What is the CISA difference?
Certified Information Systems Auditor® (CISA®) is world-renowned as the standard of achievement for those who audit, control, monitor and assess an organization’s IT and business systems. If you are a mid-career professional, CISA can showcase your expertise and assert your ability to apply a risk-based approach to planning, executing and reporting on audit engagements.
What you will learn with the CISA certification?
Information Systems Auditing Process
Providing industry-standard audit services to assist organizations in protecting and controlling information systems, Domain-1 affirms your credibility to offer conclusions on the state of an organization’s IS/IT security, risk and control solutions.
A–PLANNING
- IS Audit Standards, Guidelines, and Codes of Ethics
- Business Processes
- Types of Controls
- Risk-Based Audit Planning
- Types of Audits and Assessments
B–EXECUTION
- Audit Project Management
- Sampling Methodology
- Audit Evidence Collection Techniques
- Data Analytics
- Reporting and Communication Techniques
- Quality Assurance and Improvement of the Audit Process
Governance & Management of IT
This domain confirms to stakeholders your abilities to identify critical issues and recommend enterprise-specific practices to support and safeguard the governance of information and related technologies.
A–IT GOVERNANCE
- IT Governance and IT Strategy
- IT-Related Frameworks
- IT Standards, Policies, and Procedures
- Organizational Structure
- Enterprise Architecture
- Enterprise Risk Management
- Maturity Models
- Laws, Regulations, and Industry Standards affecting the Organization
B–IT MANAGEMENT
- IT Resource Management
- IT Service Provider Acquisition and Management
- IT Performance Monitoring and Reporting
- Quality Assurance and Quality Management of IT
Information Systems Acquisition, Development & Implementation
Domains 3 and 4 offer proof not only of your competency in IT controls, but also your understanding of how IT relates to business.
A–INFORMATION SYSTEMS ACQUISITION AND DEVELOPMENT
- Project Governance and Management
- Business Case and Feasibility Analysis
- System Development Methodologies
- Control Identification and Design
B–INFORMATION SYSTEMS IMPLEMENTATION
- Testing Methodologies
- Configuration and Release Management
- System Migration, Infrastructure Deployment and Data Conversion
- Post-implementation Review
Information Systems Operations and Business Resilience
Domains 3 and 4 offer proof not only of your competency in IT controls, but also your understanding of how IT relates to business.
A–INFORMATION SYSTEMS OPERATIONS
- Common Technology Components
- IT Asset Management
- Job Scheduling and Production Process Automation
- System Interfaces
- End-User Computing
- Data Governance
- Systems Performance Management
- Problem and Incident Management
- Change, Configuration, Release, and Patch Management
- IT Service Level Management
- Database Management
B–BUSINESS RESILIENCE
- Business Impact Analysis (BIA)
- System Resiliency
- Data Backup, Storage, and Restoration
- Business Continuity Plan (BCP)
- Disaster Recovery Plans (DRP)
Information Systems Auditing Process
Cybersecurity now touches virtually every information systems role, and understanding its principles, best practices and pitfalls is a major focus within Domain 5.
A–INFORMATION ASSET SECURITY AND CONTROL
- Information Asset Security Frameworks, Standards, and Guidelines
- Privacy Principles
- Physical Access and Environmental Controls
- Identity and Access Management
- Network and End-Point Security
- Data Classification
- Data Encryption and Encryption-Related Techniques
- Public Key Infrastructure (PKI)
- Web-Based Communication Techniques
- Virtualized Environments
- Mobile, Wireless, and Internet-of-Things (IoT) Devices
B–SECURITY EVENT MANAGEMENT
- Security Awareness Training and Programs
- Information System Attack Methods and Techniques
- Security Testing Tools and Techniques
- Security Monitoring Tools and Techniques
- Incident Response Management
- Evidence Collection and Forensics