CISA© (Certified Information Systems Auditor) is an independent and most powerful certification offered for IT auditors. CISA certification is ANSI accredited programme accepted and recognised at the country-wide level globally.
The training programme encompasses theoretical and practical skills in IT audit:
-
a role of IT audit in internal control and IT security management systems;
-
an approach to audit engagement planning and performance;
-
skills of description of IT controls and response to IT risks.
Target Audience
The training programme is designed for IT managers and professionals, information and operation risk management professionals, and IT security, internal control and IT audit professionals.
Training Objectives
Upon completion of the training programme, the participants will gain insight into/be able to address:
-
IT audit goals and objectives and its role in the internal control system;
-
techniques applicable to audit planning and performance, and information and audit evidence collection;
-
audit and performance assessment of the internal control system in management, operating activities and IT support;
-
IT risk management audits;
-
IT security audits;
-
Preparation for CISA © certification
Training Methodology
-
Training is provided by accredited CISA © trainers and includes an analysis of case studies.
-
The training programme offers hands-on exercises.
-
Training id provided in Russian with English handouts
-
Upon completion of the training programme, the participants will pass CISA sample exam including a detailed discussion of questions.
Distinctive Benefits for Your Business
The training programme aims at improving alignment between your organisation’s IT and broader business needs and objectives, and at realigning IT audit value proposition.The training programme is based on the CISA© formal certification programme*, approved an agreed by ISACA © .
Introduction
-
About the CISA Exam
-
Certification Steps
Domain 1
Information System Auditing Process
Planning
-
IS Audit Standards, Guidelines and Codes of Ethics
-
Business Processes
-
Types of Controls
-
Risk-Based Audit Planning
-
Types of Audits and Assessments
Execution
-
Audit Project Management
-
Sampling Methodology
-
Audit Evidence Collection Techniques
-
Data Analytics
-
Reporting and Communication Techniques
-
Quality Assurance and Improvement of the Audit Process
Domain 2
Governance and management of IT
IT Governance
-
IT Governance and IT Strategy
-
IT-Related Frameworks
-
IT Standards, Policies, and Procedures
-
Organizational Structure
-
Enterprise Architecture
-
Enterprise Risk Management
-
Maturity Models
-
Laws, Regulations, and Industry
-
Standards Affecting the Organization
IT Management
-
IT Resource Management
-
IT Service Provider Acquisition and
Management
-
IT Performance Monitoring and Reporting
-
Quality Assurance and Quality
Management of IT
Domain 3
Information systems acquisition, development, and implementation
Information Systems Acquisition and
Development
-
Project Governance and Management
-
Business Case and Feasibility Analysis
-
System Development Methodologies
-
Control Identification and Design
Information System Implementation
-
Testing Methodologies
-
Configuration and Release Management
-
System Migration, Infrastructure
Deployment, and Data Conversion
-
Post-Implementation Review
Domain 4
Information systems operations, maintenance and support
Information System Operations:
-
Computer Hardware Components and
Architectures
-
IT Asset Management
-
System Interfaces
-
End-User Computing
-
Data Governance
-
Systems Performance Management
-
Problem and Incident Management
-
Change, Configuration, Release, and Patch
Management
-
IT Service Level Management
-
Database Management
Business Resilience
-
Business Impact Analysis (BIA)
-
System Resiliency
-
Data Backup, Storage, and Restoration
-
Business Continuity Plan (BCP)
-
Disaster Recovery Plans (DRPs)
Domain 5
Protection of information assets
Information Asset Security and Control
-
Introduction
-
Information Asset Security Frameworks, Standards, and Guidelines
-
Privacy Principles
-
Physical Access and Environmental Controls
-
Identity and Access Management
-
Network and End-point Security
-
Data Classification
-
Data Encryption and Encryption-related Techniques
-
Public Key Infrastructure (PKI)
-
Web-based Communication Technologies
-
Virtualized Environments
-
Mobile, Wireless, and Internet-of-Things (IOT)
Devices
Security Event Management
-
Security Awareness Training and Programs
-
Information System Attack Methods and Techniques
-
Security Testing Tools and Techniques
-
Security Monitoring Tools and Techniques
-
Incident Response Management
-
Evidence Collection and Forensics
Sample CISA exam
-
exam structure;
-
detailed answers to exam questions.
CPE information:
Upon successful completion of the training, students will be awarded Course Completion Certificates (40 CPD) from ISACA Kyiv.