Overview:

Certified Information Security Auditor (CISA) is a globally acknowledged certification, which builds upon the previous experience of IS professionals, to produce valuable employees who possess exceptional knowledge of Information Systems Auditing, Control, and Security.

During this CISA training course, delegates will be exposed to the Five Domains of Information Security Auditing. These domains comprise the foundations of CISA and it is imperative that delegates grasp a complete understanding of these aspects in order to pass the CISA exam and use their certification within the workplace. Within each of these domains exists multiple topics, which when combined, provide a comprehensive overview of the domain of focus. Due to the breadth of information imparted with each topic over a period of just four days, this course is considered intensive and candidates must study hard to obtain the certification. The five domains are as follows:

• The Process of Auditing Information Systems
• Governance & Management of IT
• Information Systems Acquisition, Development, and Implementation
• Information Systems Operations, Maintenance, and Support
• Protection of Information Assets

This intensive training course is delivered by exceptional, experienced CISA trainers, over the course of just four days. The Knowledge Academy CISA instructors deliver engaging sessions, allowing candidates to interact and discuss the content. The information provided, if studied meticulously and efficiently, will allow candidates to pass their CISA exam. Our trainers are available to assist trainees with any issues they may have prior, during, and after the course.

This training course is not suitable for beginners. It is required that delegates possess at least five years of exposure in the field of Information Systems Auditing. With this information in mind, it is expected that CISA qualified candidates have an outstanding level of professional experience, commitment, and extensive knowledge of IS Auditing. Thus, a CISA qualification is likely to open many doors and propel certified individuals into a high ranking position within the enterprise.

Duration:

05 ngày (40 giờ)

Course Objectives:

• Learn to audit, control and secure an information system
• Gain knowledge of the industry leading ISACA framework
• You'll be prepared for the ISACA CISA exam
• Network with likeminded peers
• Develop professionally

Intended Audience:

• This course is suited for those who wish to learn more about Information Systems Auditing, Control, and Security, and also improve their career opportunities.

Course outlines:

The course content surrounds the pivotal Five Domains. The information imparted within each domain is as follows:

1. Domain 1: Information Systems Audit Process:

• Developing a risk-based IT audit strategy
• Planning specific audits
• Conducting audits to IS audit standards
• Implementation of risk management and control practices

2. Domain 2: IT Governance and Management:

• Effectiveness of IT Governance structure
• IT organizational structure and human resources (personnel) management 
• organization's IT policies, standards, and procedures
• Adequacy of the Quality Management System
• IT management and monitoring controls
• IT resource investment
• IT contracting strategies and policies
• Management of organizations IT-related risks
• Monitoring and assurance practices organization business continuity plan

3. Domain 3: Information Systems Acquisition, Development, and Implementation:

• Business case development for IS acquisition, development, maintenance, and retirement
• Project management practices and controls
• Conducting reviews of project management practices
• System and Software Development Life-cycle (SDLC)
• Implementing and testing methodology
• Post-implement review

4. Domain 4: Information systems operations, maintenance and support

- Overview common technology components

- Review operations activities supporting day-to-day operation:

• IT Assets Inventory
• Schedule tasks and batch-job
• Helpdesk support / Incident Response / Change Request
• System Performance & Monitoring
• …

- Business Resilience aspect:

• Business Impact Analysis
• Backup - Restore
• DRP - BCP

5. Domain 5: Protection of Information Assets

- Audit Information Asset Security Framework, Standard and Guideline

- Physical and Access Environment

- Logical Access

• Identity and Access Management (IAM)
• Access Control Matrix
• Data Protection: DLP, DRM, IRM
• Virtualization and Cloud (noted: shared responsibility model)

- Common Threats (from Internal / External)

- Legacy system and technology.

- Noted:

• SIEM / SOAR
• Forensic