ISACA Certified Information Systems Auditor (CISA®)
Training including examination and certification
.svg)
Machine Learning Engineer
Domain 1: Information System Auditing Process
- IS audit standards, guidelines, functions and code of ethics
- Types of audits, assessments and reviews
- Risk-based audit planning
- Types of controls and considerations
- Audit project management
- Audit testing and sampling methodology
- Techniques for collecting audit evidence
- Audit data analysis
- Reporting and communication techniques
- Quality assurance and improvement of the audit process
Domain 2: IT Governance and Management
- Laws, regulations and industry standards
- Organizational structure, IT governance and IT strategy
- IT policies, standards, procedures and guidelines
- Enterprise architecture and considerations
- Enterprise Risk Management (ERM)
- Data protection program and principles
- Data management and classification
- IT resource management
- IT supplier management
- IT performance monitoring and reporting
- IT quality assurance and quality management
Domain 3: Information Systems Acquisition, Development, and Implementation
- Project control and management
- Business case and feasibility analysis
- Methods for system development
- Identification and design of control mechanisms
- System readiness and implementation tests
- Implementation configuration and release management
- System migration, infrastructure provision and data conversion
- Review after implementation
Domain 4: Information Systems Operations and Business Resilience
- IT components
- IT asset management
- Order planning and automation of production processes
- System interfaces
- End-user computing and shadow IT
- System availability and capacity management
- Problem and incident management
- IT change, configuration and patch management
- Operating log management
- IT service level management
- Database management
- Business impact analysis
- System and operational resilience
- Data backup, storage and recovery
- Business Continuity Plan
- Disaster Recovery Plans
Domain 5: Protection of Information Assets
- Policies, frameworks, standards and guidelines on the security of information resources
- Physical and environmental controls
- Identity and access management
- Network and endpoint security
- Protection against data loss
- Data encryption
- Public key infrastructure (PKI)
- Cloud and virtualized environments
- Mobile, wireless and Internet-of-Things devices
- Training and programs to raise awareness of security issues
- Attack methods and techniques on information systems
- Tools and techniques for security testing
- Protocols, tools and techniques for security monitoring
- Management of security incidents
- Preservation of evidence and forensics
Requirements:
There is no formal admission for attending the course.
The requirements for official ISACA® certification are:
1. passing the CISA® exam
- The examination can also be taken without professional experience.
- After passing the test, certification must be applied for within 5 years.
2. proof of at least five years of professional experience in IS/IT audit, control or security
- The professional experience must have been acquired within the last ten years before submitting the application or within five years of passing the examination.
3. Coverage of at least one or more CISA® domains
- The professional experience must relate to activities that can be assigned to relevant content from the following five CISA® domains:
- Information System Auditing
- Governance and Management of IT
- IS Acquisition, Development and Implementation
- IS Operations and Business Resilience
- Protection of Information Assets
4. possibility of crediting alternative qualifications
- Up to three years of professional experience may be substituted with certain qualifications or academic credentials (e.g., a university degree, other certifications—see the ISACA® website for details).
5. verifiability of professional experience
- The professional experience must be confirmed by a superior or authorized body.
6. submitting the application for certification to ISACA®
- Online application or PDF form
- Payment of an application fee of currently USD 50
7. Agreement to the ISACA® Code of Professional Ethics
- Obligation to comply with professional ethical principles and standards of conduct
8. compliance with Continuing Professional Education (CPE) requirements
- After certification: annual training obligation and proof of maintenance of certification
- Learn to plan and conduct audits according to ISACA® guidelines and standards and to communicate results convincingly
- Developing a risk-based audit strategy, collecting evidence in a systematic manner, and making targeted use of data analysis
- Reviewing audit quality and conducting follow-ups to verify the implementation of the audit team’s recommendations
- Understanding IT governance structures, frameworks (COBIT®, COSO, etc.), and role-based responsibilities
- Evaluate business processes, policies and organization in terms of maturity, resource management and IT QA
- Develop recommendations to improve IT governance in line with business objectives
- Assess how IT systems are acquired, developed, and implemented, and whether they align with the company’s strategy and meet its requirements
- Analyzing project management methods (e.g. SDLC, Agile), outsourcing/sourcing decisions and test strategies
- Supporting the organization with feasibility analyses, system tests and post-implementation checks
- Reviewing IT operational processes, infrastructure, and service management, as well as their impact on business continuity
- Designing and auditing emergency and disaster recovery plans, as well as business impact analyses
- Helping the organization respond quickly and effectively in the event of a crisis
- Evaluating security policies, standards, and controls to ensure confidentiality, integrity, and availability
- Developing measures for the final audit of information security (e.g., access controls, encryption, logging)
- Supporting the organization in establishing effective protection of critical information assets
Depending on your learning style, exam preparation requires at least 10–20 additional hours of study outside of class.
When you register for an ISACA exam, you have six months from the date of registration to schedule and take your exam. So be sure to reserve your exam date well in advance.
All other learning resources, such as QAE, online review courses, webinars, and virtual workshops, will also be available to you for 6 months from the date of redemption. You will retain access to the official review manuals indefinitely.
Exam format:
- 150 multiple-choice questions
- Duration: 4 hours (240 minutes)
- Implementation: Online with remote proctoring or in an authorized test center
- Language: Available in multiple languages (you select the language when you register for the exam.)
- Aids: none
The course is aimed at professionals and executives from IT management, IT security, IT operations, security consulting, auditing, project management and compliance who are concerned with the compliance of information systems and are looking for sound preparation for the CISA® certification exam.
Ideal for IT auditors, internal auditors, security officers, risk managers, andspecialists who want to systematically assess IT systems and controls. The CISA® certification validates your professional expertise and enhances your credibility when interacting with stakeholders, employees, and regulatory authorities.
.svg)
