Profile of the Programme:

The Certified Information Systems Auditor (CISA) designation is a globally recognized certification awarded by ISACA for information systems audit control, assurance and security professionals. Being CISA-certified showcases your audit experience, skills and knowledge, and demonstrates you are capable to assess vulnerabilities, report on compliance and institute controls within the enterprise.

Who is it addressed to:

  • Information System Auditors
  • IT Administrators
  • Chief Information Security Officers (CISO)
  • Risk Managers
  • Compliance Personnel
  • Anyone seeking broader understanding of IT audit best practices

Areas Covered

The course is designed to cover the domains (detailed below) required by ISACA for the CISA qualification and in addition will provide participants with an IT crash course for students who would like to refresh their knowledge or have no previous IT professional experience.

Please note: The IT crash course is optional and can be attended as a separate course.

  • Auditing
  • Risk-Based Auditing
  • Internal Controls
  • Audit Planning
  • Performing the Audit
  • Sampling
  • Audit Analysis and Reporting
  • Control Self-Assessment (CSA)
  • ISACA Code of professional Ethics
  • Governance and Management of IT
  • Strategic Planning and Models
  • Policies, Standards and Procedures
  • Risk Management
  • Resource Management
  • Management of IT Functional Operations
  • Business Continuity Planning (BCP)
  • Program and Project Management
  • Systems Development Lifecycle (SDLC)
  • Types of Specialized Business Applications
  • Acquisition
  • Application Controls
  • Auditing System Operations and Maintenance
  • System and Communications Hardware
  • Auditing Networks
  • Auditing Job Scheduling
  • Business Continuity and Disaster Recovery Plans
  • Auditing of Business Continuity Plans
  • Information Security Management
  • Access Controls
  • Equipment and Network Security
  • Encryption
  • Malware
  • Incident Handling and Evidence
  • Physical and Environmental Controls
  • Important IT Terminology
  • IT architecture related to data, applications and technology
  • Services and product Acquisition practices
  • Requirements analysis and management practices
  • System development methodologies and tools
  • Testing methodologies related to information systems development
  • Technology concepts related to networks
  • Technology concepts related to systems software
  • Operating systems
  • Hardware concepts
  • Applications & SDLC
  • Databases administration practices
  • System resiliency tools and techniques
  • Capacity planning and monitoring tools
  • Network analyzers, system utilization report, load balancing
  • Change Management
  • OSI
  • Disaster recovery and Business Continuity
  • Logical access control
  • Malware, viruses, spyware
  • Security testing techniques
  • Data leakage
  • Voice communication security
  • IT security
  • Firewalls
  • Risks, threats, vulnerability analysis, BIA
  • Cloud computing
  • Virtualization
  • Network and Internet security devices, protocols and techniques