Certified Information Systems Auditor® (CISA)
Certified Information Systems Auditor® (CISA)
$799
GOALS & OBJECTIVES
Whether you are seeking a new career
opportunity or striving to grow within your
current organization, a CISA certification
proves your expertise in these work-related
domains:
- INFORMATION SYSTEMS AUDITING PROCESS
- GOVERNANCE AND MANAGEMENT OF IT
- INFORMATION SYSTEMS ACQUISITION, DEVELOPMENT AND IMPLEMENTATION
- PROTECTION OF INFORMATION ASSETS
Description
Duration: 5 Consecutive Days
Domain 1 — Information System Auditing Process
- Plan an audit to determine whether information systems are protected,
controlled, and provide value to the organization. - Conduct an audit in accordance with IS audit standards and a risk-
based IS audit strategy. - Communicate audit progress, findings, results and recommendations to
stakeholders. - Conduct audit follow-up to evaluate whether risk has been sufficiently
addressed. - Evaluate IT management and monitoring of controls.
- Utilize data analytics tools to streamline audit processes.
- Provide consulting services and guidance to the organization in order to
improve the quality and control of information systems. - Identify opportunities for process improvement in the organization’s IT
policies and practices.
Domain 2 – Governance & Management of IT
- Evaluate the IT strategy for alignment with the organization’s strategies
and objectives. - Evaluate the effectiveness of IT governance structure and IT
organizational structure. - Evaluate the organization’s management of IT policies and practices.
- Evaluate the organization’s IT policies and practices for compliance
with regulatory and legal requirements. - Evaluate IT resource and portfolio management for alignment with the
organization’s strategies and objectives. - Evaluate the organization’s risk management policies and practices.
- Evaluate IT management and monitoring of controls.
- Evaluate the monitoring and reporting of IT key performance indicators
(KPIs). - Evaluate whether IT supplier selection and contract management
processes align with business requirements. - Evaluate whether IT service management practices align with business
requirements.
Domain 3 – Information Systems Acquisition, Development, &
Implementation
- Evaluate whether the business case for proposed changes to
information systems meet business objectives. - Evaluate the organization’s project management policies and
practices. - Evaluate controls at all stages of the information systems development
life cycle. - Evaluate the readiness of information systems for implementation and
migration into production. - Conduct post-implementation review of systems to determine whether
project deliverable, controls and requirements are met. - Evaluate change, configuration, release, and patch management
policies and practices.
Domain 4 – Information Systems Operations and Business Resilience
- Evaluate the organization’s ability to continue business operations.
- Evaluate whether IT service management practices align with business
requirements. - Conduct periodic review of information systems and enterprise
architecture. - Evaluate IT operations to determine whether they are controlled effectively
and continue to support the organization’s objectives. - Evaluate IT maintenance practices to determine whether they are
controlled effectively and continue to support the organization’s objectives. - Evaluate database management practices.
- Evaluate data governance policies and practices.
- Evaluate problem and incident management policies and practices.
- Evaluate change, configuration, release, and patch management policies
and practices. - Evaluate end-user computing to determine whether the processes are
effectively controlled.
Domain 5 – Protection of Information Assets
- Conduct audit in accordance with IS audit standards and a risk-based IS
audit strategy. - Evaluate problem and incident management policies and practices.
- Evaluate the organization’s information security and privacy policies and
practices. - Evaluate physical and environmental controls to determine whether
information assets are adequately safeguarded. - Evaluate logical security controls to verify the confidentiality, integrity, and
availability of information. - Evaluate data classification practices for alignment with the organization’s
policies and applicable external requirements. - Evaluate policies and practices related to asset life cycle management.
- Evaluate the information security program to determine its effectiveness
and alignment with the organization’s strategies and objectives. - Perform technical security testing to identify potential threats and
vulnerabilities. - Evaluate potential opportunities and threats associated with emerging
technologies, regulations, and industry practices.
Only logged in customers who have purchased this product may leave a review.
Reviews
There are no reviews yet.