CISA Cert Prep: 1 Auditing Information Systems for IS Auditors

Get the knowledge you need to prepare for the Certified Information Systems Auditor (CISA) certification exam.

Module 1: Information Systems Auditing Process

• CISA welcome and intro
• Introduction to IS audit
• Information Technology Assurance Framework (ITAF)
• Audit strategy
• Laws and regulations
• Business processes
• Types of controls
• Risk-based audit, part 1
• Risk-based audit, part 2
• Audit execution
• Audit evidence collection
• Sampling
• Communication of results
• Additional types of audit

Module 2: Governance and Management of IT

• Enterprise risk management
• Introduction to IT governance
• IT frameworks
• Frameworks continued
• Enterprise architecture
• Evaluation of controls
• Evaluation criteria
• Information security strategy
• Information security program
• Quality control and security management
• Roles and responsibilities

Module 3: Information Systems Acquisition, Development, and Implementations

• Introduction To project management
• Project management lifecycle
• Project management documents throughout the lifecycle
• Software development methodologies
• Hardware and software acquisitions
• Control identification and design
• Testing
• System migration and changeover

Module 4: Information Systems Operations and Business Resilience

• Introduction
• Data governance
• The data lifecycle
• Software and systems and APIs
• Cloud deployment
• Problem and incident management
• IS operations
• Database management
• Redundancy
• Business continuity, part 1
• Components of the plan
• Business continuity, part 2

Module 5: Information Asset Security and Control

• Introduction and privacy principles
• Physical and environmental controls
• Identity and access management
• SOCs and SLAs
• Networking basics
• The OSI and TCP reference models
• OSI Layers 1 and 2
• OSI Layers 3–7 and TCP model
• Network devices
• NAT and PAT
• Firewalls
• Additional security devices, part 1
• Additional security devices, part 2
• Cryptography basics
• Symmetric cryptography
• Asymmetric cryptography
• Hybrid cryptography
• Integrity
• PKI and wrap-up
• Wireless security
• Indicators of attacks, part 1
• Indicators of attacks, part 2
• Indicators for application attacks
• Cross-site attacks
• Timing attacks
• Memory issues
• Network-based attacks
• Threat actors and vectors