Certified Information Systems Auditor

Upon successful completion of this course, students will be able to:

• implement information systems audit services in accordance with information systems audit standards, guidelines, and best practices.
• evaluate an organization's structure, policies, accountability, mechanisms, and monitoring practices.
• evaluate information systems acquisition, development, and implementation. You will also perform the post-implementation tasks needed to determine if the changes made were done correctly, meet their objectives, and are being properly maintained / perform a post-implementation review.
• evaluate the information systems operations, maintenance, and support of an organization; and evaluate the business continuity and disaster recovery processes used to provide assurance that in the event of a disruption, IT services are maintained; evaluating the overall BCP and DRP.
• define the protection policies used to promote the confidentiality,             integrity, and availability of information assets.

Lesson 1: The Process of Auditing Information Systems

Topic 1A: ISACA Information Systems Auditing Standards and Guidelines

Topic 1B: Fundamental Business Processes

Topic 1C: Develop and Implement an Information Systems Audit Strategy

Topic 1D: Plan an Audit

Topic 1E: Conduct an Audit

Topic 1F: The Evidence Lifecycle

Topic 1G: Communicate Issues, Risks, and Audit Results

Topic 1H: Support the Implementation of Risk Management and Control Practices

Lesson 2: IT Governance and Management

Topic 2A: Evaluate the Effectiveness of IT Governance

Topic 2B: Evaluate the IT Organizational Structure and HR Management

Topic 2C: Evaluate the IT Strategy and Direction

Topic 2D: Evaluate IT Policies, Standards, and Procedures

Topic 2E: Evaluate the Effectiveness of Quality Management Systems

Topic 2F: Evaluate IT Management and Monitoring of Controls

Topic 2G: IT Resource Investment, Use, and Allocation Practices

Topic 2H: Evaluate IT Contracting Strategies and Policies

Topic 2I: Evaluate Risk Management Practices

Topic 2J: Performance Monitoring and Assurance Practices

Topic 2K: Evaluate the Organization's Business Continuity Plan

Lesson 3: Information Systems Acquisition, Development, and Implementation

Topic 3A: Evaluate the Business Case for Change

Topic 3B: Evaluate Project Management Frameworks and Governance Practices

Topic 3C: Development Lifecycle Management

Topic 3D: Perform Periodic Project Reviews

Topic 3E: Evaluate Control Mechanisms for Systems

Topic 3F: Evaluate Development and Testing Processes

Topic 3G: Evaluate Implementation Readiness

Topic 3H: Evaluate a System Migration

Topic 3I: Perform a Post-Implementation System Review

Lesson 4: Information Systems Operations, Maintenance, and Support

 Topic 4A: Perform Periodic System Reviews

Topic 4B: Evaluate Service Level Management Practices

Topic 4C: Evaluate Third Party Management Practices

Topic 4D: Evaluate Operations and End User Management Practices

Topic 4E: Evaluate the Maintenance Process

Topic 4F: Evaluate Data Administration Practices

Topic 4G: Evaluate the Use of Capacity and Performance Monitoring Methods

Topic 4H: Evaluate Change, Configuration, and Release Management Practices

Topic 4I: Evaluate Problem and Incident Management Practices

Topic 4J: Evaluate the Adequacy of Backup and Restore Provisions

Lesson 5: Protection of Information Assets

Topic 5A: Information Security Design

Topic 5B: Encryption Basics

Topic 5C: Evaluate the Functionality of the IT Infrastructure

Topic 5D: Evaluate Network Infrastructure Security

Topic 5E: Evaluate the Design, Implementation, and Monitoring of Logical Access Controls

Topic 5F: Risks and Controls of Virtualization

Topic 5G: Evaluate the Design, Implementation, and Monitoring of Data Classification Process

Topic 5H: Evaluate the Design, Implementation, and Monitoring of Physical Access Controls

Topic 5I: Evaluate the Design, Implementation, and Monitoring of Environmental Controls

Appendix A: ISACA® CISA® Certification Process