Duration:

5 Days

Audience:

Employees of federal, state and local governments; and businesses working with the government.

Course Description

In this course you’ll cover all five domains of the Certified Information Systems Auditor (CISA) exam and gain the knowledge and technical concepts required to obtain CISA certification. Since its inception in 1978, the CISA exam has become the gold standard of excellence in IS auditing, control, and security. Our experts have created a study guide of relevant, up-to-date information, including summary charts, insightful data, and practice exams.

Certification

The CISA exam is offered three times each year (June, September, and December), consists of 200 multiple-choice questions, and is focused on the five domains defined by ISACA.

What You’ll Learn

In-depth coverage of the five domains required to pass the CISA exam:

  1. The Process of Auditing Information Systems
  2. Governance and Management of IT
  3. Information Systems Acquisition, Development, and Implementation
  4. Information Systems Operations, Maintenance, and Support
  5. Protection of Information Assets

Who Needs to Attend

IS audit, control, assurance, and security professionals, including IT consultants, auditors, managers, security policy writers, privacy officers, information security officers, network administrators, security device administrators, and security engineers, who have five years of experience with audit, IT systems, and security of information systems.

Prerequisites

Systems administration experience, familiarity with TCP/IP, and an understanding of UNIX, Linux, and Windows. This advanced course also requires intermediate-level knowledge of the security concepts covered in our Security+ Prep Course.

Course Outline

1. Testing-Taking Tips and Study Techniques

  • Preparation for the CISA Exam
  • Submitting Required Paperwork
  • Resources and Study Aids
  • Passing the Exam the First Time

2. The Audit Process

  • Risk
  • Audit
  • Standards and Guidelines

3. IT Governance

  • Best Practices
  • Management Practices
  • Roles and Responsibilities

4. Lifecycle Management

  • Project Management
  • Business Application Development
  • Information Systems Maintenance Practices

5. System Infrastructure Control

  • Auditing Application Controls
  • Application System Development
  • Business Application Systems

6. Information Systems Hardware and Architecture

  • Information Systems Operations
  • Information Systems Hardware
  • SDLC
  • Databases

7. Information Systems Used for IT Delivery and Support

  • OSI
  • TCP/IP Model
  • TCP/UDP/ICMP/IP
  • Routers/Switches/Hubs
  • Firewalls
  • Wireless
  • WAN Technologies – X.25/Frame Relay/PPP/ISDN/DSL/Cable

8. Protection of Logical Assets

  • CIA
  • Roles and Responsibilities – RACI
  • Asset Management
  • Taxonomy – Information Classification
  • Risk Management
  • Policies, Procedures, Standards, Guidelines, Baselines
  • Knowledge Transfer – Awareness, Training, Education

9. Physical Security

  • Environmental Protection Practices
  • Physical Authentication
  • Policies and Procedures

10. Business Continuity and Disaster Recovery

  • BIA Policy
  • BIA Roles and Teams
  • Data Backups, Vaulting, Journaling, Shadowing
  • Alternate Sites
  • Emergency Response
  • Required Notifications
  • BIA Tests

11. Review and Q&A Session

  • Final Review and Test Prep