Certified Information Systems Auditor (CISA)
Module 1: Domain 1 – Information System Auditing Process
Learning Objectives:
- Strategize and plan information system audits to assess protection, control, and value delivery.
- Execute audits in line with IS audit standards and a risk-based IS audit strategy.
- Effectively communicate audit progress, findings, and recommendations to stakeholders.
- Conduct post-audit follow-up to ensure risk mitigation.
- Assess IT management and control monitoring.
- Utilize data analytics tools to enhance audit efficiency.
- Provide consulting services to enhance information system quality and control.
- Identify opportunities for improving IT policies and practices.
Topics:
- IS Audit Standards, Guidelines, Functions, and Codes of Ethics
- Types of Audits, Assessments, and Reviews
- Risk-based Audit Planning
- Types of Controls and Considerations
- Audit Project Management
- Audit Testing and Sampling Methodology
- Audit Evidence Collection Techniques
- Audit Data Analytics
- Reporting and Communication Techniques
- Quality Assurance and Improvement of Audit Process
Module 2: Domain 2 – Governance and Management of IT
Learning Objectives:
- Evaluate IT strategy alignment with enterprise strategies and objectives.
- Assess IT governance and organizational structure effectiveness.
- Review IT policies and practices for compliance with regulatory requirements.
- Evaluate IT resource and portfolio management alignment with enterprise strategies.
- Assess enterprise risk management policies and practices.
- Evaluate IT management and monitoring of controls.
- Review monitoring and reporting of IT key performance indicators.
- Assess IT supplier selection and contract management processes.
- Evaluate IT service management practices alignment with business requirements.
- Conduct periodic reviews of information systems and enterprise architecture.
- Evaluate data governance policies and practices.
- Assess information security program effectiveness and alignment with enterprise strategies.
Topics:
- Laws, Regulations, and Industry Standards
- Organizational Structure, IT Governance, and IT Strategy
- IT Policies, Standards, Procedures, and Guidelines
- Enterprise Architecture and Considerations
- Enterprise Risk Management (ERM)
- Privacy Program and Principles
- Data Governance and Classification
- IT Resource Management
- IT Vendor Management
- IT Performance Monitoring and Reporting
- Quality Assurance and Quality Management of IT
Module 3: Domain 3 – Information Systems Acquisition, Development, and Implementation
Learning Objectives:
- Evaluate the business case for proposed changes to information systems.
- Assess enterprise project management policies and practices.
- Evaluate controls throughout the information systems development lifecycle.
- Assess information systems readiness for implementation and migration into production.
- Conduct post-implementation reviews of systems.
- Evaluate change, configuration, release, and patch management policies and practices.
Topics:
- Project Governance and Management
- Business Case and Feasibility Analysis
- System Development Methodologies
- Control Identification and Design
- System Readiness and Implementation Testing
- Implementation Configuration and Release Management
- System Migration, Infrastructure Deployment, and Data Conversion
- Post-implementation Review
Module 4: Domain 4 – Information Systems Operations and Business Resilience
Learning Objectives:
- Evaluate the enterprise’s ability to continue business operations.
- Assess IT service management practices alignment with business requirements.
- Conduct periodic reviews of information systems and enterprise architecture.
- Evaluate IT operations and maintenance practices.
- Evaluate database management practices.
- Assess data governance policies and practices.
- Evaluate problem and incident management policies and practices.
- Evaluate change, configuration, release, and patch management policies and practices.
Topics:
- IT Components
- IT Asset Management
- Job Scheduling and Production Process Automation
- System Interfaces
- End-user Computing and Shadow IT
- Systems Availability and Capacity Management
- Problem and Incident Management
- IT Change, Configuration, and Patch Management
- Operational Log Management
- IT Service Level Management
- Database Management
- Business Impact Analysis
- System and Operational Resilience
- Data Backup, Storage, and Restoration
- Business Continuity Plan
- Disaster Recovery Plans
Module 5: Domain 5 – Protection of Information Assets
Learning Objectives:
- Conduct audits in line with IS audit standards and a risk-based IS audit strategy.
- Evaluate problem and incident management policies and practices.
- Assess information security and privacy policies and practices.
- Evaluate physical and environmental controls for safeguarding information assets.
- Evaluate logical security controls for ensuring information confidentiality, integrity, and availability.
- Review data classification practices for alignment with policies and external requirements.
- Evaluate policies and practices related to asset lifecycle management.
- Assess the information security program effectiveness and alignment with enterprise strategies.
- Perform technical security testing to identify potential threats and vulnerabilities.
Topics:
- Information Asset Security Policies, Frameworks, Standards, and Guidelines
- Physical and Environmental Controls
- Identity and Access Management
- Network and End-Point Security
- Data Loss Prevention
- Data Encryption
- Public Key Infrastructure (PKI)
- Cloud and Virtualized Environments
- Mobile, Wireless, and Internet-of-Things Devices
- Security Awareness Training and Programs
- Information System Attack Methods and Techniques
- Security Testing Tools and Techniques
- Security Monitoring Logs, Tools, and Techniques
- Security Incident Response Management
- Evidence Collection and Forensics