TRAINING CATEGORIES
(Click Category to List Courses)

42 - IT-S Information Technology - Security and Audit


IT-S 203 - Certified Information Systems Auditor (CISA) Preparation Course

Code Start Date Duration Venue
IT-S 203 15 April 2024 5 Days Istanbul Registration Form Link
IT-S 203 06 May 2024 5 Days Istanbul Registration Form Link
IT-S 203 03 June 2024 5 Days Istanbul Registration Form Link
IT-S 203 29 July 2024 5 Days Istanbul Registration Form Link
IT-S 203 26 August 2024 5 Days Istanbul Registration Form Link
IT-S 203 23 September 2024 5 Days Istanbul Registration Form Link
IT-S 203 21 October 2024 5 Days Istanbul Registration Form Link
IT-S 203 18 November 2024 5 Days Istanbul Registration Form Link
IT-S 203 16 December 2024 5 Days Istanbul Registration Form Link
Please contact us for fees

 

Course Description

The aim of the course is to prepare participants to CISA certification, as well as help them to gain insight about IT Auditing world.

The CISA designation is a globally recognized certification for IS audit control, assurance and security professionals. Being CISA-certified showcases your audit experience, skills and knowledge, and demonstrates you are capable to assess vulnerabilities, report on compliance and institute controls within the enterprise.

This is a course preparation for certification exam/procedure. The fee doesn't include exam fee. The exam date and application should be done by participant(s) themselves. Please contact us for details and further clarification

Course Overview

  • Revealing the secrets for being a successful auditor 
  • Performing an audit process 
  • Understanding the basics of networking technology
  • Keeping information assets safe
  • Identifying possible threats 

Who Should Attend?

  • Security Consultant
  • Security Manager
  • IT Director/Manager
  • Security Auditor
  • Security Architect

Course Details/Schedule

Day 1

Introduction to CISA

  • Introduction to ISACA
  • Other ISACA Certifications
  • CISA Exam Info
  • CISA Areas
  • CISA Task and Knowledge Statements

Secrets of a Successful Auditor

  • Why to audit?
  • Regulations
  • Asset, Threat, Vulnerability
  • Policies, Standards, Guidelines, and Procedures
  • Types of Audits
  • Audits vs Assessment
  • Auditor and Auditee Roles
  • ISACA IS Audit Standards
  • Data owner, user, custodian

Managing IT Governance

  • Understanding Business
  • Strategy
  • Management Objectives
  • IT Steering Committee
  • Balanced Scorecard (BSC)
  • Funding Methods
  • Types of Policies
  • Sourcing Practices
  • Insourcing vs Outsourcing
  • Risk Management
  • Business Process Reengineering

Day 2

Audit Process

  • Program vs Project
  • Audit Program
  • Audit Planning Issues
  • 10 audit stages
  • Approving the audit charter or engagement letter
  • Preplanning the audit
  • Performing a risk assessment
  • Determining whether an audit is possible
  • Performing the actual audit
  • Gathering evidence
  • Performing audit tests
  • Analyzing the results
  • Reporting the results
  • Conducting any follow-up activities

 

Day 3

Networking Technology Basics

  • Computer hardware architecture
  • System Control
  • RAID operating levels
  • Seven layers of the OSI model
  • OSI processing of headers and data
  • Network Topologies
  • VLANs
  • DNS name service (address lookup)
  • DHCP
  • Managing Your Network
  • Software as a Service (SaaS)
  • Cloud Computing

Information Systems Life Cycle

  • Governance in Software Development
  • Management of Software Quality
  • CMM compared to ISO 15504 (SPICE)
  • ISO 9126: Software Quality
  • ISO 15489: Records Management
  • Executive Steering Committee
  • RFI/RFP Process
  • Change Management
  • Management of the Software Project
  • Software Development Models
  • Databases

Day 4

System Implementation and Operations

  • ITIL
  • Separation of duties
  • Types of Metrics
  • Service-Level Management
  • Outsourcing
  • Classification of Data
  • Authority Roles over Data
  • Incident Handling
  • Digital Forensics
  • Monitoring the Status of Controls
  • System monitoring
  • Log management
  • System access controls
  • Data file controls
  • Application processing controls
  • Antivirus software
  • Active content and mobile software code
  • Maintenance controls, including change management
  • Separate test environment
  • Physical and environmental controls

Day 5

Protecting Information Assets

  • Types of Threats and Computer Crimes
  • Understanding Attack Methods
  • Passive Attacks
  • Active Attacks
  • Persistent Electronic Threats
  • Technical Protection
  • Application Software Controls
  • Authentication Methods
  • Biometrics
  • Network Access Protection
  • Wireless Access
  • Intrusion Detection
  • Encryption
  • Network Security Protocols

Business Continuity and Disaster Recovery

  • Business Continuity Program
  • Phase 1: Setting Up the BC Program
  • Phase 2: The Discovery Process
  • Phase 3: Plan Development
  • Phase 4: Plan Implementation
  • Phase 5: Maintenance and Integration