TNA Technologies Net Alliance is offering: CISA training is world-renowned standard of achievement for those who audit control monitor and assess an organizations information technology and business systems.
Since 1978, the Certified Information Systems Auditor (CISA) program, sponsored by ISACA®, has been the globally accepted standard of achievement among information systems (IS) audit, control and security professionals. Companies around the world prefer to hire and retain professionals that have the certified skills sets covered by the CISA program. Earning the CISA designation helps individuals to demonstrate proficiency in today’s most sought after skills and helps assure a positive reputation as a qualified IS audit, control and/or security professional. There are now over 50,000 CISAs worldwide. CISAs are legally qualified auditors for regulatory compliance under Sarbanes-Oxley (corporations), Gramm-Leach-Biley & FFIEC (both financial), FISMA (government), HIPAA (medical records), SCADA (utilities) and other regulations.
This course is designed to prepare the participants for the CISA examination. It covers the unique aspects of managing an audit and the knowledge necessary to complete the task. The course focuses on the design and implementation of general computer control, application level control auditing as well as introducing the risk based management approach. The objectives of the course are:
· To prepare the participants for the CISA examination
· To teach how to perform Information System Auditing
· To make the participants aware of CISA professional ethics
· To disseminate information about Information Systems Auditing Standards
· Information security professionals interested in preparing for the understanding the concepts defined in the five CISA domains as defined by ISACA
· Chartered Accountants / Management Consultants who are regularly involved in cross business activities covered by the CISA domain areas
· Auditors who are considering the CISA examination to validate their skills
· Managers, system administrators, or other technical staff members interested in understanding core auditing processes for internal audits
The course will focus on the five domain areas that are outlined by ISACA. The course will be blended by interactive exercises, case studies and reading assignments.
IT Audit Process: The Process of Auditing Information Systems: Provides necessary knowledge to conduct audit services in accordance with IT audit standards to assist the organizations with protecting and controlling information systems. The material covered in this session corresponds to the Domain 1 of the CISA body of knowledge.
IT Governance: Develops the required understanding to give assurance that the necessary leadership and organizational structures and processes are in place to achieve the objectives and to support the enterprise strategy. This session corresponds to the Domain 2 of the CISA body of knowledge.
Information Systems Acquisition, Development and Implementation: Covers the tasks and knowledge areas related to: (1) developing business case for information systems acquisition, development, maintenance, and retirement; and (2) evaluation of project management practices and controls to determine whether business requirements are achieved; This session partially covers the Domain 3 of CISA body of knowledge. Covers tasks and knowledge related to the Domain 3 of CISA body of knowledge. Specifically it covers topic related to: and (3) conducting reviews of project management practices; and (4) evaluating the controls for requirements, acquisition, development and testing phases for compliance with the organization’s policies, standards, procedures and applicable external requirements. Covers the remaining tasks and knowledge related to Domain 3 of CIS body of knowledge: (5) evaluation the readiness for implementation and migration into production to determine whether project deliverables, controls and the organization’s requirements are met; and (6) conducting post-implementation reviews of systems to determine whether project deliverables, controls and the organization’s requirements are met.
Information Systems Operations, Maintenance and Support: Covers the tasks and knowledge areas related to: (1) conducting periodic reviews to determine whether they continue to meet the organization’s objectives; (2) evaluate service level management; (3) evaluating third-party management practices; (4) evaluate operations and end-user procedures; and (5) evaluating the process of information systems maintenance. This session partially covers Domain 4 of the CISA body of knowledge. Covers the tasks and knowledge areas related to: (6) evaluating data administration practices to determine the integrity and optimization of databases; (7) evaluating the use of capacity and performance monitoring tools and techniques to determine whether IT services meet the organization’s objectives; This session partially covers Domain 4 of the CISA body of knowledge. Covers the tasks and knowledge areas related to: (8) evaluating problem and incident management practices to determine whether incidents, problems or errors are recorded analyzed and resolved in a timely manner; and (9) evaluating change, configuration and release management practices to determine whether scheduled and nonscheduled changes make to the organization’s production environment are adequately controlled and documented; Covers the tasks and knowledge areas related to: (10) evaluating the adequacy of backup and restore provisions to determine the availability of information required to resume processing; and (11) evaluating the organization’s disaster recovery of IT processing capabilities in the event of a disaster. This session completes the remaining parts of Domain 4 of the CISA body of knowledge.
Protection of Information Assets: Covers the tasks and knowledge areas related to: (1) Evaluating the information security policies, standards and procedures for completeness and alignment with generally accepted practices; (2) Evaluating the design, implementing and monitoring of system and logical security controls to verify the confidentiality, integrity and availability of information; and (3) Evaluating the design, implementation and monitoring of the data classification processes and procedures for alignment with the organization’s policies, standards, procedures and external requirements. This session partially covers the Domain 5 of the CISA body of knowledge.Covers the tasks and knowledge areas related to: (4) evaluating the design, implementation and monitoring of physical access and environmental controls to determine whether information assets are adequately safeguarded; and (5) evaluating the processes and procedures used to store, retrieve, transport and dispose of information assets to determine whether information assets are adequately protected. This session completes Domain 5 of the CISA body of knowledge.