Certified Information Systems Auditor (CISA) by ISACA

COURSE REQUIREMENTS

There are no prerequisites for this course.

COURSE SYLLABUS

The Certified Information Systems Auditor (CISA) certification, offered by ISACA, is structured around five key domains, each focusing on critical aspects of information systems auditing, control, and security:

Information System Auditing Process: This domain emphasizes providing audit services in accordance with IT audit standards to assist organizations in protecting and controlling information systems. Key topics include:

• Planning:​
• IS Audit Standards, Guidelines, and Codes of Ethics
• Types of Audits, Assessments, and Reviews
• Risk-Based Audit Planning
• Types of Controls and Considerations
• Execution:
• IAudit Project Management
• Audit Testing and Sampling Methodology
• Audit Evidence Collection Techniques
• Audit Data Analytics
• Reporting and Communication Techniques
• Quality Assurance and Improvement of Audit Process

Governance and Management of IT: This domain focuses on ensuring that IT governance and management practices support the organization’s strategies and objectives. Key topics include:​

• IT Governance:​
• Laws, Regulations, and Industry Standards
• Organizational Structure, IT Governance, and IT Strategy
• IT Policies, Standards, Procedures, and Practices
• Enterprise Architecture and Considerations
• Enterprise Risk Management
• Privacy Program and Principles
• Data Governance and Classification
• IT Management:​
• IT Resource Management
• IT Vendor Management
• IT Performance Monitoring and Reporting
• Quality Assurance and Quality Management of IT

Information Systems Acquisition, Development, and Implementation: This domain addresses the processes for acquiring, developing, and implementing information systems that align with organizational objectives. Key topics include:

• Information Systems Acquisition and Development:
• Project Governance and Management
• Business Case and Feasibility Analysis
• System Development Methodologies
• Control Identification and Design
• IInformation Systems Implementation:​
• System Readiness and Implementation Testing
• Implementation Configuration and Release Management
• System Migration, Infrastructure Deployment, and Data Conversion
• Post-implementation Review

IInformation Systems Operations and Business Resilience: This domain focuses on the effectiveness and efficiency of information systems operations and ensuring business resilience. Key topics include:

• Information Systems Operations:​
• IT Components
• IT Asset Management
• Job Scheduling and Production Process Automation
• System Interfaces
• Shadow IT and End-User Computing
• Systems Availability and Capacity Management
• Problem and Incident Management
• IT Change, Configuration, and Patch Management
• Operational Log Management
• IT Service Level Management
• Database Management
• Business Resilience:
• Business Impact Analysis (BIA)
• System Resiliency
• Data Backup, Storage, and Restoration
• Business Continuity Plan (BCP)
• Disaster Recovery Plan (DRP)
• BCP and DRP Testing Methods

Protection of Information Assets: This domain ensures that information assets have the necessary levels of protection. Key topics include:

• Information Asset Security Frameworks, Standards, and Guidelines
• Privacy Principles
• Physical Access and Environmental Controls
• Identity and Access Management
• Network and Endpoint Security
• Data Classification
• Data Encryption and Masking
• Public Key Infrastructure (PKI)
• Web-Based Communication Techniques
• Virtualized Environments
• Mobile, Wireless, and Internet-of-Things (IoT) Devices
• Data Leakage Prevention (DLP)
• Security Awareness Training
• Threat Intelligence and Vulnerability Management
• Incident Response Management
• Forensic Investigation
• Fraud Risk Factors