Study Scheme 2018

MANAGERIAL LEVEL-1
M3 – MANAGEMENT INFORMATION SYSTEM
INTRODUCTION LEARNING OUTCOMES
This course deals with management of security of the Upon completion of this course, students will be able
systems, and is designed to focus on tools and to:
techniques of information systems and application of  Understand the complexity of managing security
knowledge to I.T. Audit. in electronic systems;
 Identify and assess the critical threats to
OBJECTIVE information systems;
To provide the students with a detailed knowledge of  Get acquainted with the process of auditing
Information System and I.T. Audit to enabling them information systems;
to:  Apply adequate information technology
 Design and develop information system to governance and management in IT audit of
improve the performance of organisations, and businesses;
 Apply conceptual approach of information  Perform preliminary security audit of
systems to I.T. Audit. information systems and apply skills to a
security incident;
 Apply the most effective information systems
audit, control and security practices;
INDICATIVE GRID
PART SYLLABUS CONTENT AREA WEIGHTAGE
INFORMATION SYSTEMS
1. Emerging Technology in E-Business
A 2. Infrastructure and Operations 50%
3. Information and Databases
4. Systems acquisition / development process
IT AUDIT
5. The Process of Auditing Information Systems
6. Governance and Management of IT
B 7. Auditing Infrastructure and Operations 50%
8. Auditing Systems Acquisition / Development Process
9. Information Security Management (ISM)
10. Business Continuity and Disaster Recovery
TOTAL 100%
Note: The weightage shown against each section indicates, study time required for the topics in that section. This
weightage does not necessarily specify the number of marks to be allocated to that section in the examination.
DETAILED CONTENTS
PART – A  Computer Networks (Categories,
INFORMATION SYSTEMS (IS) Topologies, Architecture and Types)
 Basics of Cloud Computing
1. Emerging Technology in E-Business
 Definition of the EDI, E-Business and E- 3. Information and Databases
Co mme r c e ,  What is a data-base?
 E - B u s i n e s s M o d e l s ( B 2 B , B2 C , B 2 E . B 2 G ,  D a t a m od e l l in g ; ( D F D , E R D )
G2C & C2C),  Types of databases; (Introduction only)
 Introduction to E-commerce Architecture,  The roles of a data-base management
E-Commerce Risks, sy ste m;
 Advantages of E-commerce for  Data as a resource;
b usi n e sse s,  Data warehousing and Business analytics
 E-Business Software (SCM. ERP & CRM).  Importance of models.
 Artificial Intelligence and its importance  Information systems categories;
in Finance, Accounts, Taxation and IT  Office automation systems;
A ud i t  Communication systems;
 Decision support systems;
2. Infrastructure and Operations  Enterprise systems;
 Management of IS Operations,  Li mi ta ti o n s
 IT Service Management (systems,  Uses of information systems categories
n e t w o r k s a n d s u p p l ie s )
 Change Management Process, (best 4. Systems Acquisition / Development Process
practices to reduce risks)  Approaches (Waterfall, spiral, Agile and
 Computer Hardware Components and S c r u m , p r o t o t y p i ng ) ,
Architectures, (CPU, Devices and Media)  Phases of SDLC (Investigation and
 Capacity Management (monitoring, feasibility study),
scheduling, upgrading)  Requirements analysis and initial design.
 Operating Systems, (functions and types)  Detailed design specification/
documentation.

1
 Study Scheme 2018
 System installation/ implementation &  Utilizing reporting reviews, scheduling
m a i n t e n a nc e ) , r e v ie w s .
 Project Management. (PM Triangle)
 Project planning. (PERT, CPM, intro. 8. Auditing Systems Acquisition / Development
Importance of PM software) Process
 Project control methods and standards  Risk of inadequate system development
(Introduction of PERT, PRINCE, ISO life cycle (SDLC) and review of
2 150 0 , C M M ) development procedures and
methodologies,
PART – B  Review of acquisition process for
IT AUDIT o utso ur c i n g ,
 Information system maintenance
5. The Process of Auditing Information Systems practices
 Definition of IT Audit and Types of Audit  Process of carrying out change in software
 A u d i t M i s s i on a nd p l a nn i ng ,  Library control software, review of the
 Role and responsibilities of Internal. practice of project management tools and
e x t e r na l a nd I T A u d i t o r s , te c hn i q u e s
 Risk assessment and analysis.
 risk based audit approach, 9. Information Security Management (ISM)
 c o m p l i a n c e a n d s u b s t a n t iv e t e s t i n g ,  Importance of ISM,
 I n t e r na l C on t r o l s a nd t h e i r t y p e s ,  Understanding of Facilities (Data centres,
objectives and procedures. outsourced facilities, Storage, media
 Performing an IT audit, (Procedure) libraries, backup vaults, UPS & Disaster
 C A A Ts , recovery sites),
 Control self assessment.  Antivirus Software implementation
S t r a t e g ie s ) ,
6. Governance and Management of IT  Program and data security techniques,
 Corporate and IT Governance,  Monitoring and surveillance techniques,
 IT Governance Frameworks,  Environment Controls
 Roles and responsibilities of senior  Smoke detectors,
management  Fire Suppression Access management
 Steering committee & chief information c o n tr o ls,
o f fi c e r ,  Physical design and access controls,
 P o l i c ie s a nd p r o c e d u r e s ,  Logical access controls (user
 Sourcing practices, (Introduction, a u t h o r i z a t io n m a t r i x & P a s s w or d
Advantages, Limitations) managements / password change
 IS roles and Responsibilities, procedures).
 Segregation of duties and controls within  Network security (encryption, firewalls
IS System and Humidity / Temperature),
 Auditing IT Governance structure and  Media Sanitization.
i m p l e m en t a t i on s  Auditing Information Security
Management
7. Auditing Infrastructure and Operations
 Hardware review; 10. Business Continuity and Disaster Recovery
 Operating systems reviews;  D e f i ni n g a D i s a s t e r ,
 Data-base local area network, network  B C P a nd D R P .
o p e r a t i ng ,  BCP Process.
 Control, information system operations  Business Continuity Policy and Planning
r e v ie w s ,  Incident Management
 L i g h t s o u t op e r a t io n s ,  Business Impact Analysis,
 Application controls and their objectives,  D e ve l op m e n t of B C P .
 File creation,  In sur a n c e ,
 Data conversion;  P l a n T e s t in g
 I n p u t an d o u t p u t  A u d i t i ng B u s i n e s s C on t i n u i t y
 Problem management reporting reviews,  Recovery sites, database backup/recovery
 Hardware availability methods, application backup/recovery
methods

CORE READINGS
Title Author Publisher
Information Systems Audit and Control
CISA Manual CISA
Associations, Inc.
Information Systems: The Foundation of E-business Steven Alter Prentice Hall / Pearson / Financial Times
ADDITIONAL
Introduction to Information System James O’ Brien McGraw Hill