CHAPTER 1: INFORMATION SYSTEM AUDITING PROCESS
Part A: Planning
- IS Audit Standards, Guidelines and Code of Ethics
- Business Processes
- Type of controls
- Risk-Based Audit Planning
- Types of audits and Assessments
Part B: Execution
- Audit Project Management
- Sampling Methodology
- Audit Evidence Collection Techniques
- Data Analytics
- Reporting and communication Techniques
- Quality Assurance and Improvement of the Audit Process
Exercises: Multiple Choices Questions from previous CISA sessions (or comparable exams)
CHAPTER 2: GOVERNANCE AND MANAGEMENT OF IT
Part A: IT Governance
- IT governance and IT Strategy
- IT-related frameworks
- IT Standards, Policies and Procedure
- Organizational Structure
- Enterprise Architecture
- Enterprise Risk Management
- Maturity Models
- Laws, Regulations and Industry Standards Affecting the organization
Part B: IT Management
- IT Resource Management
- IT Service Provider Acquisition and Management
- IT Performance Monitoring and Reporting
- Quality Assurance and Quality Management of IT
Exercises: Multiple Choices Questions from previous CISA sessions (or comparable exams)
CHAPTER 3: INFORMATION SYSTEMS ACQUISITION, DEVELOPMENT AND IMPLEMENTATION
Part A: Information Systems Acquisition and Development
- Project Governance and Management
- Business Case and Feasibility Analysis
- System Development Methodologies
- Control Identification and Design
Part B: Information System Implementation
- Testing Methodologies
- System Migration, Infrastructure Deployment and Data Conversion
- Post-implementation Review
Exercises: Multiple Choices Questions from previous CISA sessions (or comparable exams)
CHAPTER 4: INFORMATION SYSTEMS OPERATIONS AND BUSINESS RESILIENCE
Part A: Information Systems Operations
Common Technology Components
IT Asset Management
- Job Scheduling and Production Process Automation
- System interfaces
- End-User Computing
- Data Governance
- System Performance Management
- Problem and Incident Management
- Change, Configuration, Release and Patch Management
- IT Service Level Management
- Database Management
Part B: Business Resilience
- Business Impact Analysis
- System resiliency
- Data Backup, Storage and Restoration
- Business Continuity Plan
- Disaster Recovery Plan
Exercise: Multiple Choices Questions from previous CISA sessions (or comparable exams)
CHAPTER 5: PROTECTION OF INFORMATION ASSETS
Part A: Information Asset Security and Control
- Information Asset Security Frameworks, Standard and Guidelines
- Privacy Principles
- Physical Access and Environmental Controls
- Identity and Access Management
- Network and Endpoint Security
- Data Classification
- Data Encryption and Encryption-related Techniques
- Public Key Infrastructure
- Web-based Communication Technologies
- Virtualized environment
- Mobile, Wireless and Internet-of-things Devices
Part B: Security Event Management
- Security Awareness Training and Programs
- Information System Attack Methods and Techniques
- Security Testing Tools and Techniques
- Security Monitoring Tools and Techniques
- Incident Response Management
- Evidence Collection and Forensics
Exercises: Multiple Choices Questions from previous CISA sessions (or comparable exams)
PREPARATION TO THE EXAM
- Blank Exam – Partial simulation of the examination carried out at the end of the training.
- Registration to be made on the site www.isaca.org, the closing of the registrations is done 2 months before the date of the examination.
- Presentation of the event: 4 hours of multiples choice questions with 150 questions to be chosen beforehand in French or in English.