Certified Information Systems Auditor (CISA)

The Certified Information Systems Auditor (CISA) is a certification offered by the Information Systems Audit and Control Association (ISACA).

The CISA certification is a globally recognized certification for Information Systems Auditors, and it is considered the de facto standard for professionals in the field of information systems and audit.

This certification is designed to validate a professional's knowledge and experience in auditing, information security and business processes. It also demonstrates a level of commitment to the field, providing proof of the qualifications of professional IT auditors.

This course is intended to prepare an individual to take the CISA certification exam. The course covers the domains required to pass the exam and provides practical examples to help understand the concepts.

Topics covered in the CISA course include information systems and audit fundamentals, enterprise architecture, risk assessment and management, audit process, IT governance and controls, automation and security, and compliance.

The CISA course is useful for anyone looking to improve their information systems auditing skills or take the CISA certification exam. The course provides the practical understanding needed to demonstrate knowledge in the topics covered in the CISA exam.

Since the CISA exam is a comprehensive examination of the skills, the course can also help professionals develop their abilities in areas they may have been previously unfamiliar with, giving them an edge in their career.

Course Prerequisites

The prerequisites for Certified Information Systems Auditor-CISA training is a bachelor's degree in a related information systems field, such as computer science or information technology.

If a person does not have a college degree, then a minimum of five years of auditing and information systems work experience is needed.

Previous auditing experience and understanding of business processes, information systems, and IT infrastructure is highly recommended before signing up for the training.

Target Audience

• The Certified Information Systems Auditor-CISA training is targeted toward IT professionals who have at least five years of experience in security and IT audit, control and information technology governance, such as chief information officers, audit managers and directors, IT directors, IT security managers, information security analysts and other experienced IT auditors

• This training is also ideal for IT consultants and professionals interested in pursuing a career in the domain of IT systems auditing and control

• The training provides a comprehensive overview of the principles and practices of information systems auditing and control, as well as insights into how the profession has evolved over time

• This training is essential for IT professionals who want to maintain and demonstrate their knowledge of CISA standards and stay current on ever-changing audit and control technologies

Learning Objectives Of Certified Information Systems Auditor-CISA

• Understand and recognize the purpose, scope, objectives and tasks of information systems and management.

• Develop an approach to develop, execute and maintain effective systems audit and management programs.

• Comprehend the security policies and procedures of information systems, including user access and rights management, system change control, backup, disaster recovery and system testing.

• Enhance knowledge about IS control structures and be able to conduct audit testing and evaluation for information systems auditing.

• Consider the concepts and analysis of risk assessment and management.

• Recognise ethical considerations when conducting information systems audits.

• Evaluation existing and new systems against CISA principles and standards.

• Identify audit objectives, assemble the audit approach and develop audit plans.

• Comprehend the audit process, report preparation, and management letter.

• Understand the basic security concepts and strategies.

• Demonstrate best practices for business continuity and disaster recovery.

• Evaluate data protection and information security management procedures.

You Will Learn:

 Information Systems Auditing Process - (21%)

• Planning

• IS Audit Standards, Guidelines, and Codes of Ethics

• Business Processes

• Types of Controls

• Risk-Based Audit Planning

• Types of Audits and Assessments

• Execution

• Audit Project Management

• Sampling Methodology

• Audit Evidence Collection Techniques

• Data Analytics

• Reporting and Communication Techniques

 Governance and Management of IT - (17%)

• IT Governance

• IT Governance and IT Strategy

• IT-Related Frameworks

• IT Standards, Policies, and Procedures

• Organizational Structure

• Enterprise Architecture

• Enterprise Risk Management

• Maturity Models

• Laws, Regulations, and Industry Standards affecting the Organization

• IT Management

• IT Resource Management

• IT Service Provider Acquisition and Management

• IT Performance Monitoring and Reporting

• Quality Assurance and Quality Management of IT

 Information Systems Acquisition, Development and Implementation - (12%)

• Information Systems Acquisition and Development

• Project Governance and Management

• Business Case and Feasibility Analysis

• System Development Methodologies

• Control Identification and Design

• Information Systems Implementation

• Testing Methodologies

• Configuration and Release Management

• System Migration, Infrastructure Deployment, and Data Conversion

• Post-implementation Review

Information Systems Operations And Business Resilience - (23%)

• Problem and Incident Management

• Change, Configuration, Release, and Patch Management

• IT Service Level Management

• Database Management

• Business Resilience

• Business Impact Analysis (BIA)

• System Resiliency

• Data Backup, Storage, and Restoration

• Business Continuity Plan (BCP)

• Disaster Recovery Plans (DRP)??

 Protection of Information Assets - (27%)

• Information Asset Security and Control

• Information Asset Security Frameworks, Standards, and Guidelines

• Privacy Principles

• Physical Access and Environmental Controls

• Identity and Access Management

• Network and End-Point Security

• Data Classification

• Data Encryption and Encryption-Related Techniques

• Public Key Infrastructure (PKI)

• Web-Based Communication Techniques

• Virtualized Environments

• Mobile, Wireless, and Internet-of-Things (IoT) Devices

• Security Event Management

• Security Awareness Training and Programs

• Information System Attack Methods and Techniques

• Security Testing Tools and Techniques

• Security Monitoring Tools and Techniques

• Incident Response Management

• Evidence Collection and Forensics

• Supporting Tasks

• Get 1-on-1 session with our expert trainers at a date & time of your convenience.

• Start your session at a date of your choice-weekend & evening slots included, and reschedule if necessary.

• Training never been so convenient- attend training sessions 4-hour long for easy learning.