{\rtf1\ansi\ansicpg1252\deff0\deflang1033\deflangfe1033{\fonttbl{\f0\froman\fprq2\fcharset0 Times New Roman;}{\f1\fswiss\fprq2\fcharset0 Arial;}{\f2\froman\fprq2\fcharset2 Symbol;}} {\colortbl ;\red0\green0\blue0;} {\stylesheet{ Normal;}{\s1 heading 1;}{\s2 heading 2;}{\s3 heading 3;}} {\*\generator Msftedit 5.41.15.1507;}\viewkind4\uc1\pard\f0\fs24\par \pard\s2\sb100\sa100\cf1\b\f1\fs36 Certified Information Systems Auditor (CISA\'ae) Certification: (Second Edition) - Preliminary\par \pard\s3\sb100\sa100\fs27 Course Specifications\par \pard\fs24 Course number:\~\b0 085722\line\b Course length:\~\b0 5.0 day(s)\cf0\f0\par \pard\s3\sb100\sa100\cf1\b\f1\fs27 Course Description\cf0\f0\par \pard\cf1\f1\fs24 Course Objective:\~\b0 You will perform evaluations of organizational policies, procedures, and processes to ensure that an organization's information systems align with overall business goals and objectives.\line\line\b Target Student:\~\b0 The intended audience for this course is information systems security professionals and internal review auditors and other individuals who have an interest in aspects of information systems audit, controls, and security.\line\line\b Prerequisites:\~\b0 Students taking this course should have a minimum of five years of professional information systems auditing, control, or security work experience as described in the CISA job practice domain areas:\cf0\f0\par \pard\fi-360\li720\sb100\sa100\tx720\cf1\f2\fs20\'b7\tab\f1\fs24 The Process of Auditing Information Systems\cf0\f0\par \pard\fi-360\li720\sb100\sa100\cf1\f2\fs20\'b7\tab\f1\fs24 Governance and Management of IT\par \f2\fs20\'b7\tab\f1\fs24 Information Systems Acquisition, Development, and Implementation\par \f2\fs20\'b7\tab\f1\fs24 Information Systems Operations, Maintenance and Support\par \f2\fs20\'b7\tab\f1\fs24 Protection of Information Assets\par \pard\sb100\sa100 While this course will help prepare candidates for the CISA exam, it is not the only preparation that should be used. ISACA requires that the successful CISA candidate have at least five years of professional experience; because of this, the CISA exam will draw on material and experience that is beyond the scope of any single training course, most notably covering database administration, network components and theory, software and operating systems, and hardware devices. Candidates who wish to solidify their understanding of this material might choose to take additional training in these areas if they don\rquote t feel their professional experience is sufficient.\par \pard\s3\sb100\sa100\b\fs27 Hardware Requirements\par \pard\fi-360\li720\sb100\sa100\tx720\b0\f2\fs20\'b7\tab\f1\fs24\par \pard\fi-360\li720\sb100\sa100\f2\fs20\'b7\tab\f1\fs24\par \pard\s3\sb100\sa100\b\fs27 Software Requirements\par \pard\sb100\sa100\b0\fs24 Each computer requires the following software:\par \pard\fi-360\li720\sb100\sa100\tx720\f2\fs20\'b7\tab\f1\fs24\par \pard\fi-360\li720\sb100\sa100\f2\fs20\'b7\tab\f1\fs24\par \pard\s3\sb100\sa100\b\fs27 Course Objectives\par \pard\b0\fs24 Upon successful completion of this course, students will be able to:\cf0\f0\par \pard\fi-360\li720\sb100\sa100\tx720\cf1\f2\fs20\'b7\tab\f1\fs24 implement information systems audit services in accordance with information systems audit standards, guidelines, and best practices.\cf0\f0\par \pard\fi-360\li720\sb100\sa100\cf1\f2\fs20\'b7\tab\f1\fs24 evaluate an organization's structure, policies, accountability, mechanisms, and monitoring practices.\par \f2\fs20\'b7\tab\f1\fs24 evaluate information systems acquisition, development, and implementation. You will also perform the post-implementation tasks needed to determine if the changes made were done correctly, meet their objectives, and are being properly maintained / perform a post-implementation review.\par \f2\fs20\'b7\tab\f1\fs24 evaluate the information systems operations, maintenance, and support of an organization; and evaluate the business continuity and disaster recovery processes used to provide assurance that in the event of a disruption, IT services are maintained; evaluating the overall BCP and DRP.\par \f2\fs20\'b7\tab\f1\fs24 define the protection policies used to promote the confidentiality, integrity, and availability of information assets.\par \pard\s3\sb100\sa100\b\fs27 Course Content\par \pard\fs24 Lesson 1: The Process of Auditing Information Systems\par \b0\par \pard\li720\b Topic 1A:\~\b0 ISACA Information Systems Auditing Standards and Guidelines\par \b Topic 1B:\~\b0 Fundamental Business Processes\par \b Topic 1C:\~\b0 Develop and Implement an Information Systems Audit Strategy\par \b Topic 1D:\~\b0 Plan an Audit\par \b Topic 1E:\~\b0 Conduct an Audit\par \b Topic 1F:\~\b0 The Evidence Lifecycle\par \b Topic 1G:\~\b0 Communicate Issues, Risks, and Audit Results\par \b Topic 1H:\~\b0 Support the Implementation of Risk Management and Control Practices\par \pard\b Lesson 2: IT Governance and Management\par \b0\par \pard\li720\b Topic 2A:\~\b0 Evaluate the Effectiveness of IT Governance\par \b Topic 2B:\~\b0 Evaluate the IT Organizational Structure and HR Management\par \b Topic 2C:\~\b0 Evaluate the IT Strategy and Direction\par \b Topic 2D:\~\b0 Evaluate IT Policies, Standards, and Procedures\par \b Topic 2E:\~\b0 Evaluate the Effectiveness of Quality Management Systems\par \b Topic 2F:\~\b0 Evaluate IT Management and Monitoring of Controls\par \b Topic 2G:\~\b0 IT Resource Investment, Use, and Allocation Practices\par \b Topic 2H:\~\b0 Evaluate IT Contracting Strategies and Policies\par \b Topic 2I:\~\b0 Evaluate Risk Management Practices\par \b Topic 2J:\~\b0 Performance Monitoring and Assurance Practices\par \b Topic 2K:\~\b0 Evaluate the Organization's Business Continuity Plan\par \pard\b Lesson 3: Information Systems Acquisition, Development, and Implementation\par \b0\par \pard\li720\b Topic 3A:\~\b0 Evaluate the Business Case for Change\par \b Topic 3B:\~\b0 Evaluate Project Management Frameworks and Governance Practices\par \b Topic 3C:\~\b0 Development Lifecycle Management\par \b Topic 3D:\~\b0 Perform Periodic Project Reviews\par \b Topic 3E:\~\b0 Evaluate Control Mechanisms for Systems\par \b Topic 3F:\~\b0 Evaluate Development and Testing Processes\par \b Topic 3G:\~\b0 Evaluate Implementation Readiness\par \b Topic 3H:\~\b0 Evaluate a System Migration\par \b Topic 3I:\~\b0 Perform a Post-Implementation System Review\par \pard\b Lesson 4: Information Systems Operations, Maintenance, and Support\par \b0\par \pard\li720\b Topic 4A:\~\b0 Perform Periodic System Reviews\par \b Topic 4B:\~\b0 Evaluate Service Level Management Practices\par \b Topic 4C:\~\b0 Evaluate Third Party Management Practices\par \b Topic 4D:\~\b0 Evaluate Operations and End User Management Practices\par \b Topic 4E:\~\b0 Evaluate the Maintenance Process\par \b Topic 4F:\~\b0 Evaluate Data Administration Practices\par \b Topic 4G:\~\b0 Evaluate the Use of Capacity and Performance Monitoring Methods\par \b Topic 4H:\~\b0 Evaluate Change, Configuration, and Release Management Practices\par \b Topic 4I:\~\b0 Evaluate Problem and Incident Management Practices\par \b Topic 4J:\~\b0 Evaluate the Adequacy of Backup and Restore Provisions\par \pard\b Lesson 5: Protection of Information Assets\par \b0\par \pard\li720\b Topic 5A:\~\b0 Information Security Design\par \b Topic 5B:\~\b0 Encryption Basics\par \b Topic 5C:\~\b0 Evaluate the Functionality of the IT Infrastructure\par \b Topic 5D:\~\b0 Evaluate Network Infrastructure Security\par \b Topic 5E:\~\b0 Evaluate the Design, Implementation, and Monitoring of Logical Access Controls\par \b Topic 5F:\~\b0 Risks and Controls of Virtualization\par \b Topic 5G:\~\b0 Evaluate the Design, Implementation, and Monitoring of Data Classification Process\par \b Topic 5H:\~\b0 Evaluate the Design, Implementation, and Monitoring of Physical Access Controls\par \b Topic 5I:\~\b0 Evaluate the Design, Implementation, and Monitoring of Environmental Controls\par \pard\b Appendix A: ISACA\'ae CISA\'ae Certification Process\b0\par \cf0\f0\par }