Intended Participants

IS/IT Auditors

Compliance Officers/Managers

Security Architects 

Chief Risk Officer / Risk Officers

IT Security Heads / CISO

Chartered Accountants 

Chief Privacy Officers

IT Security Consultants

Course Outline

Domain 1: Information Systems Audit Process:

A. Planning

• IS Audit Standards, Guidelines, and Codes of Ethics

• Business Processes

• Types of Controls

• Risk-Based Audit Planning

• Types of Audits and Assessments

B. Execution

• Audit Project Management

• Sampling Methodology

• Audit Evidence Collection Techniques

• Data Analytics

• Reporting and Communication Techniques

Domain 2: IT Governance and Management of IT

 A. IT Governance

• IT Governance and IT Strategy

• IT-Related Frameworks

• IT Standards, Policies, and Procedures

• Organizational Structure

• Enterprise Architecture

• Enterprise Risk Management

• Maturity Models

• Laws, Regulations, and Industry Standards affecting the Organization

B. IT Management

• IT Resource Management

• IT Service Provider Acquisition and Management

• IT Performance Monitoring and Reporting

• Quality Assurance and Quality Management of IT

Domain 3: Information Systems Acquisition, Development, and  Implementation

A. Information Systems Acquisition and Development

• Project Governance and Management

• Business Case and Feasibility Analysis

• System Development Methodologies

• Control Identification and Design

B. Information Systems Implementation

• Testing Methodologies

• Configuration and Release Management

• System Migration, Infrastructure Deployment, and Data Conversion

• Post-implementation Review

• Risk Policy & Assessment

• NIST’s Risk Assessment Methodology

• Steps to Assess Risks at Work Place

• Cost/Benefit Analysis

• NIST Approach for Control Implementation

• Risk Analysis

• Risk Mitigation

• Residual Risk

• Risk Management Tools

Domain 4: Information Systems Operations and Business Resilience

A. Information Systems Operations

• Common Technology Components

• IT Asset Management

• Job Scheduling and Production Process Automation

• System Interfaces

• End-User Computing

• Data Governance

• Systems Performance Management

• Problem and Incident Management

• Change, Configuration, Release, and Patch Management

• IT Service Level Management

• Database Management

B. Business Resilience

• Business Impact Analysis (BIA)

• System Resiliency

• Data Backup, Storage, and Restoration

• Business Continuity Plan (BCP)

• Disaster Recovery Plans (DRP)     

Domain 5: Protection of Information Assets

A. Information Asset Security and Control

• Information Asset Security Frameworks, Standards, and Guidelines

• Privacy Principles

• Physical Access and Environmental Controls

• Identity and Access Management

• Network and End-Point Security

• Data Classification

• Data Encryption and Encryption-Related Techniques

• Public Key Infrastructure (PKI)

• Web-Based Communication Techniques

• Virtualized Environments

• Mobile, Wireless, and Internet-of-Things (IoT) Devices

B. Security Event Management

• Security Awareness Training and Programs

• Information System Attack Methods and Techniques

• Security Testing Tools and Techniques

• Security Monitoring Tools and Techniques

• Incident Response Management

• Evidence Collection and Forensics

• What is CSIRT?

• Analyzing the need of Incident Response Team (IRT)

• CSIRT Goals, Strategy, and Vision

• Common Names of CSIRT

• CSIRT Mission Statement, & Constituency

• CSIRT Place in the Organization

• CSIRT Relationship with Peers

• Types of CSIRT Environments

• Best Practices for creating a CSIRT Role of CSIRTs

• How CSIRT Handles a Case

• Roles in an Incident Response Team

• CSIRT Services

• CSIRT Incident Report Form

• Incident Tracking and Reporting Systems

Changes from 2016 to 2019 in CISA Job Practices 

• Below is the comparison of the 2016 CISA exam blueprint to 2019 CISA Exam blueprint

CISA  Accredition

• The American National Standards Institute (ANSI) has accredited the CISA certification program under ISO/IEC 17024:2012, General Requirements for Bodies Operating Certification Systems of Persons. ANSI, a private, nonprofit organization, accredits other organizations to serve as third-party product, system and personnel certifiers. ISACA is proud to be recognized with this international standard of performance.