Certified credentials recognized by industries in all sectors and domains Accelerate role as Information Security Auditor Help build effective and efficient Information Security Audit Teams with improved technical expertise

Information Systems Auditing Process Basic audit concepts Risk-Based Audit Planning Audit Project Management Implementing audit strategy for information systems Governance and Management of IT IT Governance and Strategy IT Standards, Policies and Procedures IT Performance Monitoring and Reporting Information Systems Acquisition, Development, and Implementation Project Governance and Management System Development Methodologies Configuration and Release Management Information Systems Operations and Business Resilience IS Operational Activities Business Impact Analysis (BIA) Business Continuity Plans (BCP) Disaster Recovery Plans (DRP) Protection of Information Assets Information Asset Security and Control Security Event Management

CISA – Certified Information Systems Auditor | Training & Certification Online

Master the skills of IS auditing, control, and security
Expand your career opportunities
Stay updated with industry best practices
Learn from the best with our custom learning modules

Exam Details

150

Number of Questions

240 Minutes

Exam Duration

MCQ's

Exam Format

450/800

Passing Marks

Description

Globally accepted, developed by ISACA specifically for professionals seeking career opportunities or striving to grow further in their job roles in the field of information system auditing, control, and security.

CISA helps you build expertise and the ability to apply a risk-based approach to plan, execute and report audit engagements. CISA helps implement audit strategies for Information Systems, plan and execute audits, share audit results, and provide recommendations to senior management basis the audit results.

Course Objective

Plan audit to determine whether information systems are protected, controlled and provide value to the organization.
Conduct audits and follow-ups in accordance with IS audit standards and a risk-based IS audit strategy.
Communicate audit progress, findings, results and recommendations to stakeholders.
Evaluate the effectiveness of IT governance structure and IT organizational structure.
Evaluate the organization’s management of IT policies and practices.
Evaluate IT resource and portfolio management for alignment with the organization’s strategies and objectives.
Evaluate IT management and monitoring of controls.
Evaluate the organization’s ability to continue business operations.
Evaluate whether IT supplier selection and contract management processes align with business requirements.
Evaluate controls at all stages of the information systems development lifecycle.
Evaluate the readiness of information systems for implementation and migration into production.
Conduct a post‐implementation review of systems to determine whether project deliverables, controls and requirements are met.
Evaluate whether IT service management practices align with business requirements.
Evaluate database management practices and data governance practices.
Evaluate problem and incident management policies and practices.
Assess change, configuration, release and patch management policies and practices.
Analyse end-user computing to determine whether the processes are effectively controlled.
Evaluate physical and environmental controls to determine whether information assets are adequately safeguarded.
Evaluate logical security controls to verify information confidentiality, integrity and availability.
Evaluate data classification practices for alignment with the organization’s policies and applicable external requirements.
Perform technical security testing to identify potential threats and vulnerabilities.
Utilize data analytics tools to streamline audit processes.
Provide consulting services and guidance to the organization in order to improve the quality and control of information systems.
Identify opportunities for process improvement in the organization’s IT policies and practices.
Evaluate potential opportunities and threats associated with emerging technologies, regulations and industry practices.

Prerequisite

Minimum of 5 years of experience in the field of Information Systems auditing, control, and security
There can be an experience waiver of 3 years for the required 5-year experience in the form of:
- A maximum of 1 year of information systems experience OR 1 year of non-IS auditing experience can be substituted for 1 year of experience.
- 60 to 120 completed university semester credit hours not limited by the 10-year preceding restriction, can be substituted for 1 or 2 years, respectively, of experience.
- A master’s degree in information security or information technology from an accredited university can be substituted for 1 year of experience.
Any professional working or wanting to switch careers in the field of Information Security can pursue the exam, however, the certification can only be obtained if you qualify for the above requirements.

Additional Information