Course Overview
The Certified Information Systems Auditor (CISA) certification is a globally recognized certification offered by ISACA (Information Systems Audit and Control Association) for professionals involved in information systems auditing, control, and security. It is world-renowned as the standard of achievement for those who audit, control, monitor and assess an organization’s IT and business systems.
Learning Options
Target audiences
- The Certified Information Systems Auditor-CISA training is targeted toward IT professionals who have at least five years of experience in security and IT audit, control and information technology governance, such as chief information officers, audit managers and directors, IT directors, IT security managers, information security analysts and other experienced IT auditors.
- This training is also ideal for IT consultants and professionals interested in pursuing a career in the domain of IT systems auditing and control.
- The training provides a comprehensive overview of the principles and practices of information systems auditing and control, as well as insights into how the profession has evolved over time.
- This training is essential for IT professionals who want to maintain and demonstrate their knowledge of CISA standards and stay current on ever-changing audit and control technologies.
Schedule Dates
Curriculum
-
Domain 1: Information Systems Auditing Process - (21%)
- Planning
- IS Audit Standards, Guidelines, and Codes of Ethics
- Business Processes
- Types of Controls
- Risk-Based Audit Planning
- Types of Audits and Assessments
- Execution
- Audit Project Management
- Sampling Methodology
- Audit Evidence Collection Techniques
- Data Analytics
- Reporting and Communication Techniques
-
Domain 2: Governance and Management of IT - (17%)
- IT Governance
- IT Governance and IT Strategy
- IT-Related Frameworks
- IT Standards, Policies, and Procedures
- Organizational Structure
- Enterprise Architecture
- Enterprise Risk Management
- Maturity Models
- Laws, Regulations, and Industry Standards affecting the Organization
- IT Management
- IT Resource Management
- IT Service Provider Acquisition and Management
- IT Performance Monitoring and Reporting
- Quality Assurance and Quality Management of IT
-
Domain 3: Information Systems Acquisition, Development and Implementation - (12%)
- Information Systems Acquisition and Development
- Project Governance and Management
- Business Case and Feasibility Analysis
- System Development Methodologies
- Control Identification and Design
- Information Systems Implementation
- Testing Methodologies
- Configuration and Release Management
- System Migration, Infrastructure Deployment, and Data Conversion
- Post-implementation Review
-
Domain 4: Information Systems Operations and Business Resilience - (23%)
- Information Systems Operations
- Common Technology Components
- IT Asset Management
- Job Scheduling and Production Process Automation
- System Interfaces
- End-User Computing
- Data Governance
- Systems Performance Management
- Problem and Incident Management
- Change, Configuration, Release, and Patch Management
- IT Service Level Management
- Database Management
- Business Resilience
- Business Impact Analysis (BIA)
- System Resiliency
- Data Backup, Storage, and Restoration
- Business Continuity Plan (BCP)
- Disaster Recovery Plans (DRP)
-
Domain 5: Protection of Information Assets - (27%)
- Information Asset Security and Control
- Information Asset Security Frameworks, Standards, and Guidelines
- Privacy Principles
- Physical Access and Environmental Controls
- Identity and Access Management
- Network and End-Point Security
- Data Classification
- Data Encryption and Encryption-Related Techniques
- Public Key Infrastructure (PKI)
- Web-Based Communication Techniques
- Virtualized Environments
- Mobile, Wireless, and Internet-of-Things (IoT) Devices
- Security Event Management
- Security Awareness Training and Programs
- Information System Attack Methods and Techniques
- Security Testing Tools and Techniques
- Security Monitoring Tools and Techniques
- Incident Response Management
- Evidence Collection and Forensics
- Supporting Tasks
To obtain the CISA certification, candidates must meet certain prerequisites, which include a minimum of five years of professional work experience in information systems auditing, control, or security, with a minimum of two years of experience in the field of information systems auditing, control, or security. There are also other options for obtaining the required work experience, such as a maximum of one year of experience substitution for certain educational degrees or certifications.
Obtaining the CISA certification can have several benefits, including:
Enhanced credibility and recognition as a qualified professional in the field of information systems auditing and control.
Improved career opportunities in roles such as IT auditor, information security manager, risk manager, compliance auditor, and IT governance professional.
Demonstrated expertise in assessing and managing risks associated with information systems and IT processes.
Access to a global community of professionals through ISACA, including networking opportunities, resources, and ongoing professional development.
Opportunities for career advancement and higher earning potential.
According to the fact, the CISA exam is also difficult with only 50% of test takers making the cut. This number is even lower for first-time test takers.
Because of this, CISA certification holders are highly valued – to the extent that many companies treat the qualification as a prerequisite when looking for candidates. The certification covers five job practice domains: Information System Auditing Process (21 per cent) Governance and Management of IT (17 percent)
