CISA

A globally recognized certification that ensures you to gain deep insight on audit experience, knowledge and skills and indicate your capability to assess vulnerabilities and follow compliance of laws stated by the government.

It is a course in which you get to learn to audit Information security. The course enables you to match the standards defined by ISO 27001 that requires organizations to have internal and external audit and acquire skills that are in huge demand today. It is meant for Information technology professionals who audit, monitor, access, and control data.

Basically, the Job Practice helps in understanding the tasks performed representing work done in Information Systems Audit, Assurance and Control. These practices will also serve as the basis for Certification exam. The CISA exam contains 150 Multiple choice questions for testing new Job Practices. The Certification will contain 5 IS audit, control or security areas.

Content:

• Domain 1 : The Process of Auditing Information Systems
• Develop a risk-based strategy for IT audit
• To Plan Specific Audits Conducting audits
• as per IS audit standards
• Implementing Risk management & Control Practices
• Domain 2 : Governance and Management of IT
• To evaluate effectiveness of IT Governance structure
• Organisational Structure, IT and HRM
• Design IT Policies, Standards and Procedures for Organization
• Check adequacy of QMS
• IT management & Monitoring controls
• IT Resource Investment
• IT Contracting strategies and Policies
• Managing IT-related risks in Organisation
• Monitoring & assurance practices
• Knowledge of SOPs for Business Continuity Plan (BCP)
• Domain 3 : Information Systems Acquisition, Development and Implementation
• Benefits realization knowledge through Feasibility studies, business Cases, TCO (Total cost of Ownership) & ROI (Return on Investment)
• Knowledge about Project management control
• Frameworks, Practices and Controls Risk Management practices in Projects
• Requirement analysis and Management practices fluency
• Readiness for Enterprise architecture related to Data, applications and technology
• Configuration and Release Management details related to Information system
• SDLC Related Testing Methodologies and Practices
• Domain 4 : Information Systems Operations, Maintenance and Service Management
• Knowledge of Frameworks related to Service Management
• Deep understanding of Service management Practices and Service level Management
• Conduct periodic reviews of organisations objectives
• Third Party Management expertise
• Operations & End-user procedures for scheduled & non-scheduled processes
• Expertise in system resiliency tools & techniques such as Clustering & others
• Process of Information systems maintenance
• Database administration practices knowledge
• Capacity planning and related monitoring tools & techniques
• Problem and Incident management practices such as Help Desk, tracking
• Process Knowledge including Change, configuration & Release management Practices
• Knowledge of Data backup, storage, retention and restoration of provisions
• Disaster recovery plan in the event of a disaster
• Domain 5 : Protection of Information Assets
• Designing, Implementation and monitoring of Security controls
• Monitoring and responding to security incidents
• Logical access controls for identification, authentication and restriction of users
• Security controls related to hardware, system software and DBMS
• Risks and controls associated with virtualization of systems
• Configuration, implementation, operation & maintenance of NetworkSecurity controls
• Processes and procedures to store, retrieve, transport and dispose of information assets