Certified Information Systems Auditor (CISA®) Certification: (Second Edition)

Course Specifications

Course Description

• The Process of Auditing Information Systems
• Governance and Management of IT
• Information Systems Acquisition, Development, and Implementation
• Information Systems Operations, Maintenance and Support
• Protection of Information Assets

While this course will help prepare candidates for the CISA exam, it is not the only preparation that should be used. ISACA requires that the successful CISA candidate have at least five years of professional experience; because of this, the CISA exam will draw on material and experience that is beyond the scope of any single training course, most notably covering database administration, network components and theory, software and operating systems, and hardware devices. Candidates who wish to solidify their understanding of this material might choose to take additional training in these areas if they don’t feel their professional experience is sufficient.

Hardware Requirements

• A Pentium® III with 500 MHz (or better), or Macintosh® Intel-based or PowerPC G4 (or better) processor.
• At least 512 MB of RAM.
• A monitor capable of 1024 x 768 screen resolution and 32-bit color display.
• A projection system to display the overheads to the students.

Software Requirements

Each computer requires the following software:

• Microsoft® Office® 2003 or later.

Course Objectives

• implement information systems audit services in accordance with information systems audit standards, guidelines, and best practices.
• evaluate an organization's structure, policies, accountability, mechanisms, and monitoring practices.
• evaluate information systems acquisition, development, and implementation.
• evaluate the information systems operations, maintenance, and support of an organization; and evaluate the business continuity and disaster recovery processes used to provide assurance that in the event of a disruption, IT services are maintained.
• define the protection policies used to promote the confidentiality, integrity, and availability of information assets.

Course Content

Lesson 1: The Process of Auditing Information Systems

Topic 1A: ISACA Information Systems Auditing Standards and Guidelines

Topic 1B: Fundamental Business Processes

Topic 1C: Develop and Implement an Information Systems Audit Strategy

Topic 1D: Plan an Audit

Topic 1E: Conduct an Audit

Topic 1F: The Evidence Life Cycle

Topic 1G: Communicate Issues, Risks, and Audit Results

Topic 1H: Support the Implementation of Risk Management and Control Practices

Lesson 2: IT Governance and Management

Topic 2A: Evaluate the Effectiveness of IT Governance

Topic 2B: Evaluate the IT Organizational Structure and HR Management

Topic 2C: Evaluate the IT Strategy and Direction

Topic 2D: Evaluate IT Policies, Standards, and Procedures

Topic 2E: Evaluate the Effectiveness of Quality Management Systems

Topic 2F: Evaluate IT Management and Monitoring of Controls

Topic 2G: IT Resource Investment, Use, and Allocation Practices

Topic 2H: Evaluate IT Contracting Strategies and Policies

Topic 2I: Evaluate Risk Management Practices

Topic 2J: Performance Monitoring and Assurance Practices

Topic 2K: Evaluate the Organization's Business Continuity Plan

Lesson 3: Information Systems Acquisition, Development, and Implementation

Topic 3A: Evaluate the Business Case for Change

Topic 3B: Evaluate Project Management Frameworks and Governance Practices

Topic 3C: Development Life Cycle Management

Topic 3D: Perform Periodic Project Reviews

Topic 3E: Evaluate Control Mechanisms for Systems

Topic 3F: Evaluate Development and Testing Processes

Topic 3G: Evaluate Implementation Readiness

Topic 3H: Evaluate a System Migration

Topic 3I: Perform a Post-Implementation System Review

Lesson 4: Information Systems Operations, Maintenance, and Support

Topic 4A: Perform Periodic System Reviews

Topic 4B: Evaluate Service Level Management Practices

Topic 4C: Evaluate Third-Party Management Practices

Topic 4D: Evaluate Operations and End User Management Practices

Topic 4E: Evaluate the Maintenance Process

Topic 4F: Evaluate Data Administration Practices

Topic 4G: Evaluate the Use of Capacity and Performance Monitoring Methods

Topic 4H: Evaluate Change, Configuration, and Release Management Practices

Topic 4I: Evaluate Problem and Incident Management Practices

Topic 4J: Evaluate the Adequacy of Backup and Restore Provisions

Lesson 5: Protection of Information Assets

Topic 5A: Information Security Design

Topic 5B: Encryption Basics

Topic 5C: Evaluate the Functionality of the IT Infrastructure

Topic 5D: Evaluate Network Infrastructure Security

Topic 5E: Evaluate the Design, Implementation, and Monitoring of Logical Access Controls

Topic 5F: Risks and Controls of Virtualization

Topic 5G: Evaluate the Design, Implementation, and Monitoring of Data Classification Process

Topic 5H: Evaluate the Design, Implementation, and Monitoring of Physical Access Controls

Topic 5I: Evaluate the Design, Implementation, and Monitoring of Environmental Controls