Certified Information Security Auditor, CISA

Module 1: The Process of Auditing Information System

• Develop and implement a risk-based IT audit strategy
• Plan specific audits
• Conduct audits in accordance with IT audit standards
• Report audit findings and make recommendations to key stakeholders
• Conduct follow-ups or prepare status reports

Module 2: IT Governance and Management of IT

• Evaluate the effectiveness of the IT governance structure
• Evaluate IT organizational structure and human resources (personnel) management
• Evaluate the organization’s IT policies, standards, and procedures
• Evaluate the adequacy of the quality management system
• Evaluate IT management and monitoring of controls
• Evaluate IT contracting strategies and policies, and contract management practices
• Evaluate risk management practices
• Evaluate the organization’s business continuity plan

Module 3: Information Systems Acquisition, Development, and Implementation

• Business case development for IS acquisition, development, maintenance, and retirement
• Project management practices and controls
• Conducting reviews of project management practices
•  Controls for requirements, acquisition, development, and testing phases
•  Readiness for Information Systems
•  Project Plan Reviewing
•  Post Implementation System Reviews

Module 4: Information Systems Operations, Maintenance, and Support

• Conduct periodic reviews of organizations objectives
• Service level management
• Third-party management practices
• Operations and end-user procedures
• Process of information systems maintenance
• Data administration practices determine the integrity and optimization of databases
• Use of capacity and performance monitoring tools and techniques
• Problem and incident management practices
• Change, configuration, and release management practices
• Adequacy of backup and restore provisions
• Organization’s disaster recovery plan in the event of a disaster

Module 5: Protection of Information Assets

• Information security policies, standards and procedures
• Design, implement, monitoring of system and logical security controls
• Design, implement, monitoring of data classification processes and procedures
• Design, implement, monitoring of physical access and environmental controls
• Processes and procedures to store, retrieve, transport and dispose of information assets

• Prepare for and pass the Certified Information Systems Auditor (CISA) Exam
• Develop and implement a risk-based IT audit strategy in compliance with IT audit standards
• Evaluate the effectiveness of an IT governance structure
• Ensure that the IT organizational structure and human resources (personnel) management support the organization’s strategies and objectives
• Review the information security policies, standards, and procedures for completeness and alignment with generally accepted practices

• An IT professional working in roles associated with transitioning services into live operation within a service-based business model.
• Require a detailed understanding of Service Transition principles, Processes, and activities.
• Are working in, or about to enter, an IT Service Transition environment.
• Require a detailed understanding of ITIL Service Transition.