What is a Certified Information Systems Auditor?
A Certified Information Systems Auditor (CISA) plays a critical role in ensuring the integrity and security of information systems. This certification is recognized globally, validating professionals’ expertise in auditing, control, and security of information systems.
What you’ll learn
ISACA CISA exam, which consists of 150 multiple-choice questions that cover the five information systems auditing areas. These areas have been created from a CISA job practice analysis and reflect the work performed by information systems auditors:
- Information systems auditing process
- Governance and management of IT
- Information systems acquisition, development and implementation
- Information systems operation and business resilience
- Protection of information assets
Key Responsibilities
The primary responsibilities of this certification include assessing and managing risks, implementing relevant controls, and ensuring compliance with standards and regulations. They help organizations improve their operational efficiency by evaluating information systems.
Course Outcomes
- Be able to work as a professional information systems auditor.
- Evaluate the overall IT strategy and IT governance framework of an organization.
- Evaluate and improve the quality and control of information systems in an organization.
- Be able to work as a professional consultant to improve an organization’s IT policies and practices.
- Perform technical security testing to identify potential threats and vulnerabilities.
Course Content:
Domain 1 – Information System Auditing Process
Topics:
- IS Audit Standards, Guidelines, Functions, and Codes of Ethics
- Types of Audits, Assessments, and Reviews
- Risk-based Audit Planning
- Types of Controls and Considerations
- Audit Project Management
- Audit Testing and Sampling Methodology
- Audit Evidence Collection Techniques
- Audit Data Analytics
- Reporting and Communication Techniques
- Quality Assurance and Improvement of Audit Process
Domain 2 – Governance and Management of IT
Topics
- Laws, Regulations, and Industry Standards
- Organizational Structure, IT Governance, and IT Strategy
- IT Policies, Standards, Procedures, and Guidelines
- Enterprise Architecture and Considerations
- Enterprise Risk Management (ERM)
- Privacy Program and Principles
- Data Governance and Classification
- IT Resource Management
- IT Vendor Management
- IT Performance Monitoring and Reporting
- Quality Assurance and Quality Management of IT
Domain 3 – Information Systems Acquisition, Development, and Implementation
Topics:
- Project Governance and Management
- Business Case and Feasibility Analysis
- System Development Methodologies
- Control Identification and Design
- System Readiness and Implementation Testing
- Implementation Configuration and Release Management
- System Migration, Infrastructure Deployment, and Data Conversion
- Postimplementation Review
Domain 4 – Information Systems Operations and Business Resilience
Topics:
- IT Components
- IT Asset Management
- Job Scheduling and Production Process Automation
- System Interfaces • End-user Computing and Shadow IT
- Systems Availability and Capacity Management
- Problem and Incident Management
- IT Change, Configuration, and Patch Management
- Operational Log Management
- IT Service Level Management
- Database Management
- Business Impact Analysis
- System and Operational Resilience
- Data Backup, Storage, and Restoration
- Business Continuity Plan
- Disaster Recovery Plans
Domain 5 – Protection of Information Assets
Topics:
- Information Asset Security Policies, Frameworks, Standards, and Guidelines
- Physical and Environmental Controls
- Identity and Access Management
- Network and End-Point Security
- Data Loss Prevention
- Data Encryption
- Public Key Infrastructure (PKI)
- Cloud and Virtualized Environments
- Mobile, Wireless, and Internet-of-Things Devices
- Security Awareness Training and Programs
- Information System Attack Methods and Techniques
- Security Testing Tools and Techniques
- Security Monitoring Logs, Tools, and Techniques
- Security Incident Response Management • Evidence Collection and Forensics
Prerequisites:
Five years of professional work experience in information systems auditing, control, or security.
A maximum of one year of experience can be waived if you have a degree in information security, information systems, or a related field.
