Course Description

An Intensive Review of the Topics Covered in the Certified Information Systems Auditor Exam

In this seminar you will focus exclusively on the essential areas covered in the CISA exam. You will cover the CISA content areas you need to know for the exam, including IS audit process, IT governance, systems and infrastructure life-cycle management, IT service delivery and support, information asset protection, and business continuity and disaster recovery.  Following each section, you will work through a series of  sample exam questions to give you a "feel" for the format and the types of questions you will encounter. You will then review the correct answers for a better understanding of what the ISACA Certification Board expects.

This intensive prep course is an ideal way to prepare for the exam. You will gain valuable experience answering sample exam questions while strengthening the  skills you need to approach accreditation with confidence.

NOTE: Seminar materials are continually updated to reflect current CISA requirements.

Course Outline

IS Audit Process

  • risk-based auditing
  • developing the audit strategy
  • planning and executing the audit

IT Governance

  • organization and management structure
  • IT strategy and planning
  • risk management practices
  • IT governance practices
  • international IT standards and guidelines

IS Operations- centralized/decentralized  environments

  • problem and incident management
  • technical support
  • quality assurance (QA)
  • segregation of duties

Hardware Infrastructure

  • hardware acquisition, contracts,  and inventories
  • equipment maintenance/utilization

Software Infrastructure

  • operating systems
  • database management system (DBMS)
  • system software controls

Physical and Environmental  Controls

  • physical security objectives, risks  and controls
  • environmental exposures, risks, and  controls

Logical Access Controls

  • logical access controls objectives
  • authentication: password controls,  tokens, biometrics, managing user accounts
  • authorization
  • audit trail
  • managing security administration
  • single sign-on (SSO) authentication 

Network Infrastructure

  • network terminology
  • centralized and distributed  computing

Local Area Networks

  • cabling: twisted pair, coaxial,  fiber-optics
  • LAN network topologies
  • wireless communications and  associated risks

Network Standards and Protocols 

  • network communication standards
  • common network protocols
  • TCP / IP
  • OSI model, encapsulation, security  issues

Network Devices

  • network interface cards
  • wiring hubs
  • wireless access points
  • bridges
  • switches
  • routers
  • gateways
  • device security

Wide Area Networks

  • differences between LANs and WANs
  • WAN connection methods
  • dial-up and wireless connections and risks
  • switching techniques: circuit,  message, packet, cell


  • Internet technologies
  • IP Addressing
  • URL
  • DNS
  • Web application programming  techniques
  • Internet risks and controls

Network Security

  • network security risk analysis
  • vulnerability testing
  • network security strategy

Network Perimeter Security

  • network security strategies
  • firewalls
  • DMZ
  • intrusion detection systems
  • remote access


  • types of encryption
  • digital signatures and certificates

Business Application Systems

  • objectives of application audits
  • auditing the transaction life cycle
  • auditing the business application  components
  • planning and executing application  audits

Change Management

  • change management objectives/risks
  • change request requirements
  • emergency changes
  • library control software
  • vendor-supplied source code
  • new programming technologies

System Development Life Cycle

  • audits role on development  projects
  • business risks of development  projects
  • project governance practices
  • traditional system development life  cycle
  • rapid application development
  • system testing and acceptance
  • cutover and implementation

Project Management

  • project management risks
  • budgeting and scheduling
  • auditing project management

Disaster Recovery and Business  Continuity Planning

  • disasters and disruptive events
  • business continuity planning steps
  • business impact analysis (BIA)
  • disaster recovery strategies
  • testing the recovery plan
  • continuity plan maintenance 


The certification exam fee is included in this course.
Thank you for your interest in this course. Unfortunately, the course you have selected is currently not open for enrollment. Please complete a Course Inquiry so that we may promptly notify you when enrollment opens.
Required fields are indicated by .