"National Research University - Higher School of Economics" Program of Discipline " Information Systems Audit" for Master training direction 38.04.05 "Business Informatics" The Government of the Russian Federation Federal State Autonomous Educational Institution of Higher Professional Education “National Research University “Higher School of Economics” Faculty of business and management School of business Informatics Program of Discipline “Information Systems Audit” for Master training direction 38.04.05 “Business Informatics” The authors of the program: Grekul V.I., candidate of science, senior researcher, grekoul@hse.ru Одобрена на заседании кафедры управления ИС и цифровой инфраструктурой «____»______________ 2015 г. Зав. кафедрой Исаев Е.А. Утверждена академическим советом образовательной программы «Бизнес-информатика» «____»______________ 2015 г. Академический руководитель Зараменских Е.П.__________________________ Зарегистрирована УМО школы бизнес-информатики «____»______________ 2015 г. ________________________ Moscow, 2015 This program cannot be used by other divisions of the university and other institutions of higher education without the permission of the department - the developer of the program. 1 "National Research University - Higher School of Economics" Program of Discipline " Information Systems Audit" for Master training direction 38.04.05 "Business Informatics" 1 Application area and normative references This program of academic discipline establishes minimum requirements for knowledge and skills of the student and determines the content and the types of studies and reporting. The program is designed for lecturers, teaching this discipline, teaching assistants and students of 080500.68 "Business Informatics" teaching direction of Master training, studying for Master's program "Business Informatics". The program is designed in accordance with: 2 educational standard of the Federal State Autonomous Educational Institution of Higher Professional Education "National Research University" Higher School of Economics ", the level of training: Master, approved 26/06/2011; working curriculum of the University for the 38.04.05 "Business Informatics" Master training direction for the Master's program "Business Informatics, approved in 2014. Objective of the discipline mastering The aim of the course is to teach students to use their generalized knowledge in various fields of IT for estimation of information system (IS) characteristics and IS-related controls. This course is based on the program of CISA (Certified Information Systems Auditor) exam and introduces students to the concepts and practical methods of full cycle of IS auditing. This is the main feature of the course that distinguishes it from other similar disciplines studied in Russian and foreign Universities and aimed usually to separate categories of audit (e.g., audit of Information Security Management, IT strategy audit, Network Infrastructure audit etc.). 3 Student’s competence formed as a result of the discipline mastering As a result of the discipline mastering the student must: know: Control objectives and controls related to information systems. Audit planning and audit project management techniques. Risk assessment concepts, tools and techniques in an audit context. Applicable regulations that affect the scope, evidence collection and preservation, and frequency of audits. Fundamental business processes including relevant IT. be able to apply: IT Audit Assurance Standards, Guidelines, and Tools and Techniques. Evidence collection reporting and communication techniques. have the skills (gain experience) in audit project planning and assessing of main information systems characteristics. As a result of the discipline mastering the student acquires the following competencies: 2 "National Research University - Higher School of Economics" Program of Discipline " Information Systems Audit" for Master training direction 38.04.05 "Business Informatics" Competencies Descriptors - the main criteria of the mastering (indicators of results achievement) Forms and methods of studying, contributing to the formation and development of competence Ability to make managerial SK-M5 decisions, rate their possible consequences and take responsibility for them Demonstrate Lectures, seminars, homework Ability to analyze, verify and assess information integrity, collect or synthesize missing data Have knowledge and skills Lectures, seminars, homework Ability to conduct research and PK-12 prepare analytical materials to make strategic decisions in the sphere of information technologies Have knowledge and skills Lectures, seminars, homework Ability to define and spread common SLК –М3 objectives in professional and social activity Have knowledge and skills Lectures, seminars, homework Ability to develop, describe and control technological requirements and regulations Have knowledge and skills Lectures, seminars, homework 4 Code by FSAES/ NRU HSE SК-М6 SLК-М9 Place of the discipline in the structure of educational program This discipline is optional for specialization "Information systems management" within the Master's program "Business Informatics" The study of this discipline is based on the following disciplines: "Design of Information Systems"; "IT-service management"; "Improving enterprise architecture". For the discipline mastering, students should know conceptual foundations of enterprise architecture, basic classes of information systems for business management, fundamental business processes including relevant IT- processes, best practices and up-to-date standards in 3 "National Research University - Higher School of Economics" Program of Discipline " Information Systems Audit" for Master training direction 38.04.05 "Business Informatics" the field of information technology (PMBOK, ISO/IEC 15288, ITIL, CobIT), methodologies of information systems design and implementation, be able to organize and synthesize information to develop specific proposals to improve IT-management processes. Main provisions of the discipline should be used further to prepare master theses, scientific articles and reports. The total complexity of discipline is a 6 credit units. 5 № Thematic plan of the disciplin 1. 2. 3. 4. 5. 6. Classroom training Total, hours Lecture Seminar Independent study The Process of Auditing Information Systems Governance and Management of Information Technologies Information Systems Acquisition, Development and Implementation Information Systems Operations, Maintenance and Support Protection of Information Assets Business Continuity and Disaster Recovery 44 6 8 30 44 6 8 30 36 4 8 24 32 4 8 20 30 4 6 20 30 4 6 20 Total 216 28 44 144 Topics 1. The Process of Auditing Information Systems Main tasks of auditor: Develop and implement a risk-based IT audit strategy. Plan specific audits to determine whether information systems are protected, controlled and provide value to the organization. Conduct audits in accordance with IT audit standards. Report audit findings and make recommendations to key stakeholders. Conduct follow-ups or prepare status reports to ensure that appropriate actions have been taken by management in a timely manner. Main areas of auditing expertise: IT Audit and Assurance Standards, Guidelines, and Tools and Techniques; Code of Professional Ethics; and other applicable standards. Risk assessment concepts, tools 4 "National Research University - Higher School of Economics" Program of Discipline " Information Systems Audit" for Master training direction 38.04.05 "Business Informatics" and techniques in an audit context control objectives and controls related to information systems. Audit planning and audit project management techniques fundamental business processes including relevant IT evidence collection techniques (e.g., observation, inquiry, inspection and interview data analysis) used to gather protect and preserve audit evidence. Compliance and substantive testing. Reporting and communication techniques (e.g., facilitation, negotiation, conflict resolution, audit report structure). 2. Governance and Management of Information Technologies Main objectives to be evaluated: The effectiveness of the IT governance structure. IT organizational structure and human resources (personnel) management. IT strategy. IT policies, standards and procedures. Adequacy of the quality management system to determine whether it supports the organization's strategies and objectives in a cost-effective manner. IT management and monitoring of controls. IT resource investment. IT contracting strategies and policies. Risk management practices. Monitoring and assurance practices. Main areas of auditing expertise: IT governance, management, security and control frameworks, and related standards, guidelines and practices. The purpose of IT strategy, policies, standards and procedures for an organization and the essential elements of each. The organizational structure, roles and responsibilities related to IT the processes for the development, implementation and maintenance of IT strategy, policies, standards and procedures. Quality management systems. Maturity models. IT resource investment and allocation practices, including prioritization criteria (e.g., portfolio management, value management, project management). IT supplier selection, conflict management, relationship management and performance monitoring processes including third-party outsourcing relationships enterprise risk management practices for monitoring and reporting of IT performance (e.g., balanced scorecards, key performance indicators [KPIs]). IT human resources (personnel) management practices used to invoke the business continuity plan. 3. Information Systems Acquisition, Development and Implementation Main objectives to be evaluated: Business case for proposed investments in information systems. Project management practices and controls. Controls for information systems during the requirements, acquisition, development and testing phases. 5 "National Research University - Higher School of Economics" Program of Discipline " Information Systems Audit" for Master training direction 38.04.05 "Business Informatics" Readiness of information systems for implementation and mitigation into production to determine whether project deliverables, controls and the organization's requirements are met. Post-implementation reviews of systems. Main areas of auditing expertise: Benefits realization practices (e.g., feasibility studies, business cases, total cost of ownership [TCO], ROI). Project governance mechanisms (e.g., steering committee, project oversight board, project management office). Project management control frameworks, practices and tools. Risk management practices applied to projects IT architecture related to data, applications and technology (e.g., distributed applications, web-based applications, web services, n-tier applications) acquisition practices (e.g., evaluation of vendors, vendor management, escrow). Requirements analysis and management practices (e.g., requirements verification, traceability, gap analysis, vulnerability management, security requirements). Project success criteria and risks. Control objectives and techniques that ensure the completeness, accuracy, validity and authorization of transactions and data. system development methodologies and tools, including their strengths and weaknesses (e.g., agile development practices, prototyping, rapid application development [RAD]; object-oriented design techniques). Testing methodologies and practices related to information systems development. Configuration and release management relating to the development of information systems. System migration and infrastructure deployment practices and data conversion tools, techniques and procedures. Post-implementation review objectives and practices. 4. Information Systems Operations, Maintenance and Support Main objectives to be evaluated: Periodic reviews of in format ion systems to determine whether they continue to meet the organization's objectives. Service level management practices. Third-party management practices. Operations and end-user procedures. Process of information systems maintenance. Data administration practices. Capacity and performance monitoring tools and techniques. Problem and incident management practices. Change, configuration and release management practices. Adequacy of backup and restore provisions organization's disaster recovery plan. Main areas of auditing expertise: Service level management practices and the components within a service level agreement. Techniques for monitoring third-party compliance with the organization's internal controls. Operations and end-user procedures for managing scheduled and nonscheduled processes. The technology concepts related to hardware and network components, system software and database management systems. Control techniques that ensure the integrity of system interfaces. Software licensing and inventory practices. system resiliency tools and techniques (e.g., fault tolerant hardware, elimination of single point of failure, clustering). Database administration practices. Capacity planning 6 "National Research University - Higher School of Economics" Program of Discipline " Information Systems Audit" for Master training direction 38.04.05 "Business Informatics" and related monitoring tools and techniques. Systems performance monitoring processes, tools and techniques (e.g., network analyzers system utilization reports, load balancing). Problem and incident management practices (e.g., help desk, escalation procedures, tracking). Processes for managing scheduled and nonscheduled changes to the production systems and / or infrastructure including change, configuration, release and patch management practices. Data backup, storage, maintenance, retention and restoration practices. 5. Protection of Information Assets Main objectives to be evaluated: Information security policies, standards and procedures. Design, implementation and monitoring of system and logical security controls. Design, implementation and monitoring of the data classification processes and procedures for alignment with the organization's policies, standards, procedures and applicable external requirements. Design, implementation and monitoring of physical access and environmental controls. Processes and procedures used to store, retrieve, transport and dispose of information assets Main areas of auditing expertise: Techniques for the design, implementation and monitoring of security controls, including security awareness programs. Processes related to monitoring and responding to security incidents (e.g., escalation procedures, emergency incident response team). Logical access controls for the identification, authentication and restriction of users to authorized functions and data. Security controls related to hardware, system software (e.g., applications, operating systems), and database management systems. Risks and controls associated with virtualization of systems. Configuration, implementation, operation and maintenance of network security controls. Network and Internet security devices, protocols and techniques. Information system attack methods and techniques. Detection tools and control techniques (e.g., malware, virus detection, spyware). Security testing techniques (e.g., intrusion testing, vulnerability scanning). Risks and controls associated with data leakage. Encryption- related techniques. Public key infrastructure (PKI) components and digital signature techniques. Risks and controls associated with peer-to-peer computing, instant messaging, and web-based technologies (e.g., social networking, message boards, blogs). Controls and risks associated with the use of mobile and wireless devices. Voice communications security (e.g., PBX, VoIP). The evidence preservation techniques and processes followed in forensics investigations (e.g., IT, process, chain of custody). Data classification standards and supporting procedures. Physical access controls for the identification, authentication and restriction of users to authorized facilities. Environmental protection devices and supporting practices. Processes and procedures used to store, retrieve, transport and dispose of confidential information assets. 6. Business Continuity and Disaster Recovery Main objectives to be evaluated: The adequacy of backup and restore provisions to ensure the availability of information required to resume processing. The organization's disaster recovery plan. 7 "National Research University - Higher School of Economics" Program of Discipline " Information Systems Audit" for Master training direction 38.04.05 "Business Informatics" The organization's business continuity plan. Main areas of auditing expertise: Data backup, storage, maintenance, retention and restoration processes, and practices. Regulatory, legal, contractual and insurance issues related to business continuity and disaster recovery. Business Impact Analysis (BIA). Development and maintenance of the business continuity and disaster recovery plans. Business continuity and disaster recovery testing approaches and methods. Human resources management practices as related to business continuity and disaster recovery (e.g., evacuation planning, response teams). Processes used to invoke the business continuity and disaster recovery plans. Types of alternate processing sites and methods used to monitor the contractual agreements (e.g., hot sites, warm sites, cold sites). 6 Educational Technology Following educational technologies are used in the implementation of different types of learning: lectures, reports, discussion, cases review. 7 Evaluation tools for monitoring and certification of the student Progress Tests (fragments) Topic 1 01. Which of the following is the MOST important reason why an audit planning process should be reviewed at periodic intervals? A. To plan for deployment of available audit resources B. To consider changes to the risk environment C. To provide inputs for documentation of the audit charter D. To identify the applicable IS audit standards 02. When performing a computer forensic investigation [судебное расследование], in regard to the evidence gathered, an IS auditor should be MOST concerned with: A. Analysis. B. Evaluation. C. Preservation. D. Disclosure. 03. The internal audit department of an organization has developed and maintained ACL scripts for continuous auditing purposes. These scripts were provided to IT management for continuous monitoring purposes. This situation resulted in a potential conflict related to the auditors independence and objectivity. Which of the following actions would BEST resolve this issue? A. The internal audit team should stop sharing the scripts so that IT management must develop its own scripts. 8 "National Research University - Higher School of Economics" Program of Discipline " Information Systems Audit" for Master training direction 38.04.05 "Business Informatics" B. Since continuous monitoring and continuous auditing are similar functions, IT management should assign the continuous monitoring tasks to the internal audit department. C. IT management should continue to use the scripts for continuous monitoring purposes with the understanding that it is responsible for testing and maintaining the scripts that it uses. D. The internal audit team should review the areas where these scripts are being used and reduce the audit scope and frequency for those areas. Topic 2 01. In an organization where an IT security baseline has been defined, the IS auditor should FIRST ensure: A. Implementation B. Compliance C. Documentation D. Sufficiency 02. Which of the following duties would be a concern if performed along with systems administration? A. Access rule maintenance B. System audit trail review C. Data librarian D. Performance monitoring 03. Which of the following BEST describes an IT department's strategic planning process? A. The IT department will have either short-range or long-range plans depending on the organization's broader plans and objectives. B. The IT department's strategic plan must be time- and project-oriented, but not so detailed as to address and help determine priorities to meet business needs. C. Long-range planning for the IT department should recognize organizational goals, technological advances and regulatory requirements. D. Short-range planning for the IT department does not need to be integrated into the short-range plans or the organization since technological advances will drive the IT department plans much quicker than organizational plans. Topic 3 01. The most common reason for the failure of information systems to meet the needs of users is that: A. User needs are constantly changing. B. The growth of user requirements was forecast inaccurately. 9 "National Research University - Higher School of Economics" Program of Discipline " Information Systems Audit" for Master training direction 38.04.05 "Business Informatics" C. The hardware system limits the number of concurrent users. D. User participation in defining the system’s requirements was inadequate. 02. An IS auditor is assigned audit a software development project which is more than 80 percent complete, but has already overrun time by 10 percent and costs by 25 percent. Which of the following actions should the IS auditor take? A. Report that the organization does not have effective project management B. Recommend the project manager be changed C. Review the IT governance structure D. Review the conduct of the project and the business case 03. A request for a change to a report format in a module (subsystem) was made. After making the required changes, the programmer should carry out: A. Unit testing. B. Unit and module testing. C. Unit, module and regression testing. D. Module testing. Topic 4 01. When assessing the portability of a database application, the IS auditor should verify that: A. A structured query language (SQL) is used. B. Information import and export procedures exist with other systems. C. Indexes are used. D. All entities have a significant name and identified primary and foreign keys. 02. Which of the following would an IS auditor expect to find in a console log? A. Names of system users B. Shift supervisor identification C. System errors D. Data edit errors 03. In a LAN environment, which of the following minimizes the risk of data corruption during transmission? A. Using end-to-end encryption for data communication B. Using separate conduits for electrical and data cables C. Using check sums for checking the corruption of data D. Connecting the terminals using a star topology Topic 5 01. Which of the following steps would an IS auditor normally perform FIRST in a data center security review? 10 "National Research University - Higher School of Economics" Program of Discipline " Information Systems Audit" for Master training direction 38.04.05 "Business Informatics" A. Evaluate physical access test results. B. Determine the risks/threats to the data center site. C. Review business continuity procedures. D. Test for evidence of physical access at suspect locations. 02. Which of the following concerns associated with the World Wide Web would be addressed by a firewall? A. Unauthorized access from outside the organization B. Unauthorized access from within the organization C. A delay in Internet connectivity D. A delay in downloading using File Transfer Protocol (FTP) 03. When auditing security for a data center, an IS auditor should look for the presence of a voltage regulator (surge protector) to ensure that the: A. Hardware is protected against power surges. B. Integrity is maintained if the main power is interrupted. C. Immediate power will be available if the main power is lost. D. Hardware is protected against long-term power fluctuations. Topic 6 01. Which of the following is the best way to ensure that the company’s backup tapes can be used at a warm site? A. Retrieve the tapes from the off-site facility and verify that the equipment at the original site can read them B. Test them on the vendor’s machine, which won’t be used during an emergency C. Inventory each tape kept at the vendor’s site twice a month D. Test them on the equipment maintained within the hot site 02. Prior to a live disaster test, which of the following is most important? A. Restore all files in preparation for the test B. Document expected findings C. Arrange physical security for the test site D. Conduct a successful structured walk-through 03. Which is not one of the primary goals of BIA? A. Criticality prioritization B. Downtime estimation C. Determining requirements for critical business functions D. Deciding on various tests to be performed to validate the business continuity plan 11 "National Research University - Higher School of Economics" Program of Discipline " Information Systems Audit" for Master training direction 38.04.05 "Business Informatics" Final exam topics 1. IT Audit and Assurance Standards, Guidelines, and Tools and Techniques; Code of Professional Ethics. 2. Risk assessment concepts, tools and techniques in an audit context. 3. Control objectives and controls related to information systems. 4. Audit planning. 5. Evidence collection techniques (e.g., observation, inquiry, inspection, interview data analysis) used to gather protect and preserve audit evidence. 6. Audit sampling methodologies. 7. Organizational structure, roles and responsibilities related to IT 8. Processes for the development, implementation and maintenance of IT strategy, policies, standards and procedures. 9. The use of maturity models. 10. Practices for monitoring and reporting of IT performance (e.g., balanced scorecards, key performance indicators [KPIs]) 11. Project governance mechanisms (e.g., steering committee, project oversight board, project management office). 12. Acquisition practices (e.g., evaluation of vendors, vendor management, escrow). 13. Control objectives and techniques that ensure the completeness, accuracy, validity and authorization of transactions and data. 14. System development methodologies and tools, including their strengths and weaknesses (e.g., agile development practices, prototyping, rapid application development [RAD]; object-oriented design techniques). 15. Testing methodologies and practices related to information systems development. 16. Configuration and release management relating to the development of information systems. 17. Techniques for monitoring third-party compliance with the organization's internal controls. 18. Operations and end-user procedures for managing scheduled and nonscheduled processes. 19. Control techniques that ensure the integrity of system interfaces. 20. Software licensing and inventory practices. 21. System resiliency tools and techniques (e.g., fault tolerant hardware, elimination of single point of failure, clustering). 22. Capacity planning and related monitoring tools and techniques. 23. Data backup, storage, maintenance, retention and restoration practices. 24. Processes related to monitoring and responding to security incidents (e.g., escalation procedures, emergency incident response team). 25. Security controls related to hardware, system software (e.g., applications, operating systems), and database management systems. 26. Risks and controls associated with virtualization of systems. 27. Network and Internet security devices, protocols and techniques. 28. Information system attack methods and techniques. 29. Security testing techniques (e.g., intrusion testing, vulnerability scanning). 30. Risks and controls associated with data leakage. 12 "National Research University - Higher School of Economics" Program of Discipline " Information Systems Audit" for Master training direction 38.04.05 "Business Informatics" 31. Risks and controls associated with peer-to-peer computing, instant messaging, and webbased technologies (e.g., social networking, message boards, blogs). 32. Controls and risks associated with the use of mobile and wireless devices. 33. The evidence preservation techniques and processes followed in forensics investigations (e.g., IT, process, chain of custody). 34. The processes and procedures used to store, retrieve, transport and dispose of confidential information assets. 35. Data backup, storage, maintenance, retention and restoration processes, and practices 36. Regulatory, legal, contractual and insurance issues related to business continuity and disaster recovery 37. Business Impact Analysis (BIA) 38. The development and maintenance of the business continuity and disaster recovery plans 39. Business continuity and disaster recovery testing approaches and methods. 40. Processes used to invoke the business continuity and disaster recovery plans. 41. Types of alternate processing sites and methods used to monitor the contractual agreements (e.g., hot sites, warm sites, cold sites). Essay topics (examples) 1. Information Technology investment methodologies 2. A Real Option strategic decision for IT project selection 3. Customer-related IT investments. 4. Managerial decision-making about IT Investment 5. Efficiency enhancing effects of IT investment 6. A Risk Management approach to IT Services Contract design 7. IT Portfolio Selection methods 8. Economics of Information Technology Outsourcing 9. Information technology process improvement 10. The international economics of information technology 11. Return On Investment as an indicator of success. 12. Measurement of information technology investment risks. 8 Educational-methodical and information support of discipline Textbooks Core reading 1. CISA Review Manual 2013. ISACA. 2013. ISBN 1604203005 / 978-1604203004 2. Peter Gregory. CISA Certified Information Systems Auditor All-in-One Exam Guide, 2nd Edition. McGraw-Hill Osborne Media; 2 edition. 2011. ISBN 0071769102 / 9780071769105 3. Richard E. Cascarino. Auditor's Guide to IT Auditing. Step-by-step guide to successful implementation and control of IT systems—including the Cloud. Wiley; 2 edition. 2012. ISBN 1118147618 / 978-1118147610. 13 "National Research University - Higher School of Economics" Program of Discipline " Information Systems Audit" for Master training direction 38.04.05 "Business Informatics" Extended reading 1. James A. Hall. Information Technology Auditing. South-Western College Pub; 3 edition. 2010. ISBN 1439079110 / 978-1439079119. 2. COBIT 5 ISACA, 2013. http://www.isaca.org/COBIT/Pages/Product-Family.aspx 3. Chris Davis, Mike Schiller, Kevin Wheeler. IT Auditing Using Controls to Protect Information Assets, 2nd Edition. -McGraw-Hill Osborne Media; -2011; 512p. 4. Craig S. Wright. IT Regulatory and Standards Compliance Handbook: How to Survive Information Systems Audit and Assessments. – Syngress; 2008. 750p. 5. Шеремет А.Д., Суйц В.П. Аудит. М. Инфра-М. 2009 ISBN 978-5-16-002517-9. (657 Ш492). 6. Insu Park. Ph.D.Thesis: Essays on Information Assurance. University of New York at Buffalo. 2010. UMI Number: 3423590. ProQuest LLC. 7. Asunur Cezar. Ph.D.Thesis: Essays On Information Security And Risk Management. The University of Texas at Dallas. 2009. UMI Number: 3391603. ProQuest LLC. 8. David Stamm. Ph.D.Thesis: Information Assurance Practice and Standards for Commercial Business. Walden University. 2011. UMI Number: 3457224. ProQuest LLC 9. Said Ghezal. Ph.D.Thesis: Information Assurance Alignment: A Study Of Performance Impacts. Capella University. 2011. UMI Number: 3443661. ProQuest LLC. 10. Kiron Ravindran. Ph.D.Thesis: Governance Mechanisms in Information Technology Outsourcing. UNIVERSITY OF CALIFORNIA, IRVINE. 2010. UMI Number: 3404761. ProQuest LLC. 9 Procedure for the formation of estimates on discipline Generating estimates of the discipline is made in accordance with the Regulations on the organization of the control of knowledge, approved by the Academic Council of the HSE. Calculation of the grade The grade for the course (Qfinal ) is determined as weighted average of follows marks: Q1-6 =1/6 Qi - the mark for progress tests, Qi = (1…10) – the mark for the topic i; Qe – the mark for the essay, Qe = (1…10); Qcs – the mark for the case study, Qcs = (1…10); Qexam– the mark for the exam Qexam = (1…10); Qfinal = 0,3 Q1-6 +0,2 Qe + 0,2 Qcs+ 0,3 Qexam 14 "National Research University - Higher School of Economics" Program of Discipline " Information Systems Audit" for Master training direction 38.04.05 "Business Informatics" 10 Inventory and logistics support of discipline Personal computer (laptop) and a projector are used for lectures and seminars. Technical equipment of computer classes may be used too. Author of the program Grekul V.I. 15