This course is designed for auditors and information security professionals who intend to take the Certified Information Systems Auditor (CISA) examination. Recognized internationally, CISA certification is issued by the Information Systems Audit and Control Association (ISACA). The curriculum covers all five of the key domains addressed in the exam: The Process of Auditing Information Systems, Governance and Management of IT, Information Systems Acquisition, Development and Implementation, Information Systems Operations, Maintenance and Support, Protection of Information Assets.
The course is aimed at candidates and prospective candidates for the CISA examination and those wishing to expand their knowledge in the field of Information Systems Auditing.
At the end of this course, students must be able to:
- Establish and maintain a framework to provide assurance that information security strategies are aligned with business objectives and consistent with applicable laws and regulations.
- Identify and manage information security risks to achieve business objectives.
- Design, develop and manage an information security program to implement the information security governance framework.
- Oversee and direct information security activities to execute the information security program.
- Develop and manage a capability to respond to and recover from disruptive and destructive information security events.
- Participants must possess basic knowledge about the different domains that will be addressed in the CISA exam. The course is an intensive review in preparation for the examination, not basic training.
- Participants must understand English since the provided documentation is written in that language.
- Provide IS audit services in accordance with IS audit standards, guidelines, and best practices to assist the organization in ensuring that its information technology and business systems are protected and controlled;
- Provide assurance that the organization has the structure, policies, accountability, mechanisms, and monitoring practices in place to achieve the requirements of corporate governance of IT. Systems and Infrastructure;
- Provide assurance that the management practices for the development/acquisition, testing, implementation, maintenance, and disposal of systems and infrastructure will meet the organization’s objectives;
- Provide assurance that the IT service management practices will ensure the delivery of the level of services required to meet the organization´s objectives;
- Provide assurance that the security architecture (policies, standards, procedures, and controls) ensures the confidentiality, integrity, and availability of information assets;
- Provide assurance that in the event of a disruption the business continuity and disaster recovery processes will ensure the timely resumption of IT services while minimizing the business impact.
This 5-day course will cover the 5 CISA domains:
1 – Examination presentation, the process of auditing information systems
- Concepts of IS Audit
- The Organisation and its Internal Control Environment
- Legal Regulatory and Normative Frameworks
- Management of IS Audit
- Performing IS Audit
- Evidence Collection Techniques
- Ethics and Professional Conduct
2 – Governance and Management of IT
- Corporate and IT Governance
- Information Security Governance
- Business Architecture
- Risk Management
- Management Practices
- Monitoring and Process Improvement
- Business Continuity and Recovery
- Business Impact Assessment
- Contingency and Recovery Plan and Strategy Execution
- Auditing Continuity and Recovery Plans
3 – Information Systems Acquisition, Development, and Implementation
- Business Realization
- Project Management Structure
- Project Management Practices
- Business Application Development
- Alternative Forms of Business Software Development
- Infrastructure Acquisition and Implementation
- IS Maintenance Practices
- System Development and Productivity Tools
- Process Improvement Practices
- Application Controls
- Auditing Application Controls
- Auditing Systems Acquisition, Development and Implementation
- Business Applications
4 – Information Systems Operations, Maintenance and Support
- IS Operations
- IS Hardware
- IS Architecture and Software
- IS Network Infrastructure
- Auditing Infrastructure and Operations
- Continuity and Recovery Strategy
- Plan Testing
- Backup and Restore
5 – Protection of Information Assets
- Information Security Management
- Logical Access Control
- Network Infrastructure Security
- Auditing Information Security Management Framework
- Auditing Network and Infrastructure Security
- Physical and Environmental Security
- Mobile Computing
6 – Exam Preparation
- Practice Exam, questions-answers. In addition to the Practice Exam daily practice tests will also be delivered in order to help students test their specific knowledge of each individual domain.
Exam and Certification
The certification exam is not included with the course. To apply for the examination, go to the official web site of the ISACA (www.isaca.org).
CISM certification is based on a multiple-choice exam (in English or French) consisting of 200 questions about the 5 domains – Length: 4 hours.
If you would like to discuss your training needs in more detail, please call us on 0203 728 6555, or send us a message using the form below and a training consultant will be in touch.