New –Â New 2024 CISA – This course is designed for experienced information security professionals who are preparing to take the CISA exam.
CISA is the globally recognized gold standard for IS audit, control, and assurance, in demand and valued by leading global brands. It’s often a mandatory qualification for employment as an IT auditor. CISA holders have validated ability to apply a risk-based approach to planning, executing and reporting on audit engagements. This CISA training course provides you with in-depth coverage of the five CISA domains that are covered on the CISA exam. These domains include auditing information systems; IT governance and management of IT; information systems acquisition, development, and implementation; information systems operations and business resilience; and protection of information assets.
Is This The Right Course?
IT professionals must have 2+ years or more of IS audit, control, assurance and security experience.
Who Should Attend?
Early to mid-career professionals looking to gain recognition and enhanced credibility in interactions with internal and external stakeholders, regulators, and customers.
Job roles include:
- IT Audit Directors/Managers/Consultants
- IT and Internal Auditors
- Compliance/Risk/Privacy Directors
- IT Directors/Managers/Consultants
What You’ll Learn
- Prepare for and pass the Certified Information Systems Auditor (CISA) Exam
- Develop and implement a risk-based IT audit strategy in compliance with IT audit standards
- Evaluate the effectiveness of an IT governance structure
- Ensure that the IT organizational structure and human resources (personnel) management support the organization’s strategies and objectives
- Review the information security policies, standards, and procedures for completeness and alignment with generally accepted practices
Course Outline
Domain 1 – Information System Auditing Process
Topics:
- IS Audit Standards, Guidelines, Functions, and Codes of Ethics
- Types of Audits, Assessments, and Reviews
- Risk-based Audit Planning
- Types of Controls and Considerations
- Audit Project Management
- Audit Testing and Sampling Methodology
- Audit Evidence Collection Techniques
- Audit Data Analytics
- Reporting and Communication Techniques
- Quality Assurance and Improvement of Audit Process
Domain 2 – Governance and Management of IT
Topics
- Laws, Regulations, and Industry Standards
- Organizational Structure, IT Governance, and IT Strategy
- IT Policies, Standards, Procedures, and Guidelines
- Enterprise Architecture and Considerations
- Enterprise Risk Management (ERM)
- Privacy Program and Principles
- Data Governance and Classification
- IT Resource Management
- IT Vendor Management
- IT Performance Monitoring and Reporting
- Quality Assurance and Quality Management of IT
Domain 3 – Information Systems Acquisition, Development, and Implementation
Topics:
- Project Governance and Management
- Business Case and Feasibility Analysis
- System Development Methodologies
- Control Identification and Design
- System Readiness and Implementation Testing
- Implementation Configuration and Release Management
- System Migration, Infrastructure Deployment, and Data Conversion
- Postimplementation Review
Domain 4 – Information Systems Operations and Business Resilience
Topics:
- IT Components
- IT Asset Management
- Job Scheduling and Production Process Automation
- System Interfaces • End-user Computing and Shadow IT
- Systems Availability and Capacity Management
- Problem and Incident Management
- IT Change, Configuration, and Patch Management
- Operational Log Management
- IT Service Level Management
- Database Management
- Business Impact Analysis
- System and Operational Resilience
- Data Backup, Storage, and Restoration
- Business Continuity Plan
- Disaster Recovery Plans
Domain 5 – Protection of Information Assets
Topics:
- Information Asset Security Policies, Frameworks, Standards, and Guidelines
- Physical and Environmental Controls
- Identity and Access Management
- Network and End-Point Security
- Data Loss Prevention
- Data Encryption
- Public Key Infrastructure (PKI)
- Cloud and Virtualized Environments
- Mobile, Wireless, and Internet-of-Things Devices
- Security Awareness Training and Programs
- Information System Attack Methods and Techniques
- Security Testing Tools and Techniques
- Security Monitoring Logs, Tools, and Techniques
- Security Incident Response Management • Evidence Collection and Forensics
Prerequisites
IT professionals must have 2+ years or more of IS audit, control, assurance and security experience.
Related Certifications
IT professionals must have 5 years or more of IS audit, control, assurance and security experience and pass the CISA exam.
- CISA – Certified Information Systems Auditor
Lessons:
