Certified Information Systems Auditor (CISA)
The Certified Information Systems Auditor (CISA) designation is a globally recognized certification for IS audit control, assurance and information security professionals.
Being Certified Information Systems Auditor (CISA) certified showcases your audit experience, skills and knowledge, and demonstrates you are capable to assess vulnerabilities, report on compliance and institute controls within the enterprise.
- Information systems professionals aspiring to build a career in information systems auditing
- Internal and external auditors (both IT and financial)
- Information security professionals
- Finance/CPA professionals
- Risk management professionals
- Security managers / analysts
- Software Managers
- Infrastructure/Network Managers
The Process of Auditing Information Systems
- Provide audit services in accordance with IT audit standards to assist the organization with protecting and controlling information systems. The auditing process covers;
- IS auditing standards
- Risk-based approach
- Controls; Audit objectives, planning & scope
- COBIT; Field Work
- Identifying conditions & defining reportable findings
- Review of work
- Audit Results Communication
Governance and Management of IT
- Provide assurance that the necessary leadership and organizational structures and processes are in place to achieve objectives and to support the organization’s strategy.
- IT governance structure,
- IT organizational structure and HR management;
- Evaluating IT Strategies;
- Evaluating IT policies, standards & procedures;
- IT Resource Investment;
- Evaluating Risk-management, monitoring and assurance practices
Information Systems Acquisition, Development and Implementation
- Provide assurance that the practices for the acquisition, development, testing, and implementation of information systems meet the organization’s strategies and objectives.
- Evaluation approach,
- Project Management;
- Functional Requirements,
- Feasibility Analysis;
- System Design
- System Development
- System; Acquisition, Implementation,
Information Systems Operations, Maintenance and Support
- Provide assurance that the processes for information systems operations, maintenance and support meet the organization’s strategies and objectives.
- Service Level Management;
- Evaluating Systems Software;
- Evaluating Hardware Acquisition & Installation;
- Evaluating network infrastructure (voice & data);
- Evaluating change, configuration and release management;
- Capacity and Performance monitoring tools & techniques;
- Data Administration practices;
- Problem & Incident management practices.
Protection of Information Assets
- This module discusses the organization’s security policies, standards, procedures and controls that ensure the confidentiality, integrity and availability of information assets.
- Evaluate the information security and privacy policies, standards and procedures for completeness, alignment with generally accepted practices and compliance with applicable external requirements.
- Evaluate the design, implementation, maintenance, monitoring and reporting of physical and environmental controls to determine whether information assets are adequately safeguarded.
- Evaluate the design, implementation, maintenance, monitoring and reporting of system and logical security controls to verify the confidentiality, integrity and availability of information.
- Evaluate the design, implementation and monitoring of the data classification processes and procedures for alignment with the organization’s policies, standards, procedures and applicable external requirements.
- Evaluate the processes and procedures used to store, retrieve, transport and dispose of assets to determine whether information assets are adequately safeguarded.
- Evaluate the information security program to determine its effectiveness and alignment with the organization’s strategies and objectives.
Available delivery methods for this course