Certified Information Systems Auditor (CISA) certification is administered by an organization known as ISACA. It is the most popular information security/information technology auditing certification for professionals across the globe. This certification will validate your auditing, control, and security skills for organizations.
Curriculum
Domain 1—INFORMATION SYSTEMS AUDITING PROCESS - (21%)
A. Planning
- IS Audit Standards, Guidelines, and Codes of Ethics
- Business Processes
- Types of Controls
- Risk-Based Audit Planning
- Types of Audits and Assessments
B. Execution
- Audit Project Management
- Sampling Methodology
- Audit Evidence Collection Techniques
- Data Analytics
- Reporting and Communication Techniques
- Quality Assurance and Improvement of the Audit Process
DOMAIN 2—GOVERNANCE AND MANAGEMENT OF IT - (17%)
A. IT Governance
- IT Governance and IT Strategy
- IT-Related Frameworks
- IT Standards, Policies, and Procedures
- Organizational Structure
- Enterprise Architecture
- Enterprise Risk Management
- Maturity Models
- Laws, Regulations, and Industry Standards affecting the Organization
B. IT Management
- IT Resource Management
- IT Service Provider Acquisition and Management
- IT Performance Monitoring and Reporting
- Quality Assurance and Quality Management of IT
DOMAIN 3—INFORMATION SYSTEMS ACQUISITION, DEVELOPMENT, AND IMPLEMENTATION - (12%)
A. Information Systems Acquisition and Development
- Project Governance and Management
- Business Case and Feasibility Analysis
- System Development Methodologies
- Control Identification and Design
B. Information Systems Implementation
- Testing Methodologies
- Configuration and Release Management
- System Migration, Infrastructure Deployment, and Data Conversion
- Post-implementation Review
DOMAIN 4—INFORMATION SYSTEMS OPERATIONS AND BUSINESS RESILIENCE - (23%)
A. Information Systems Operations
- Common Technology Components
- IT Asset Management
- Job Scheduling and Production Process Automation
- System Interfaces
- End-User Computing
- Data Governance
- Systems Performance Management
- Problem and Incident Management
- Change, Configuration, Release, and Patch Management
- IT Service Level Management
- Database Management
B. Business Resilience
- Business Impact Analysis (BIA)
- System Resiliency
- Data Backup, Storage, and Restoration
- Business Continuity Plan (BCP)
- Disaster Recovery Plans (DRP)
DOMAIN 5—PROTECTION OF INFORMATION ASSETS - (27%)
A. Information Asset Security and Control
- Information Asset Security Frameworks, Standards, and Guidelines
- Privacy Principles
- Physical Access and Environmental Controls
- Identity and Access Management
- Network and End-Point Security
- Data Classification
- Data Encryption and Encryption-Related Techniques
- Public Key Infrastructure (PKI)
- Web-Based Communication Techniques
- Virtualized Environments
- Mobile, Wireless, and Internet-of-Things (IoT) Devices
B. Security Event Management
- Security Awareness Training and Programs
- Information System Attack Methods and Techniques
- Security Testing Tools and Techniques
- Security Monitoring Tools and Techniques
- Incident Response Management
- Evidence Collection and Forensics
Who should learn CISA?
- IT Audit Managers
- IT Project Manager
- Network Architects
- Security Consultants
- Auditing Professionals
- Security Architects
- IT Security officer
- Security Auditors
- Security Managers
- IT Consultant
- Cybersecurity Analysts
- IT risk and assurance Manager
- Security Systems Engineers
- Privacy Officer
- Anybody who is looking to create a career in information systems auditing
What will I be able to do at the end of the training?
- Internal and external audit assignments
- Advice at the solutions designing stage
- Risk-based audits
- Risk analysis and risk assessment
- Information technology and governance audits
- Work as a support for the financial audit team regarding information systems audit
- IT management audit
- Systems and application security audit
- Information systems internal control review
- Business continuity and data center security review and audit
- Operating systems review
- Penetration testing
- Database administration review
- Physical and logical security review
- Post-implementation systems review