Class Activity
1. CISA Review Manual – talking points
The talking points will focus on configuration management, change management, and release management:
- Information systems maintenance practicies (3.9)
- Information systems operations (4.2)
2. Practitioner’s audit perspective
- Baselining of critical and high risk configuration parameters and value setting
- Build testing and certification
- Change requests, normal vs emergency changes, approvals, ticketing and documentation, change reconciliation
- Periodic reconciliation of configuration parameter values in product environment
- Periodic scanning and penetration testing for configuration changes, vulnerabilities and errors, and remediation and escalation procedures
3. Quiz or Test of Knowledge (TOK)
Reading Assignment Due Prior to Class
1. Knowledge Statements
Students are expected to read the following knowledge statements and come prepared for the class:
- KS3.12 – Knowledge of configuration and release management…
2. References
Students are expected to read the following sections in the CISA Review Manual and be prepared for today’s class, and quiz or TOK:
- 3.9, 3.9.1, 3.9.2, 4.2.7
- Exhibit 3.25, 4.8