Certified Information Systems Auditor (CISA)

The Certified Information Systems Auditor (CISA) course covers all the six domains of the CISA exam offered by the Information Systems Audit and Control Association (ISACA). CISA exam has become the industry standard for the IT auditing, control and security. The course helps the students to gain relevant, up-to-date and concise knowledge along with hands-on practice exams to prepare for the CISA certification exam.

CISA is one of the most popular and high-demand IT certifications available in the market, approximately, more than 60,000 professionals hold CISA certification. The CISA certification is also consistently named one of the best professional certifications to have by the leading analysts around the world. The course offers the students to gain comprehensive knowledge and concepts that are required to pass the CISA certification exam.

What You'll Learn

• After successfully completing this course, the students will be able to understand the six domains covered in the CISA exam:
• IT audit process
• IT governance
• Systems and infrastructure lifecycle management
• IT service delivery and support
• Protection of information assets
• Business continuity and disaster recovery

Class Curriculum

Course Introduction
Introduction (0:52)
Course Introduction (2:46)
Module 01 -The Process of Auditing Information Systems (03:44:08)
Introduction
Lesson 1: Management of the Audit Function
Lesson 2: ISACA IT Audit and Assurance Standards and Guidelines
Lesson 3: Risk Analysis
Lesson 4: Internal Controls
Lesson 5: Performing An IS Audit
Lesson 6: Control Self-Assessment
Lesson 7: The Evolving IS Audit Process
Section Review
Review Questions
Module 02 - Governance and Management of IT (03:41:17)
Introduction
Lesson 1: Corporate Governance
Lesson 2: IT Governance
Lesson 3: IT Monitoring and Assurance Practices for Board and Senior Management
Lesson 4: Information Systems Strategy
Lesson 5: Maturity and Process Improvement Models
Lesson 6: IT Investment and Allocation Practices
Lesson 7: Policies and Procedures
Lesson 8: Risk Management
Lesson 9: IS Management Practices
Lesson 10: IS Organizational Structure and Responsibilities
Lesson 11: Auditing IT Governance Structure and Implementation
Lesson 12: Business Continuity Planning
Summary of BCP
Section Review
Review Questions
Module 03 - Information Systems Acquisition, Development and Implementation (03:12:01)
Lesson 1: Business Realization
Lesson 2: Project Management Structure
Lesson 3: Project Management Practices
Lesson 4: Business Application Development
Lesson 5: Business Application Systems
Lesson 6: Alternative Forms of Software Project Organization
Lesson 7: Alternative Development Methods
Lesson 8: Infrastructure Development/Acquisition Practices
Lesson 9: Information Systems Maintenance Practices
Lesson 10: System Development Tools And Productivity Aids
Lesson 11: Business Process Reengineering And Process Change Projects
Lesson 12: Application Controls
Lesson 13: Auditing Application Controls
Lesson 14: Auditing Systems Development, Acquisition And Maintenance
Section Review (1:22)
Review Questions
Module 04 - Information Systems Operations, Maintenance and Support (02:14:18)
Introduction (0:47)
Lesson 1: Information Systems Operations
Lesson 2: Information Systems Hardware
Lesson 3: IS Architecture and Software
Lesson 4: Network Infrastructure
Lesson 5: Disaster Recovery Planning
Module 04 Review (1:01)
Review Questions
Module 05 - Protection of Information Assets (02:30:27)
Introduction (1:30)
Lesson 1: Importance Of Information Security (1:18)
Key Elements of Information Security Management (1:07)
Information Security Management Roles and Responsibilities (0:15)
Inventory and Classification of Information Assets Part1 (0:53)
Inventory and Classification of Information Assets Part2 (1:46)
System Access Permission Part1 (3:03)
System Access Permission Part2 (2:37)
Mandatory and Discretionary Access Controls (2:42)
Privacy Management Issue and the Role of IS Auditors Part1 (0:41)
Privacy Management Issue and the Role of IS Auditors Part2 (0:36)
Critical Success Factors to Information Security Management (0:54)
Information Security and External Parties (1:16)
Identification of Risks Related to External Parties (1:08)
Addressing Security When Dealing with Customers (2:55)
Addressing Security and Third-Party Agreements Part1 (0:41)
Addressing Security and Third-Party Agreements Part2 (0:42)
Human Resources Security and Third Parties Part1 (1:37)
Human Resources Security and Third Parties Part2 (1:25)
Computer Crime Issues and Exposures Part1 (2:45)
Computer Crime Issues and Exposures Part2 (2:26)
Types of Computer Crimes Part1 (1:36)
Types of Computer Crimes Part2 (3:44)
Peer to Peer, Instant Messaging, Data Leakage and Web-Based Technologies (2:20)
Security Incident Handling and Response Part1 (2:05)
Security Incident Handling and Response Part2 (1:32)
Lesson 2: Logical Access (0:25)
Logical Access Exposures (0:43)
Familiarization with the Enterprise IT Environment (0:19)
Paths of Logical Access (1:02)
General Points of Entry (0:17)
Logical Access Control Software (0:40)
Identification and Authentication (1:51)
Features of Passwords Part1 (1:08)
Features of Passwords Part2 (2:20)
Identification and Authentication Best Practices (3:09)
Token Devices, One-Time Passwords (1:35)
Management of Biometrics (2:47)
Single Sign-On Part1 (1:35)
Single Sign-On Part2 (1:06)
Authorization Issues (0:37)
Access Control Lists (0:44)
Logical Access Security Administration (1:00)
Remote Access Security Part1 (1:41)
Remote Access Security Part2 (1:07)
Common Connectivity Methods Part1 (2:33)
Common Connectivity Methods Part2 (0:21)
Remote Access Using PDAs (1:53)
Access Issues with Mobile Technology (2:13)
Access Rights to System Logs (1:04)
Tools for Audit Trail Analysis (0:55)
Use of Intrusion Detection (1:31)
Storing, Retrieving, Transporting and Disposing of Confidential Information (2:41)
Lesson 3: Network Infrastructure Security (0:43)
LAN Security (0:37)
Virtualization (0:43)
Client/Server Security Part1 (1:24)
Client/Server Security Part2 (2:21)
Client/Server Security Part3 (0:52)
Wireless Security Threats and Risks Mitigation Part1 (0:32)
Wireless Security Threats and Risks Mitigation Part2 (0:56)
Internet Threats and Security (2:06)
Network Security Threats (3:13)
Internet Security Control Audits (3:00)
Firewall Security Systems (3:51)
Common Attacks Against a Firewall (1:46)
Examples of Firewall Implementation (1:55)
Intrusion Detection (2:09)
Describing IDS and IPS Deployment (2:38)
Encryption Part1 (0:48)
Encryption Part2 (2:29)
Uses of Encryption (1:39)
Viruses (1:48)
Technical Controls Against Viruses (0:20)
AV Software (1:24)
Voice Over IP (1:17)
Private Branch Exchange (1:04)
Lesson 4: Auditing Information Security Management Framework Part1 (0:19)
Auditing Information Security Management Framework Part2 (0:43)
Auditing Logical Access (0:45)
Techniques for Testing Security (1:38)
Lesson 5: Auditing Network Infrastructure Security (1:11)
Auditing Remote Access (1:29)
Network Penetration Test (2:56)
Types of Penetration Tests (1:52)
Full Network Assessment Reviews (0:41)
Development and Authorization of Network Changes (0:39)
Unauthorized Changes (1:00)
Computer Forensics (1:33)
Chain of Evidence (2:19)
Lesson 6: Environmental Exposures and Controls Part1 (0:04)
Environmental Exposures and Controls Part2 (2:25)
Lesson 7: Physical Access Exposures and Controls (0:15)
Physical Access Exposures (1:00)
Physical Access Controls (2:04)
Auditing Physical Access (1:28)
Lesson 8: Mobile Computing Part1 (0:12)
Mobile Computing Part2 (1:30)
Module 05 Review (1:07)
Review Questions
Start Course Closure (2:44)

• IT audit, control, assurance, and security professionals
• IT consultants, auditors, and managers
• Security policy writers
• Privacy officers
• Information security officers
• Network security engineers

• The course requires the candidates to have systems administration experience, familiarity with networking fundamentals such as TCP/IP, and an understanding of UNIX, Linux, and Windows operating systems.
• This is an advanced level course and requires the students to have basic concepts and knowledge of the IT security and a minimum of 3-5 years practical experience.

Information Security Officer

Currently there are no Q&As for this course. Be the first to ask a question.