CISA: Certified Information Systems Auditor Course

Certified Information Systems Auditor (CISA) course will focus on the essential areas covered in the CISA exam. Passing the exam and becoming a CISA ensures your success in your organization as by hiring or retaining the services of a CISA, an organization knows that it has invested in a professional who:

  • Has met the stringent requirements of a globally recognized credential
  • Demonstrates IT audit, security and control knowledge and skill
  • Commits to ongoing professional development
Intended Audience:

Individuals who have audit, control and/or security responsibilities will find the CISA designation an enhancement to their current knowledge and skills.

Course Prerequisites:
  • You must have a minimum of five years of direct full-time information systems audit work experience
  • CompTIA Security+ Certification
Course Outline:

Module 0. Assessment test

Module 1. The IS Audit Process

  • ISACA IS Auditing Standards and Guidelines
  • IS Auditing Practices and Techniques
  • Gathering Information and Preserving Evidence
  • Control Objectives and IS-Related Controls
  • Risk Assessment in an Audit Context
  • Audit Planning and Management Techniques
  • Reporting and Communication Techniques
  • Control Self-Assessment

Module 2. CISA's Role in IT Governance

  • IT Governance Basics
  • IT Governance Frameworks
  • Information Security Policies
  • Quality Management Strategies and Practices
  • The IT Organization's Roles and Responsibilities
  • Enterprise Architecture
  • Risk Management
  • Process Improvement Models
  • IT Contracting Strategies
  • Monitoring and Reporting IT Performance
  • IT Human Resource Management
  • IT Resource Investment and Allocations Practices

Module 3. CISA's Role in Systems and Infrastructure Life Cycle Management

  • Benefits Management Practices
  • Project Governance Mechanisms
  • Project Management Practices, Tools and Control Frameworks
  • Risk Management Practices
  • Project Success Criteria and Risks
  • Configuration, Change and Release Management
  • Application Controls
  • Enterprise Architecture
  • Requirements Analysis
  • Acquisition and Contract Management
  • System Development Methodologies and Tools
  • Quality Assurance Methods
  • Managing Testing Processes
  • Data Conversion Tools, Techniques and Procedures
  • System Disposal
  • Certification and Accreditation                                 
  • Post-implementation Reviews
  • System Migration and Deployment

Module 4. CISA's Role in IT Service Delivery and Support

  • Service Level Management Practices
  • Operations Management Best Practices
  • Systems Performance Monitoring Processes, Tools and Techniques
  • Functionality of Hardware and Network Components
  • Database Administration Practices
  • System Software Functionality
  • Capacity Planning and Monitoring Techniques
  • Managing Scheduled and Emergency Changes
  • Incident and Problem Management Practices
  • Software Licensing and Inventory Practices
  • System Resiliency Tools and Techniques

Module 5. CISA's Role in Protection of Information Assets

  • Information Security Management
  • Logical Access Controls
  • Network Infrastructure Security
  • Attack Methods and Techniques
  • Responding to Security Incidents
  • Security Systems and Devices
  • Encryption and PKI Components
  • Virus Detection Tools and Techniques
  • Penetration Testing
  • Environmental Protection Practices and Devices
  • Physical Security Systems
  • Data Classification Schemes
  • Voice-Over IP
  • Transport and Disposal of Information Assets
  • Security of Portable and Wireless Devices

Module 6. CISA's Role in Business Continuity and Disaster Recovery

  • Backup Basics
  • Legal Elements
  • Business Impact Analysis
  • Business Continuity and Disaster Recovery Plans Development and Maintenance
  • Business Continuity and Disaster Recovery Plan Testing
  • Human Resources Management
  • Invoking the Business Continuity Plan
  • Alternate Processing and Recovery Strategies

Module 7. The exam itself

Module 8. Final test


Kouzma Pashkov ( – information security expert. Since 2000 has designed and implemented Information Security Management Systems for government and commercial organizations. To approve qualification received top certifications (ISC)2, ISACA, Microsoft, EMC, CompTIA and HP. Since 2005 has taught information security courses in training centers in CIS. Since 2015 has cooperated with ERC Education Complex.