Course Details/Schedule

Day 1

Introduction to CISA

• Introduction to ISACA
• Other ISACA Certifications
• CISA Exam Info
• CISA Areas
• CISA Task and Knowledge Statements

Secrets of a Successful Auditor

• Why to audit?
• Regulations
• Asset, Threat, Vulnerability
• Policies, Standards, Guidelines, and Procedures
• Types of Audits
• Audits vs Assessment
• Auditor and Auditee Roles
• ISACA IS Audit Standards
• Data owner, user, custodian

Managing IT Governance

• Understanding Business
• Strategy
• Management Objectives
• IT Steering Committee
• Balanced Scorecard (BSC)
• Funding Methods
• Types of Policies
• Sourcing Practices
• Insourcing vs Outsourcing
• Risk Management
• Business Process Reengineering

Day 2

Audit Process

• Program vs Project
• Audit Program
• Audit Planning Issues
• 10 audit stages
• Approving the audit charter or engagement letter
• Preplanning the audit
• Performing a risk assessment
• Determining whether an audit is possible
• Performing the actual audit
• Gathering evidence
• Performing audit tests
• Analyzing the results
• Reporting the results
• Conducting any follow-up activities

Day 3

Networking Technology Basics

• Computer hardware architecture
• System Control
• RAID operating levels
• Seven layers of the OSI model
• OSI processing of headers and data
• Network Topologies
• VLANs
• DNS name service (address lookup)
• DHCP
• Managing Your Network
• Software as a Service (SaaS)
• Cloud Computing

Information Systems Life Cycle

• Governance in Software Development
• Management of Software Quality
• CMM compared to ISO 15504 (SPICE)
• ISO 9126: Software Quality
• ISO 15489: Records Management
• Executive Steering Committee
• RFI/RFP Process
• Change Management
• Management of the Software Project
• Software Development Models
• Databases

Day 4

System Implementation and Operations

• ITIL
• Separation of duties
• Types of Metrics
• Service-Level Management
• Outsourcing
• Classification of Data
• Authority Roles over Data
• Incident Handling
• Digital Forensics
• Monitoring the Status of Controls
• System monitoring
• Log management
• System access controls
• Data file controls
• Application processing controls
• Antivirus software
• Active content and mobile software code
• Maintenance controls, including change management
• Separate test environment
• Physical and environmental controls

Day 5

Protecting Information Assets

• Types of Threats and Computer Crimes
• Understanding Attack Methods
• Passive Attacks
• Active Attacks
• Persistent Electronic Threats
• Technical Protection
• Application Software Controls
• Authentication Methods
• Biometrics
• Network Access Protection
• Wireless Access
• Intrusion Detection
• Encryption
• Network Security Protocols

Business Continuity and Disaster Recovery

• Business Continuity Program
• Phase 1: Setting Up the BC Program
• Phase 2: The Discovery Process
• Phase 3: Plan Development
• Phase 4: Plan Implementation
• Phase 5: Maintenance and Integration