CISA (Certified Information Systems Auditor)

Basic Knowledge in the Information System

• Know the five major areas covered by CISA® certification
• Understand the concepts of IT audit and IT governance
• Preparing the CISA Certification Exam, ISACA Certified Security Auditor

Chapter 1: Information System Auditing Process

Part A: Planning

• IS Audit Standards, Guidelines and Code of Ethics
• Business Processes
• Type of controls
• Risk-Based Audit Planning
• Types of audits and Assessments

Part B: Execution

• Audit Project Management
• Sampling Methodology
• Audit Evidence Collection Techniques
• Data Analytics
• Reporting and communication Techniques
• Quality Assurance and Improvement of the Audit Process

Exercises: Multiple Choices Questions from previous CISA sessions (or comparable exams)

Chapter 2: Governance and Management of IT

Part A: IT Governance

• IT governance and IT Strategy
• IT-related frameworks
• IT Standards, Policies and Procedure
• Organizational Structure
• Enterprise Architecture
• Enterprise Risk Management
• Maturity Models
• Laws, Regulations and Industry Standards Affecting the organization

Part B: IT Management

• IT Resource Management
• IT Service Provider Acquisition and Management
• IT Performance Monitoring and Reporting
• Quality Assurance and Quality Management of IT

Exercises: Multiple Choices Questions from previous CISA sessions (or comparable exams)

Chapter 3: Information Systems Acquisition, Development and Implementation

Part A: Information Systems Acquisition and Development

• Project Governance and Management
• Business Case and Feasibility Analysis
• System Development Methodologies
• Control Identification and Design

Part B: Information System Implementation

• Testing Methodologies
• System Migration, Infrastructure Deployment and Data Conversion
• Post-implementation Review

Exercises: Multiple Choices Questions from previous CISA sessions (or comparable exams)

Chapter 4: Information Systems Operations and Business Resilience

Part A: Information Systems Operations

• Common Technology Components
• IT Asset Management
• Job Scheduling and Production Process Automation
• System interfaces
• End-User Computing
• Data Governance
• System Performance Management
• Problem and Incident Management
• Change, Configuration, Release and Patch Management
• IT Service Level Management
• Database Management

Part B: Business Resilience

• Business Impact Analysis
• System resiliency
• Data Backup, Storage and Restoration
• Business Continuity Plan
• Disaster Recovery Plan

Exercise: Multiple Choices Questions from previous CISA sessions (or comparable exams)

Chapter 5: Protection of Information Assets

Part A: Information Asset Security and Control

• Information Asset Security Frameworks, Standard and Guidelines
• Privacy Principles
• Physical Access and Environmental Controls
• Identity and Access Management
• Network and Endpoint Security
• Data Classification
• Data Encryption and Encryption-related Techniques
• Public Key Infrastructure
• Web-based Communication Technologies
• Virtualized environment
• Mobile, Wireless and Internet-of-things Devices

Part B: Security Event Management

• Security Awareness Training and Programs
• Information System Attack Methods and Techniques
• Security Testing Tools and Techniques
• Security Monitoring Tools and Techniques
• Incident Response Management
• Evidence Collection and Forensics

Exercises: Multiple Choices Questions from previous CISA sessions (or comparable exams)

Blank Exam - Partial simulation of the examination carried out at the end of the training.
Registration to be made on the site www.isaca.org, the closing of the registrations is done 2 months before the date of the examination.