CISA Certification Curriculum Outline

CISA Domain: The Process of Auditing Information Systems – Part1

Overview/Description
Auditing Information Systems has become an integral part of business management in both big and small corporate environments. This course examines the starting points for performing and IS audit and some of the standards, guidelines, tools and, techniques that can be used to setup, manage, and monitor the audit function. The Certified Information Systems Auditor (CISA) certification is known worldwide as a standard of achievement for those who audit, control, monitor and assess an organizations information technology and business systems. CISA has been given ISO/IEC 17024:2003 certification by The American National Standards Institute (ANSI). This course will help to prepare learners for the CISA examination.

Target Audience
Information Systems professionals with an interest in information systems audit, control, and security. A minimum of five years of professional information systems auditing, control, or security work experience is required for certification.

Expected Duration (hours)
2.5

Lesson Objectives

CISA Domain: The Process of Auditing Information Systems – Part1

Describe the role of the audit charter in the organization of the IS audit function

Sequence the steps to perform audit planning

Recognize the effect of laws and regulations on audit planning

Recognize how to manage an IS audit function

Describe the points of the code of professional ethics

Match examples of ISACA auditing standards with the correct standard

Identify the IT audit and assurance tools and techniques

Match examples of ISACA auditing guidelines with the correct guideline

Define the three categories of standards in the Information Technology Assurance Framework

Define the guidelines and tools and techniques in the Information Technology Assurance Framework

Recognize risk analysis concepts within an auditing context

Recognize internal controls within an auditing context

Describe IT audit and assurance standards

Describe IT audit and assurance guidelines and tools and techniques

Recognize standards, guidelines, and tools and techniques from the Information Technology Assurance Framework (ITAF)

Work with concepts of risk analysis and internal controls within an auditing context

Course Number:
sp_cisa_a01_it_enus

Back to List

CISA Domain: The Process of Auditing Information Systems - Part 2

Overview/Description
While performing audits, it is extremely important to classify audit information and to evaluate and document both the controls used and the outcomes of all parts of the audit process. This course examines the audit classification process, how risk-based auditing is performed, how compliance testing is used, and the processes and procedures used to evaluate and document the audit process. The Certified Information Systems Auditor (CISA) certification is known world-wide as the standard of achievement for those who assess, audit, control, and monitor an organization’s information systems. CISA has been given ISO/IEC 17024:2003 certification by The American National Standards Institute (ANSI). This course will help to prepare learners for the CISA examination.

Target Audience
Information Systems professionals with an interest in information systems audit, control and security. A minimum of five years of professional information systems auditing, control or security work experience is required for certification.

Expected Duration (hours)
2.5

Lesson Objectives

CISA Domain: The Process of Auditing Information Systems - Part 2

Classify the various types of audits based on the procedures associated with them

Recognize the different phases of an audit

Recognize the concepts of risk-based auditing and audit risk and materiality

Recognize risk assessment concepts within an auditing context

Compare compliance testing and substantive testing

Classify audits and recognize risk-based auditing concepts

Recognize risk assessment concepts and compare testing techniques

Describe the different type of audit aids used by an IS auditor

Specify how to evaluate an audit and recognize how to communicate results to management

Describe the types of audit documentation required during an IS audit

Specify the concept of control self-assessment (CSA) and its objectives

Describe some of the benefits of CSA

Recognize the role of the auditor and technology in CSA

Recognize how the IS audit process must continue to evolve to keep up with innovation in technology

Recognize how to apply audit aids, evaluate and document an audit, and communicate results

Describe the concept of control self-assessment (CSA) and recognize the evolving IS audit process

Course Number:
sp_cisa_a02_it_enus

Back to List

CISA Domain: Governance and Management of IT – Part 1

Overview/Description
IS Governance is an incredibly important part of IS security. Management and monitoring of resources are built into the audit process and the CISA must be aware of the role they will play in the process. This course examines the role of Governance, IT Management and IT Monitoring, and the strategies and models used to evaluate and create policies and procedures within the environment. This course also examines the Risk Management strategies that can be used, and how the CISA plays a role in choosing the correct strategy for the environment. The Certified Information Systems Auditor (CISA) certification is known world-wide as the standard of achievement for those who assess, audit, control, and monitor an organization’s information systems. CISA has been given ISO/IEC 17024:2003 certification by The American National Standards Institute (ANSI). This course will help to prepare learners for the CISA examination.

Target Audience
Information Systems professionals with an interest in information systems audit, control and security. A minimum of five years of professional information systems auditing, control or security work experience is required for certification.

Expected Duration (hours)
2.0

Lesson Objectives

CISA Domain: Governance and Management of IT – Part 1

Match the example of governance to either corporate or IT

Recognize best practices for IT governance

Match examples of other IT monitoring and assurance practices with their correct descriptions

Recognize the role of governance, IT management and IT monitoring in the IS audit process

Recognize information systems strategies

Match maturity and process improvement models with their correct descriptions

Describe IT investment and allocation practices

Recognize the role of policies and procedures in IS auditing

Implement a risk management process

Define risk management techniques and recognize how to develop a risk management program

Match the different risk analysis methods with their correct description

Calculate Annual Loss Expectancy (ALE)

Implement IS strategies, maturity models, and allocation practices

Implement policies, procedures, and risk management

Course Number:
sp_cisa_a03_it_enus

Back to List

CISA Domain: Governance and Management of IT - Part 2

Overview/Description
Information Security Management Practices should adhere to the business goals of an organization, aligning to the objectives that management set down for company improvement. This course examines different types of management practices such as human resource management, sourcing management, change management, financial management, and quality management. This course also looks at how segregation of duties is used to better control information security. Finally, this course examines business continuity and impact analysis and how it can be used as part of information security management practices. The Certified Information Systems Auditor (CISA) certification is known world-wide as the standard of achievement for those who assess, audit, control, and monitor an organization’s information systems. CISA has been given ISO/IEC 17024:2003 certification by The American National Standards Institute (ANSI). This course will help to prepare learners for the CISA examination.

Target Audience
Information Systems professionals with an interest in information systems audit, control and security. A minimum of five years of professional information systems auditing, control or security work experience is required for certification.

Expected Duration (hours)
3.0

Lesson Objectives

CISA Domain: Governance and Management of IT - Part 2

Recognize human resource management practices and how they relate to the IS function

Match IS management approaches with their related features

Recognize how to optimize IT performance

Recognize various outsourcing practices and strategies

Specify how governance relates to outsourcing

Describe how to manage third-party service delivery

Describe IS roles and responsibilities

Recognize how segregation of duties in IS can prevent fraudulent or malicious acts

Match segregation of duties controls and compensating controls to their correct descriptions

Recognize IS management practices

Recognize IS sourcing practices

Recognize IS organizational structure and responsibilities

Interpret IT governance documentation and contractual agreements before auditing the IS function

Compare business continuity planning and IS business continuity planning

Recognize the business continuity planning process and policy

Recognize how to implement business continuity planning incident management

Identify what happens in the business impact analysis phase

Identify the factors to consider while developing the business continuity plan

Recognize the key components of a business continuity plan

Match the plan testing phases with their correct description

Recognize how to review the business continuity plan as part of the IS audit

Describe other tasks related to auditing business continuity

Review IT governance documentation and describe business continuity planning

Recognize how business impact analysis contributes to the development of a business continuity plan

Recognize how to test and audit business continuity

Course Number:
sp_cisa_a04_it_enus

Back to List

CISA Domain: lS Acquisition, Development, and Implementation - Part 1

Overview/Description
The acquisition, development, and management of business projects are important in all information systems builds. The CISA must make sure that all these aspects are brought together, and that the business model of the organization is adhered to at all times during this process. This course examines how business realization is applied, how project management structures are built, and how project management practices are used to correctly implement the project management structures. This course also examines the business applications that are used, and the processes that play a part in these implementations, such as SDLC. The Certified Information Systems Auditor (CISA) certification is known world-wide as the standard of achievement for those who assess, audit, control, and monitor an organization’s information systems. CISA has been given ISO/IEC 17024:2003 certification by The American National Standards Institute (ANSI). This course will help prepare learners for the CISA examination.

Target Audience
Information Systems professionals with an interest in information systems audit, control, and security. A minimum of five years of professional information systems auditing, control, or security work experience is required for certification.

Prerequisites
Information Systems professionals with an interest in information systems audit, control and security. A minimum of five years of professional information systems auditing, control or security work experience is required for certification.

Expected Duration (hours)
3.0

Lesson Objectives

CISA Domain: lS Acquisition, Development, and Implementation - Part 1

Recognize the concept of business realization

Describe the project management structure

Describe characteristics of project management

Recognize techniques to estimate software size and project budgets

Recognize scheduling and general project management techniques

Recognize how to control and close a project

Recognize the concept of business realization and describe project management structure

Recognize project management techniques and practices

Recognize the phases of the traditional SDLC approach

Implement integrated resource management systems

Describe the feasibility phase of SDLC

Describe the requirements phase of SDLC

Describe the software acquisition process

Describe the design phase of SDLC

Recognize programming methodologies in the development phase of SDLC

Recognize testing schemes in the development phase of SDLC

Describe how to plan for the implementation phase of SDLC

Recognize post-implementation practices and techniques

Recognize software development risks and techniques

Recognize the SDLC approach and how to implement integrated resource management systems

Describe the feasibility, requirements, and design phases of SDLC

Describe the development and implementation phases of SDLC

Recognize postimplementation and software development techniques

Course Number:
sp_cisa_a05_it_enus

Back to List

CISA Domain: lS Acquisition, Development and Implementation - Part 2

Overview/Description
Business Application Systems play a substantial role in many corporate infrastructures today. This course examines the role of the auditor in environments where business application systems and agile development systems are being used. The Certified Information Systems Auditor (CISA) certification is known world-wide as the standard of achievement for those who assess, audit, control, and monitor an organization’s information systems. CISA has been given ISO/IEC 17024:2003 certification by The American National Standards Institute (ANSI). This course will help to prepare learners for the CISA examination.

Target Audience
Information Systems professionals with an interest in information systems audit, control and security. A minimum of five years of professional information systems auditing, control or security work experience is required for certification.

Expected Duration (hours)
2.5

Lesson Objectives

CISA Domain: lS Acquisition, Development and Implementation - Part 2

Recognize e-commerce risks, requirements, and best practices

Compare traditional EDI and web-based EDI

Recognize controls in the EDI environment

Recognize whats involved in auditing EDI

Describe the electronic mail process

Recognize the different types of electronic finance systems

Describe EFT and integrated systems

Describe IVR and other electronic systems

Describe image processing and its benefits and risks

Recognize the concepts of artificial intelligence, expert systems, and business intelligence

Recognize support management systems

Recognize alternative forms of software project organization

Recognize alternative software development methods

Recognize the concept of e-commerce and EDI

Recognize electronic systems and Interactive Voice Response (IVR)

Describe image processing, AI, BI, and support management

Recognize alternative forms of software project organization and development

Course Number:
sp_cisa_a06_it_enus

Back to List

CISA Domain: IS Operations, Maintenance and Support – Part 1

Overview/Description
Auditing IS functions must take the hardware and infrastructure resources into account. This course examines IS operation and how it is managed along with IS hardware, and the various components that need to be monitored and audited. This course also examines the architecture of the software and the data management systems that are used in an IS environment. The Certified Information Systems Auditor (CISA) certification is known world-wide as the standard of achievement for those who assess, audit, control, and monitor an organizations information systems. CISA has been given ISO/IEC 17024:2003 certification by The American National Standards Institute (ANSI). This course will help to prepare learners for the CISA examination.

Target Audience
Information Systems professionals with an interest in information systems audit, control and security. A minimum of five years of professional information systems auditing, control or security work experience is required for certification.

Expected Duration (hours)
2.0

Lesson Objectives

CISA Domain: IS Operations, Maintenance and Support – Part 1

Recognize IS management operations

Recognize IS monitoring and support operations

Recognize IS change management

Match computer hardware components and architectures with their correct descriptions

Recognize hardware maintenance and monitoring procedures

Implement capacity planning

Describe the different types of information systems operations

Recognize information systems hardware concepts

Describe operating systems and access control

Recognize database communications and management systems

Recognize tape and disk management systems and utility programs

Recognize software licensing issues and define digital rights management

Recognize the different types of review questions asked during infrastructure and operations auditing

Recognize IS architecture and software concepts

Recognize how to audit infrastructure and operations

Course Number:
sp_cisa_a07_it_enus

Back to List

CISA Domain: IS Operations, Maintenance, and Support - Part 2

Overview/Description
Enterprise network infrastructures and architectures are an integral part of enterprise environments today and are widely unknown to most users. The IS auditor must have a high level knowledge of these frameworks and a clear communication path to those who control them. This course examines the types of networks that are commonly found in enterprises today and the services and components that are commonly used in them. This course also examines disaster recovery strategies and scenarios that must be put in place to deal with any emergency situations that may occur. The Certified Information Systems Auditor (CISA) certification is known world-wide as the standard of achievement for those who assess, audit, control, and monitor an organization’s information systems. CISA has been given ISO/IEC 17024:2003 certification by The American National Standards Institute (ANSI). This course will help to prepare learners for the CISA examination.

Target Audience
Information Systems professionals with an interest in information systems audit, control and security. A minimum of five years of professional information systems auditing, control or security work experience is required for certification.

Expected Duration (hours)
2.5

Lesson Objectives

CISA Domain: IS Operations, Maintenance, and Support - Part 2

Describe the different types of networks

Recognize network services and network standards and protocols

Implement the OSI model in Local Area Networks (LANs)

Describe the characteristics of Wide Area Networks (WANs)

Describe the characteristics of wireless networks

Describe enterprise network architectures

Describe the characteristics of WANs and wireless networks

Recognize public Internet infrastructures

Describe network administration and control features

Define recovery point objective (RPO) and recovery time objective (RTO)

Recognize recovery strategies and recovery alternatives

Recognize disaster recovery plan contents and scenarios

Describe backup and restoration methods

Recognize public Internet infrastructures and network administration and control features

Recognize disaster recovery planning concepts

Course Number:
sp_cisa_a08_it_enus

Back to List

CISA Domain: Protection of Information Assets – Part 1

Overview/Description
One of the main reasons an organization will bring on a CISA is to protect the IS assets of that organization. Resources, both internal and external, need to be secured and access must be controlled at all times. This course examines information security elements and assets, both internal and external, along with the elements that play a role in the protection of those assets. This course also examines the computer crimes that can befall an organization and the incident handling methods that can be used. Finally, this course examines logical access and the methods that can be used to protect assets. The Certified Information Systems Auditor (CISA) certification is known world-wide as the standard of achievement for those who assess, audit, control, and monitor an organization’s information systems. CISA has been given ISO/IEC 17024:2003 certification by The American National Standards Institute (ANSI). This course will help to prepare learners for the CISA examination.

Target Audience
Information Systems professionals with an interest in information systems audit, control and security. A minimum of five years of professional information systems auditing, control or security work experience is required for certification.

Expected Duration (hours)
3.0

Lesson Objectives

CISA Domain: Protection of Information Assets – Part 1

Recognize IS management elements, roles and responsibilities, and asset classifications

Describe system access permissions and controls

Recognize the role of an IS auditor in privacy management and the success of IS management

Recognize information security issues relating to external parties

Recognize human resources security relating issues to third parties

Recognize information security elements and assets

Recognize IS and HR security issues relating to third parties

Recognize different types of computer crimes and exposures

Recognize how to handle and respond to security incidents

Recognize logical access exposures, paths, and controls

Recognize methods of identification and authentication

Describe the various situations or procedures where authorization issues can occur

Recognize how to manage sensitive information

Recognize issues related to computer crime and incident handling

Describe logical access and I&A

Recognize authorization issues and how to manage sensitive information

Course Number:
sp_cisa_a09_it_enus

Back to List

CISA Domain: Protection of Information Assets – Part 2

Overview/Description
Securing the network infrastructure is one of the main reasons an IT department exists in an enterprise environment. The role of a CISA is to audit the security measures and to make sure that the most efficient methods are being used to secure the environment. This course examines the components of the network infrastructure, the common threats they face, and how they can be secured. This course also examines the methods used by a CISA to audit and test the IS security and the internal and external security controls that can be used. The Certified Information Systems Auditor (CISA) certification is known world-wide as the standard of achievement for those who assess, audit, control, and monitor an organization’s information systems. CISA has been given ISO/IEC 17024:2003 certification by The American National Standards Institute (ANSI). This course will help to prepare learners for the CISA examination.

Target Audience
Information Systems professionals with an interest in information systems audit, control, and security. A minimum of five years of professional information systems auditing, control, or security work experience is required for certification.

Expected Duration (hours)
3.5

Lesson Objectives

CISA Domain: Protection of Information Assets – Part 2

Recognize LAN security

Recognize client-server security risks and issues

Recognize wireless security threats and risk mitigation

Describe Internet security threats and controls

Recognize the different categories of firewall security systems available

Recognize examples of firewall implementations and describe firewall issues

Describe IDS, IPS, honeypots, and honeynets

Recognize different types of encryption systems

Describe digital signatures, digital envelope, and public key infrastructure

Recognize applications of cryptographic systems and encryption risks

Recognize virus controls and antivirus strategies

Describe voice-over IP technology

Describe private branch exchange

Recognize network infrastructure security issues and controls

Describe Internet threats and security measures

Recognize encryption methods

Recognize virus controls, VoIP, and PBX

Recognize how to audit the information security management framework

Recognize how to audit logical access controls

Describe security testing and investigation techniques

Recognize how to audit remote access

Describe computer forensic activities

Recognize environmental exposures and controls

Recognize physical access exposures and controls

Describe mobile computing controls

Recognize how to audit, test, and investigate IS security

Recognize how to audit network infrastructure security

Recognize environmental, physical, and mobile computing controls

Course Number:
sp_cisa_a10_it_enus

Back to List

CISA Domain: lS Acquisition, Development and Implementation - Part 3

Overview/Description
This course examines the auditors role in auditing physical and software infrastructures and the maintenance of those infrastructures. The Certified Information Systems Auditor (CISA) certification is known world-wide as the standard of achievement for those who assess, audit, control, and monitor an organizations information systems. CISA has been given ISO/IEC 17024:2003 certification by The American National Standards Institute (ANSI). This course will help to prepare learners for the CISA examination.

Target Audience
Information Systems professionals with an interest in information systems audit, control and security. A minimum of five years of professional information systems auditing, control or security work experience is required for certification.

Expected Duration (hours)
2.0

Lesson Objectives

CISA Domain: lS Acquisition, Development and Implementation - Part 3

Recognize the project phases of physical architecture analysis

Recognize the project phases of planning the implementation of infrastructure

Recognize hardware and software acquisition practices

Describe the change management process

Recognize the configuration management process

Match development tools and productivity aids with their correct descriptions

Recognize business process improvement practices

Recognize input and output application controls

Describe processing procedures and controls

Recognize how to audit application controls

Recognize an IS auditors role in system development and acquisition

Recognize an IS auditors role in system maintenance

Recognize infrastructure development phases and acquisition practices

Describe information systems maintenance and development tools

Recognize business process improvement practices and application controls

Recognize an IS auditors role in auditing application controls, and system development, acquisition, and maintenance

Course Number:
sp_cisa_a11_it_enus

Back to List