Get the knowledge you need to prepare for the Certified Information Systems Auditor (CISA) certification exam.
Overview
Syllabus
Module 1: Information Systems Auditing Process
- CISA welcome and intro
- Introduction to IS audit
- Information Technology Assurance Framework (ITAF)
- Audit strategy
- Laws and regulations
- Business processes
- Types of controls
- Risk-based audit, part 1
- Risk-based audit, part 2
- Audit execution
- Audit evidence collection
- Sampling
- Communication of results
- Additional types of audit
- Enterprise risk management
- Introduction to IT governance
- IT frameworks
- Frameworks continued
- Enterprise architecture
- Evaluation of controls
- Evaluation criteria
- Information security strategy
- Information security program
- Quality control and security management
- Roles and responsibilities
- Introduction To project management
- Project management lifecycle
- Project management documents throughout the lifecycle
- Software development methodologies
- Hardware and software acquisitions
- Control identification and design
- Testing
- System migration and changeover
- Introduction
- Data governance
- The data lifecycle
- Software and systems and APIs
- Cloud deployment
- Problem and incident management
- IS operations
- Database management
- Redundancy
- Business continuity, part 1
- Components of the plan
- Business continuity, part 2
- Introduction and privacy principles
- Physical and environmental controls
- Identity and access management
- SOCs and SLAs
- Networking basics
- The OSI and TCP reference models
- OSI Layers 1 and 2
- OSI Layers 3–7 and TCP model
- Network devices
- NAT and PAT
- Firewalls
- Additional security devices, part 1
- Additional security devices, part 2
- Cryptography basics
- Symmetric cryptography
- Asymmetric cryptography
- Hybrid cryptography
- Integrity
- PKI and wrap-up
- Wireless security
- Indicators of attacks, part 1
- Indicators of attacks, part 2
- Indicators for application attacks
- Cross-site attacks
- Timing attacks
- Memory issues
- Network-based attacks
- Threat actors and vectors
Taught by
Michael Lester and Human Element LLC