Certified Information Systems Auditor (CISA®) Certification

Course Specifications

Course Description

• IS Audit Process
• IT Governance
• Systems and Infrastructure Lifecycle Management
• IT Service Delivery and Support
• Protection of Information Assets
• Business Continuity and Disaster Recovery

While this course will help prepare candidates for the CISA exam, it is not the only preparation that should be used. ISACA requires that the successful CISA candidate have at least five years of professional experience; because of this, the CISA exam will draw on material and experience that is beyond the scope of any single training course, most notably covering database administration, network components and theory, software and operating systems, and hardware devices. Candidates who wish to solidify their understanding of this material might choose to take additional training in these areas if they don’t feel their professional experience is sufficient.

Hardware Requirements

• A Pentium® III with 500 MHz (or better), or Macintosh® Intel-based or PowerPC G4 (or better) processor.
• At least 512 MB of RAM.
• A monitor capable of 1024 x 768 screen resolution and 32-bit color display.
• A projection system to display the overheads to the students.

Software Requirements

Each computer requires the following software:

• Microsoft® Windows® 7, Windows Vista®, Windows XP (Professional or Home Edition), Windows 2000, or Apple® Mac OS® X 10.4 (or higher).

Course Objectives

• implement information systems audit services in accordance with information systems audit standards, guidelines, and best practices.
• evaluate an organization's structure, policies, accountability, mechanisms, and monitoring practices.
• evaluate an organization's systems and infrastructure lifecycle management practices.
• perform the post-implementation tasks needed to determine if the changes made were done correctly, meet their objectives, and are being properly maintained.
• evaluate the IT service delivery and support of an organization.
• define the protection policies used to promote the confidentiality, integrity, and availability of information assets.
• evaluate the business continuity and disaster recovery processes used to provide assurance that in the event of a disruption, IT services are maintained.

Course Content

Lesson 1: The Information Systems Audit Process

Topic 1A: ISACA Information Systems Auditing Standards and Guidelines

Topic 1B: Develop and Implement an Information Systems Audit Strategy

Topic 1C: Plan an Audit

Topic 1D: Conduct an Audit

Topic 1E: The Evidence Lifecycle

Topic 1F: Communicate Issues, Risks, and Audit Results

Topic 1G: Support the Implementation of Risk Management and Control Practices

Lesson 2: IT Governance

Topic 2A: Evaluate the Effectiveness of IT Governance

Topic 2B: Evaluate the IT Organizational Structure

Topic 2C: Evaluate the IT Strategy

Topic 2D: Evaluate IT Policies, Standards, and Procedures for Compliance

Topic 2E: Ensure Organizational Compliance

Topic 2F: IT Resource Investment, Use, and Allocation Practices

Topic 2G: Evaluate IT Contracting Strategies and Policies

Topic 2H: Evaluate Risk Management Practices

Topic 2I: Performance Monitoring and Assurance Practices

Lesson 3: Systems and Infrastructure Lifecycle Management

Topic 3A: Determine the Business Case for Change

Topic 3B: Evaluate Project Management Frameworks and Governance Practices

Topic 3C: Perform Periodic Project Reviews

Topic 3D: Evaluate Control Mechanisms for Systems

Topic 3E: Evaluate Development and Testing Processes

Topic 3F: Evaluate Implementation Readiness

Topic 3G: Evaluate a System Migration

Lesson 4: Systems and Infrastructure Lifecycle Maintenance

Topic 4A: Perform a Post-Implementation System Review

Topic 4B: Perform Periodic System Reviews

Topic 4C: Evaluate the Maintenance Process

Topic 4D: Evaluate the Disposal Process

Lesson 5: IT Service Delivery and Support

Topic 5A: Evaluate Service Level Management Practices

Topic 5B: Evaluate Operations Management

Topic 5C: Evaluate Data Administration Practices

Topic 5D: Evaluate the Use of Capacity and Performance Monitoring Methods

Topic 5E: Evaluate Change, Configuration, and Release Management Practices

Topic 5F: Evaluate Problem and Incident Management Practices

Topic 5G: Evaluate the Functionality of the IT Infrastructure

Lesson 6: Protection of Information Assets

Topic 6A: Information Security Design

Topic 6B: Encryption Basics

Topic 6C: Evaluate the Design, Implementation, and Monitoring of Logical Access Controls

Topic 6D: Evaluate the Design, Implementation, and Monitoring of Physical Access Controls

Topic 6E: Evaluate the Design, Implementation, and Monitoring of Environmental Controls

Topic 6F: Evaluate Network Infrastructure Security

Topic 6G: Evaluate the Confidential Information Processes and Procedures

Lesson 7: Business Continuity and Disaster Recovery

Topic 7A: Evaluate the Adequacy of Backup and Restore

Topic 7B: Evaluate the BCP and DRP