CISA® Certified Information Security Auditor

CISA Exam Information

The CISA exam is offered annually during the months of June and December.

Security University's CISA course...

Some of the content in our CISA training class includes:

A Review Course

• 02/13 Ch. 1: The IS Audit Process
• 02/27 Ch. 2: IT Governance
• 03/13 Ch. 3: Systems and Infrastructure Life Cycle Management – Part I
• 03/27 Ch. 3: Systems and Infrastructure Life Cycle Management – Part II
• 04/10 Ch. 4: IT Service Delivery and Support
• 05/01 Ch. 5: Protection of Information Assets – Part I
• 05/08 Ch. 5: Protection of Information Assets – Part II
• 05/22 Ch. 6: Business Continuity

Module 1—The IS Audit Process

This module provides a review of the knowledge required of an information systems (IS) audit/assurance professional to ensure that an organization's information technology and business systems are protected and controlled. Also included is a review of IS audit standards, guidelines and best practices.

Topics include:

• ISACA IS Auditing Standards and Guidelines
• IS Auditing Practices and Techniques
• Gathering Information and Preserving Evidence
• Control Objectives and IS-Related Controls
• Risk Assessment in an Audit Context
• Audit Planning and Management Techniques
• Reporting and Communication Techniques
• Control Self-Assessment

Module 2—CISA's Role in IT Governance

This module provides a review of the development of sound control practices and mechanisms for management oversight and review required of an information systems (IS) audit/assurance professional who is responsible for providing assurance that an organization has the structure, policies, accountability mechanisms and monitoring practices in place to achieve the requirements of IT governance.

Topics include:

• IT Governance Basics
• IT Governance Frameworks
• Information Security Policies
• Quality Management Strategies and Practices
• The IT Organization's Roles and Responsibilities
• Enterprise Architecture
• Risk Management
• Process Improvement Models
• IT Contracting Strategies
• Monitoring and Reporting IT Performance
• IT Human Resource Management
• IT Resource Investment and Allocations Practices

Module 3—CISA's Role in Systems and Infrastructure Life Cycle Management

This module provides a review of the methodologies and processes organizations employ when they develop and change application systems and infrastructure components. Also included is the role of an information systems (IS) audit/assurance professional in providing assurance that management practices meet the organization's objectives for the development/acquisition, testing, implementation, maintenance and disposal of systems and infrastructure.

Topics include:

• Benefits Management Practices
• Project Governance Mechanisms
• Project Management Practices, Tools and Control Frameworks
• Risk Management Practices
• Project Success Criteria and Risks
• Configuration, Change and Release Management
• Application Controls
• Enterprise Architecture
• Requirements Analysis
• Acquisition and Contract Management
• System Development Methodologies and Tools
• Quality Assurance Methods
• Managing Testing Processes
• Data Conversion Tools, Techniques and Procedures
• System Disposal
• Certification and Accreditation
• Postimplementation Reviews
• System Migration and Deployment

Module 4—CISA's Role in IT Service Delivery and Support

This module provides a review of service level management practices, including incident and problem management, capacity planning and systems performance monitoring. In addition, the module outlines the role of the IS audit/assurance professional in auditing and reviewing the various aspects of service level management.

Topics include:

• Service Level Management Practices
• Operations Management Best Practices
• Systems Performance Monitoring Processes, Tools and Techniques
• Functionality of Hardware and Network Components
• Database Administration Practices
• System Software Functionality
• Capacity Planning and Monitoring Techniques
• Managing Scheduled and Emergency Changes
• Incident and Problem Management Practices
• Software Licensing and Inventory Practices
• System Resiliency Tools and Techniques

Module 5—CISA's Role in Protection of Information Assets

This module provides a review of the key components an IS audit/assurance professional must be aware of to evaluate and ensure an organization's confidentiality, integrity, and availability of information assets including logical and physical access controls, network infrastructure security, environmental controls and other processes and procedures used to maintain security of confidential information assets.

Topics include:

• Information Security Management
• Logical Access Controls
• Network Infrastructure Security
• Attack Methods and Techniques
• Responding to Security Incidents
• Security Systems and Devices
• Encryption and PKI Components
• Virus Detection Tools and Techniques
• Penetration Testing
• Environmental Protection Practices and Devices
• Physical Security Systems
• Data Classification Schemes
• Voice-Over IP
• Transport and Disposal of Information Assets
• Security of Portable and Wireless Devices

Module 6—CISA's Role in Business Continuity and Disaster Recovery

This module provides a review of the practices and knowledge required of an information systems (IS) audit/assurance professional who is responsible for providing assurance that, in the event of a disruption, the business continuity and disaster recovery processes will ensure the timely resumption of information technology (IT) services, while minimizing the business impact.

Topics include:

• Backup Basics
• Legal Elements
• Business Impact Analysis
• Business Continuity and Disaster Recovery Plans Development and Maintenance
• Business Continuity and Disaster Recovery Plan Testing
• Human Resources Management
• Invoking the Business Continuity Plan
• Alternate Processing and Recovery Strategies

What's Included: