 – EMERGING TECHNOLOGIES
Exam Year Questions Asked May 19 Characteristics of Software as a Service (SaaS) are as follows: Nov 18 8.6.1 Advantages of BYOD The Advantages of Public Cloud The advantages of Private Clouds 8.4.4 Benefits of Mobile Computing May 18 Characteristics of Public Cloud Mobile Computing & Components of Mobile Computing