CISA Certification Training

Topic Covered:

• Evaluate the IT strategy for alignment with the organization’s strategies and objectives.
• Evaluate the effectiveness of IT governance structure and IT organizational structure.
• Evaluate the organization’s management of IT policies and practices.
• Evaluate the organization’s IT policies and practices for compliance with regulatory and legal requirements.
• Evaluate IT resource and portfolio management for alignment with the organization’s strategies and objectives.
• Evaluate the organization’s risk management policies and practices.
• Evaluate IT management and monitoring of controls.
• Evaluate the monitoring and reporting of IT key performance indicators (KPIs).
• Evaluate whether IT supplier selection and contract management processes align with business requirements.
• Evaluate whether IT service management practices align with business requirements.
• Conduct periodic review of information systems and enterprise architecture.
• Evaluate data governance policies and practices.
• Evaluate the information security program to determine its effectiveness and alignment with the organization’s strategies and objectives.
• Evaluate potential opportunities and threats associated with emerging technologies, regulations, and industry practices

Topic Covered:

• Evaluate whether the business case for proposed changes to information systems meet business objectives.
• Evaluate the organization’s project management policies and practices.
• Evaluate controls at all stages of the information systems development life cycle.
• Evaluate the readiness of information systems for implementation and migration into production.
• Conduct post-implementation review of systems to determine whether project deliverables, controls and requirements are met.
• Evaluate change, configuration, release, and patch management policies and practices.

Topic Covered:

• Evaluate the organization’s ability to continue business operations.
• Evaluate whether IT service management practices align with business requirements.
• Conduct periodic review of information systems and enterprise architecture.
• Evaluate IT operations to determine whether they are controlled effectively and continue to support the organization’s objectives.
• Evaluate IT maintenance practices to determine whether they are controlled effectively and continue to support the organization’s objectives.
• Evaluate database management practices.
• Evaluate data governance policies and practices.
• Evaluate problem and incident management policies and practices.
• Evaluate change, configuration, release, and patch management policies and practices.
• Evaluate end-user computing to determine whether the processes are effectively controlled.

Topic Covered:

• Conduct audit in accordance with IS audit standards and a risk-based IS audit strategy.
• Evaluate problem and incident management policies and practices.
• Evaluate the organization’s information security and privacy policies and practices.
• Evaluate physical and environmental controls to determine whether information assets are adequately safeguarded.
• Evaluate logical security controls to verify the confidentiality, integrity, and availability of information.
• Evaluate data classification practices for alignment with the organization’s policies and applicable external requirements.
• Evaluate policies and practices related to asset life cycle management.
• Evaluate the information security program to determine its effectiveness and alignment with the organization’s strategies and objectives.
• Perform technical security testing to identify potential threats and vulnerabilities.
• Evaluate potential opportunities and threats associated with emerging technologies, regulations, and industry practices.