ISACA Certified Information Systems Auditor (CISA)

Overview

The CISA designation is a globally recognized certification for IS audit control, assurance and security professionals. Being CISA-certified showcases your audit experience, skills and knowledge, and demonstrates you are capable to manage vulnerabilities, ensure compliance and institute controls within the enterprise.

The CISA exam is offered three times each year (June, September, and December), consists of 200 multiple-choice questions, and is focused on the five domains defined by ISACA.

Audience Profile

IS audit, control, assurance, and security professionals, including IT consultants, auditors, managers, security policy writers, privacy officers, information security officers, network administrators, security device administrators, and security engineers, who have five years of experience with audit, IT systems, and security of information systems.

Prerequisite(s) Recommended

Systems administration experience, familiarity with TCP/IP, and an understanding of UNIX, Linux, and Windows. This advanced course also requires intermediate-level knowledge of the security concepts covered in our Security+ Prep Course.

  • CompTIA Security+ (SYO-301)

Course Outline

1 – The Process of Auditing Information Systems

  • ISACA Information Systems Auditing Standards and Guidelines
  • Fundamental Business Processes
  • Develop and Implement an Information Systems Audit Strategy
  • Plan an Audit
  • Conduct an Audit
  • The Evidence Life Cycle
  • Communicate Issues, Risks, and Audit Results
  • Support the Implementation of Risk Management and Control Practices

2 – IT Governance and Management

  • Evaluate the Effectiveness of IT Governance
  • Evaluate the IT Organizational Structure and HR Management
  • Evaluate the IT Strategy and Direction
  • Evaluate IT Policies, Standards, and Procedures
  • Evaluate the Effectiveness of Quality Management Systems
  • Evaluate IT Management and Monitoring of Controls
  • IT Resource Investment, Use, and Allocation Practices
  • Evaluate IT Contracting Strategies and Policies
  • Evaluate Risk Management Practices
  • Performance Monitoring and Assurance Practices
  • Evaluate the Organizations Business Continuity Plan

3 – Information Systems Acquisition, Development, and Implementation

  • Evaluate the Business Case for Change
  • Evaluate Project Management Frameworks and Governance Practices
  • Development Life Cycle Management
  • Perform Periodic Project Reviews
  • Evaluate Control Mechanisms for Systems
  • Evaluate Development and Testing Processes
  • Evaluate Implementation Readiness
  • Evaluate a System Migration
  • Perform a Post-Implementation System Review

4 – Information Systems Operations, Maintenance, and Support

  • Perform Periodic System Reviews
  • Evaluate Service Level Management Practices
  • Evaluate Third-Party Management Practices
  • Evaluate Operations and End User Management Practices
  • Evaluate the Maintenance Process
  • Evaluate Data Administration Practices
  • Evaluate the Use of Capacity and Performance Monitoring Methods
  • Evaluate Change, Configuration, and Release Management Practices
  • Evaluate Problem and Incident Management Practices
  • Evaluate the Adequacy of Backup and Restore Provisions

5 – Protection of Information Assets

  • Information Security Design
  • Encryption Basics
  • Evaluate the Functionality of the IT Infrastructure
  • Evaluate Network Infrastructure Security
  • Evaluate the Design, Implementation, and Monitoring of Logical Access Controls
  • Risks and Controls of Virtualization
  • Evaluate the Design, Implementation, and Monitoring of Data Classification Process
  • Evaluate the Design, Implementation, and Monitoring of Physical Access Controls
  • Evaluate the Design, Implementation, and Monitoring of Environmental Controls

 

Information Security