1. IS Audit Process
- risk-based auditing
- developing the audit strategy
- planning and executing the audit

2. IT Governance
- organization and management structure
- IT strategy and planning
- risk management practices
- IT governance practices
- international IT standards and guidelines

3. IS Operations
- centralized/decentralized  environments
- problem and incident management
- technical support
- quality assurance (QA)
- segregation of duties

4. Hardware Infrastructure
- hardware acquisition, contracts,  and inventories
- equipment maintenance/utilization

5. Software Infrastructure
- operating systems
- database management system (DBMS)
- system software controls

6. Physical and Environmental  Controls
- physical security objectives, risks  and controls
- environmental exposures, risks, and  controls

7. Logical Access Controls
- logical access controls objectives
- authentication: password controls,  tokens, biometrics, managing user accounts
- authorization
- audit trail
- managing security administration
- single sign-on (SSO) authentication 

8. Network Infrastructure
- network terminology
- centralized and distributed  computing

9. Local Area Networks
- cabling: twisted pair, coaxial,  fiber-optics
- LAN network topologies
- wireless communications and  associated risks

10. Network Standards and Protocols 
- network communication standards
- common network protocols
- TCP / IP
- OSI model, encapsulation, security  issues

11. Network Devices
- network interface cards
- wiring hubs
- wireless access points
- bridges
- switches
- routers
- gateways
- device security

12. Wide Area Networks
- differences between LANs and WANs
- WAN connection methods
- dial-up and wireless connections and risks
- switching techniques: circuit,  message, packet, cell

13. Internet
- Internet technologies
- IP Addressing
- URL
- DNS
- Web application programming  techniques
- Internet risks and controls

14. Network Security
- network security risk analysis
- vulnerability testing
- network security strategy

15. Network Perimeter Security
- network security strategies
- firewalls
- DMZ
- intrusion detection systems
- remote access

16. Encryption
- types of encryption
- digital signatures and certificates

17. Business Application Systems
- objectives of application audits
- auditing the transaction life cycle
- auditing the business application  components
- planning and executing application  audits

18. Change Management
- change management objectives/risks
- change request requirements
- emergency changes
- library control software
- vendor-supplied source code
- new programming technologies

19. System Development Life Cycle
- audit’s role on development  projects
- business risks of development  projects
- project governance practices
- traditional system development life  cycle
- rapid application development
- system testing and acceptance
- cutover and implementation

20. Project Management
- project management risks
- budgeting and scheduling
- auditing project management

21. Disaster Recovery and Business  Continuity Planning
- disasters and disruptive events
- business continuity planning steps
- business impact analysis (BIA)
- disaster recovery strategies
- testing the recovery plan
- continuity plan maintenance 

22. Executing IS Audits
- risk assessment
- planning the audit
- developing audit programs
- testing controls
- workpapers
- audit report
- closing meeting