Certified Information Systems Auditor (CISA®) Certification

Course Specifications

Course number: 085056
Course length: 5.0 day(s)

Course Description

Course Objective: You will perform evaluations of organizational policies, procedures, and processes to ensure that an organization's information systems align with overall business goals and objectives.

Target Student: The intended audience for this course is information systems security professionals and internal review auditors and other individuals who have an interest in aspects of information systems audit, controls, and security.

Prerequisites: Students taking this course should have a minimum of five years of professional information systems auditing, control, or security work experience as described in the CISA job practice domain areas:

IS Audit Process
IT Governance
Systems and Infrastructure Lifecycle Management
IT Service Delivery and Support
Protection of Information Assets
Business Continuity and Disaster Recovery

While this course will help prepare candidates for the CISA exam, it is not the only preparation that should be used. ISACA requires that the successful CISA candidate have at least five years of professional experience; because of this, the CISA exam will draw on material and experience that is beyond the scope of any single training course, most notably covering database administration, network components and theory, software and operating systems, and hardware devices. Candidates who wish to solidify their understanding of this material might choose to take additional training in these areas if they don’t feel their professional experience is sufficient.

Hardware Requirements

This course is designed so that it can be run without computer hardware or software for students. If the instructor wants to use the overheads provided on the course CD-ROM, the following hardware will be required.

A Pentium® III with 500 MHz (or better), or Macintosh® Intel-based or PowerPC G4 (or better) processor.
At least 512 MB of RAM.
A monitor capable of 1024 x 768 screen resolution and 32-bit color display.
A projection system to display the overheads to the students.

Software Requirements

Each computer requires the following software:

Microsoft® Windows® 7, Windows Vista®, Windows XP (Professional or Home Edition), Windows 2000, or Apple® Mac OS® X 10.4 (or higher).

Course Objectives

Upon successful completion of this course, students will be able to:

implement information systems audit services in accordance with information systems audit standards, guidelines, and best practices.
evaluate an organization's structure, policies, accountability, mechanisms, and monitoring practices.
evaluate an organization's systems and infrastructure lifecycle management practices.
perform the post-implementation tasks needed to determine if the changes made were done correctly, meet their objectives, and are being properly maintained.
evaluate the IT service delivery and support of an organization.
define the protection policies used to promote the confidentiality, integrity, and availability of information assets.
evaluate the business continuity and disaster recovery processes used to provide assurance that in the event of a disruption, IT services are maintained.

Course Content

Lesson 1: The Information Systems Audit Process: Topic 1A: ISACA Information Systems Auditing Standards and Guidelines; Topic 1B: Develop and Implement an Information Systems Audit Strategy; Topic 1C: Plan an Audit; Topic 1D: Conduct an Audit; Topic 1E: The Evidence Lifecycle; Topic 1F: Communicate Issues, Risks, and Audit Results; Topic 1G: Support the Implementation of Risk Management and Control Practices

Lesson 2: IT Governance: Topic 2A: Evaluate the Effectiveness of IT Governance; Topic 2B: Evaluate the IT Organizational Structure; Topic 2C: Evaluate the IT Strategy; Topic 2D: Evaluate IT Policies, Standards, and Procedures for Compliance; Topic 2E: Ensure Organizational Compliance; Topic 2F: IT Resource Investment, Use, and Allocation Practices; Topic 2G: Evaluate IT Contracting Strategies and Policies; Topic 2H: Evaluate Risk Management Practices; Topic 2I: Performance Monitoring and Assurance Practices

Lesson 3: Systems and Infrastructure Lifecycle Management: Topic 3A: Determine the Business Case for Change; Topic 3B: Evaluate Project Management Frameworks and Governance Practices; Topic 3C: Perform Periodic Project Reviews; Topic 3D: Evaluate Control Mechanisms for Systems; Topic 3E: Evaluate Development and Testing Processes; Topic 3F: Evaluate Implementation Readiness; Topic 3G: Evaluate a System Migration

Lesson 4: Systems and Infrastructure Lifecycle Maintenance: Topic 4A: Perform a Post-Implementation System Review; Topic 4B: Perform Periodic System Reviews; Topic 4C: Evaluate the Maintenance Process; Topic 4D: Evaluate the Disposal Process

Lesson 5: IT Service Delivery and Support: Topic 5A: Evaluate Service Level Management Practices; Topic 5B: Evaluate Operations Management; Topic 5C: Evaluate Data Administration Practices; Topic 5D: Evaluate the Use of Capacity and Performance Monitoring Methods; Topic 5E: Evaluate Change, Configuration, and Release Management Practices; Topic 5F: Evaluate Problem and Incident Management Practices; Topic 5G: Evaluate the Functionality of the IT Infrastructure

Lesson 6: Protection of Information Assets: Topic 6A: Information Security Design; Topic 6B: Encryption Basics; Topic 6C: Evaluate the Design, Implementation, and Monitoring of Logical Access Controls; Topic 6D: Evaluate the Design, Implementation, and Monitoring of Physical Access Controls; Topic 6E: Evaluate the Design, Implementation, and Monitoring of Environmental Controls; Topic 6F: Evaluate Network Infrastructure Security; Topic 6G: Evaluate the Confidential Information Processes and Procedures

Lesson 7: Business Continuity and Disaster Recovery: Topic 7A: Evaluate the Adequacy of Backup and Restore; Topic 7B: Evaluate the BCP and DRP

Appendix A: ISACA® CISA® Certification Process