From the course: CISA Cert Prep: 2 Information Technology Governance and Management for IS Auditors
Join today to access over 22,600 courses taught by industry experts or purchase this course individually.
Collect information: Part 1
From the course: CISA Cert Prep: 2 Information Technology Governance and Management for IS Auditors
Collect information: Part 1
- All right, now, let's get into the second phase of our risk management process, the collection phase. So, in a collection phase, we're dealing with pulling information from all the different sources. We might be doing surveys. We might walk around with a clipboard, and actually do some interviewing of people. We will be doing that. You might look at some vulnerability test results. You might look at some penetration test results. And pull that out, and analyze it, and try and collect the information to make some sense of it all. So, here we are in the second phase of our risk management process. We did the planning. We scoped it. We figured out what assets were involved. We set the team up, et cetera, et cetera. And now, we're going to do the actual grunt work, in this second box here of collecting the information. All right, so, the first step in our collection phase is to identify which assets we are dealing with. Now, we've already, in our scope, back in the planning phase…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.