Certified Information Systems Auditor or CISA is a globally recognized certification for IS (Information Security) audit control, assurance and security professionals. Being a CISA certified, you will get to showcase your audit experience, skills and knowledge; and prove that you are capable to assess vulnerabilities, report on compliance and institute controls within the enterprise. In this 4-day instructor-led course, participants will equip with the effective skills necessary to defend against unauthorized admittance to information.
Course Outline
Lesson 1: Information Systems Audit Process
- ISACA IS Auditing Standards, Guidelines
- Fundamental Business Processes
- Systems Audit Strategy
- Plan an Audit
- Conduct an Audit
- The Evidence Life Cycle
- Communicate Issues, Risks, and Audit Results
- Support the Implementation of Risk
- Management and Control Practices
Lesson 2: IT Governance
- Evaluate the Effectiveness of IT Governance
- Evaluate the IT Organization Structure and HR Management
- Evaluate the IT Strategy and Direction
- Evaluate the Effectiveness of Quality Management Systems
- Evaluate IT Management and Monitoring Controls
- IT Resource Investment, Use and Allocation Practices
- Evaluate IT Contracting Strategies and Policies
- Evaluate Risk Management Practices
- Performance Monitoring and Assurance Practices
- Evaluate the Organizations Business Continuity Plan
Lesson 3: Information Systems Acquisition, Development, and Implementation
- Evaluate the Business Case for Change
- Evaluate Project Management Framework and Governance Practices
- Development Life Cycle Management
- Perform Periodic Project Reviews
- Evaluate Control Mechanisms for Systems
- Evaluate Development and Testing Processes
- Evaluate Implementation Readiness
- Evaluate a System Migration
- Perform a Post-Implementation System Review
Lesson 4: Information Systems Operations, Maintenance, and Support
- Perform Periodic System Reviews
- Evaluate Service Level Management Practices
- Evaluate Third-Party Management Practices
- Evaluate Operations and End User Management Practices
- Evaluate the Maintenance Process
- Evaluate Data Administration Practices
- Evaluate the Use of Capacity and Performance Monitoring Methods
- Evaluate Change, Configuration, and Release Management Practices
- Evaluate Problem and Incident Management Practices
- Evaluate the Adequacy of Backup and Restore Provisions
Lesson 5: Protection of Information Assets
- Information Security Design
- Encryption Basics
- Evaluate the Functionality of the IT Infrastructure
- Evaluate Network Infrastructure Security
- Evaluate the Design, Implementation, and Monitoring of Logical Access Controls
- Risks and Controls of Virtualization
- Evaluate the Design, Implementation, and Monitoring of Physical Access Controls
- Evaluate the Design, Implementation, and Monitoring of Environmental Controls