SECP05 - CISA: Certified Information Systems Auditor Exam Prep (32 hrs)
Course Description
An Intensive Review of the Topics Covered in the Certified Information Systems Auditor Exam
In this seminar you will focus exclusively on the essential areas covered in the CISA exam. You will cover the CISA content areas you need to know for the exam, including IS audit process, IT governance, systems and infrastructure life-cycle management, IT service delivery and support, information asset protection, and business continuity and disaster recovery. Following each section, you will work through a series of sample exam questions to give you a "feel" for the format and the types of questions you will encounter. You will then review the correct answers for a better understanding of what the ISACA Certification Board expects.
This intensive prep course is an ideal way to prepare for the exam. You will gain valuable experience answering sample exam questions while strengthening the skills you need to approach accreditation with confidence.
NOTE: Seminar materials are continually updated to reflect current CISA requirements.
Course Outline
IS Audit Process
- risk-based auditing
- developing the audit strategy
- planning and executing the audit
IT Governance
- organization and management structure
- IT strategy and planning
- risk management practices
- IT governance practices
- international IT standards and guidelines
IS Operations- centralized/decentralized environments
- problem and incident management
- technical support
- quality assurance (QA)
- segregation of duties
Hardware Infrastructure
- hardware acquisition, contracts, and inventories
- equipment maintenance/utilization
Software Infrastructure
- operating systems
- database management system (DBMS)
- system software controls
Physical and Environmental Controls
- physical security objectives, risks and controls
- environmental exposures, risks, and controls
Logical Access Controls
- logical access controls objectives
- authentication: password controls, tokens, biometrics, managing user accounts
- authorization
- audit trail
- managing security administration
- single sign-on (SSO) authentication
Network Infrastructure
- network terminology
- centralized and distributed computing
Local Area Networks
- cabling: twisted pair, coaxial, fiber-optics
- LAN network topologies
- wireless communications and associated risks
Network Standards and Protocols
- network communication standards
- common network protocols
- TCP / IP
- OSI model, encapsulation, security issues
Network Devices
- network interface cards
- wiring hubs
- wireless access points
- bridges
- switches
- routers
- gateways
- device security
Wide Area Networks
- differences between LANs and WANs
- WAN connection methods
- dial-up and wireless connections and risks
- switching techniques: circuit, message, packet, cell
Internet
- Internet technologies
- IP Addressing
- URL
- DNS
- Web application programming techniques
- Internet risks and controls
Network Security
- network security risk analysis
- vulnerability testing
- network security strategy
Network Perimeter Security
- network security strategies
- firewalls
- DMZ
- intrusion detection systems
- remote access
Encryption
- types of encryption
- digital signatures and certificates
Business Application Systems
- objectives of application audits
- auditing the transaction life cycle
- auditing the business application components
- planning and executing application audits
Change Management
- change management objectives/risks
- change request requirements
- emergency changes
- library control software
- vendor-supplied source code
- new programming technologies
System Development Life Cycle
- audits role on development projects
- business risks of development projects
- project governance practices
- traditional system development life cycle
- rapid application development
- system testing and acceptance
- cutover and implementation
Project Management
- project management risks
- budgeting and scheduling
- auditing project management
Disaster Recovery and Business Continuity Planning
- disasters and disruptive events
- business continuity planning steps
- business impact analysis (BIA)
- disaster recovery strategies
- testing the recovery plan
- continuity plan maintenance