CISA Certified Information Systems Auditor

CISA is issued by ISACA and is specially designed for those who manage, monitor and protect IT operations through auditing. This training will enable delegates to understand all the concepts and terminology used in the exam so that they can easily complete the exam. Over time, CISA has become a valuable and popular certification in the industry. The figure below depicts the latest statistics for individuals with CISA certificates.

The CISA-certified information system auditor course covers five areas of information security audit. These are the foundations of CISA, and it is recommended that representatives have a complete understanding of these characteristics in order to pass the exam. Each area has multiple topics, which provide comprehensive knowledge about the focus area.

Exam

CISA Certified Information Systems Auditor course will have the following exam pattern:

• 200 multiple choice questions
• Exam Duration- 4 hours
• Passing marks- 450/800

IS Audit Process

• Task and Knowledge Statements
• Executive Misconduct and Relevant Regulations
• Regulatory Objectives
• Threats and Vulnerabilities
• Leadership through Governance
• Policies, Standards, Guidelines and Procedures
• Professional Ethics
• Purpose of an Audit
• Implement Audit Standards
• The Executive Position of Auditor
• Corporate Organisational Structure
• Control audits to IS standards
• Develop risk-based IT audit strategy
• Implement risk management and monitor practices

Governance and Management of IT

• Manage IT Governance
• Effectiveness of IT Governance Structure
• Tactical Management
• IT organisational structure and human resources
• Organisation’s policies, standards and procedures
• Adequacy of the quality management system
• IT management and monitoring
• IT contracting strategies and policies
• Resource investment of IT
• Work with IT-related risks of organisation
• Business Process Re-engineering
• Operations Management
• Follow-up to and assurance practices
• Team business continuity plan

Acquisition, Development, and Implementation of IS

• Business case development for IS acquisition
• IS development, maintenance and departure
• Project management practices and controls
• Audit Process
• Performing the Audit
• Gather Audit Evidence
• Conduct Audit Evidence Testing
• Report Findings and Conduct Follow-Up
• Requirement of Control, acquisition, development and test phases
• Readiness for informing system
• Project plan reviewing
• Post-implementation system reviews

Operation, Maintenance, and Support of IS

• Conduct reviews of organisational objectives
• Service level management
• Third party management practices
• System Implementation and Operations
• Understanding IT Services
• IT Operations Management
• Administrative Protection
• Data administration practices for determining integrity and optimising databases
• Use of capacity and performance monitoring tools & techniques
• Problem Management practices
• Change, configuration and release management practices
• Backup and restore provisions
• Control Controls Status
• Implement Physical Protection
• Organisation’s disaster recovery plan

Assets Protection and Information

• Protection of Information Assets
• Technical Protection part
• Information security policies, standards and procedures
• System and logical security controls- design, implement and monitor
• Designing and monitoring of data classification processes and procedures
• Design, implementation and monitoring
• Information asset’s storage, retrieval, transport and disposing of