This 5-day course prepares the CISA® Certified Information Systems Auditor exam by covering the entire Common Body of Knowledge (CBK) course, a common core of knowledge in security defined by the ISACA® Information Systems Audit and Control Association. CISA certification is recognized around the world. It is aligned with the 27th Edition of the CBK, updated for 2019 Job Practice

CHAPTER 1: INFORMATION SYSTEM AUDITING PROCESS

Part A: Planning

• IS Audit Standards, Guidelines and Code of Ethics
• Business Processes
• Type of controls
• Risk-Based Audit Planning
• Types of audits and Assessments

Part B: Execution

• Audit Project Management
• Sampling Methodology
• Audit Evidence Collection Techniques
• Data Analytics
• Reporting and communication Techniques
• Quality Assurance and Improvement of the Audit Process

Exercises: Multiple Choices Questions from previous CISA sessions (or comparable exams)

CHAPTER 2: GOVERNANCE AND MANAGEMENT OF IT

Part A: IT Governance

• IT governance and IT Strategy
• IT-related frameworks
• IT Standards, Policies and Procedure
• Organizational Structure
• Enterprise Architecture
• Enterprise Risk Management
• Maturity Models
• Laws, Regulations and Industry Standards Affecting the organization

Part B: IT Management

• IT Resource Management
• IT Service Provider Acquisition and Management
• IT Performance Monitoring and Reporting
• Quality Assurance and Quality Management of IT

Exercises: Multiple Choices Questions from previous CISA sessions (or comparable exams)

CHAPTER 3: INFORMATION SYSTEMS ACQUISITION, DEVELOPMENT AND IMPLEMENTATION

Part A: Information Systems Acquisition and Development

• Project Governance and Management
• Business Case and Feasibility Analysis
• System Development Methodologies
• Control Identification and Design

Part B: Information System Implementation

• Testing Methodologies
• System Migration, Infrastructure Deployment and Data Conversion
• Post-implementation Review

Exercises: Multiple Choices Questions from previous CISA sessions (or comparable exams)

CHAPTER 4: INFORMATION SYSTEMS OPERATIONS AND BUSINESS RESILIENCE

Part A: Information Systems Operations

Common Technology Components

IT Asset Management

• Job Scheduling and Production Process Automation
• System interfaces
• End-User Computing
• Data Governance
• System Performance Management
• Problem and Incident Management
• Change, Configuration, Release and Patch Management
• IT Service Level Management
• Database Management

Part B: Business Resilience

• Business Impact Analysis
• System resiliency
• Data Backup, Storage and Restoration
• Business Continuity Plan
• Disaster Recovery Plan

Exercise: Multiple Choices Questions from previous CISA sessions (or comparable exams)

CHAPTER 5: PROTECTION OF INFORMATION ASSETS

Part A: Information Asset Security and Control

• Information Asset Security Frameworks, Standard and Guidelines
• Privacy Principles
• Physical Access and Environmental Controls
• Identity and Access Management
• Network and Endpoint Security
• Data Classification
• Data Encryption and Encryption-related Techniques
• Public Key Infrastructure
• Web-based Communication Technologies
• Virtualized environment
• Mobile, Wireless and Internet-of-things Devices

Part B: Security Event Management

• Security Awareness Training and Programs
• Information System Attack Methods and Techniques
• Security Testing Tools and Techniques
• Security Monitoring Tools and Techniques
• Incident Response Management
• Evidence Collection and Forensics

Exercises: Multiple Choices Questions from previous CISA sessions (or comparable exams)

PREPARATION TO THE EXAM

• Blank Exam - Partial simulation of the examination carried out at the end of the training.
• Registration to be made on the site www.isaca.org, the closing of the registrations is done 2 months before the date of the examination.
• Presentation of the event: 4 hours of multiples choice questions with 150 questions to be chosen beforehand in French or in English.