CISA Bootcamp (Certified Information Systems Auditor)

This 5 day course prepares for the CISA® Certified Information Systems Auditor exam, covering the entire Common Body of Knowledge (CBK) as defined by the ISACA® (Information Systems Audit and Control Association).

Overview:

This training provides a comprehensive review of information security auditing concepts and industry best practices, covering the entire CISA CBK, aligned with the 28th Edition of the CBK, updated for 2024 Job Practice.

The CISA certification is recognized worldwide.

Outline:

Information Systems Auditing Process

• Planning: IS Audit Standards and Types, Functions, Ethics, Risk-based Approach, Types of Controls and Considerations
• Execution: Project Management, Testing and Sampling, Evidence Collection, Data Analytics, Reporting, QA, Process Improvement

Governance and Management of IT

• IT Governance: Laws, Regulations and Industry Standards, Organisational Structures, IT Governance, Strategy, Policies, Procedures, Enterprise Architecture and Risk Management, Data Privacy, Governance and Classification
• IT Management: IT Resource and Vendor Management, Performance Monitoring and Reporting, Quality Assurance

Information Systems Acquisition, Development and Implementation

• Information Systems Acquisition and Development: Project Governance and Management, Business Case, Feasibility Analysis, System Development Methodologies, Control Identification and Design
• Information System Implementation: System Readiness and Implementation Testing, Configuration and Release Management, System Migration, Infrastructure Deployment and Data Conversion, Post-Implementation Review

Information Systems Operation and Business Resilience

• Information Systems Operations: Asset, Capacity, Incident, Problem, Change, Configuration, Log and Patch Management, Job Scheduling, End-User Computing and Shadow IT, Databases etc.
• Business Resilience: BIA, Backup, Storage, Restoration and Recovery, Business Continuity and Disaster Recovery Plan

Protection of Information Assets

• Information Asset Security and Control: Physical Controls, IAM, DLP, Network, Endpoint, Mobile, Wireless, Virtualization, Cloud and IoT Security, Encryption, PKI
• Security Event Management: Security Awareness, Attacks, Testing, Monitoring, Incident Response, Evidence Collection and Forensics

Objectives:

Completion of this course will enable students to

• Know the 5 major areas covered by the CISA® certification
• Understand the concepts of IT audit and IT governance
• Preparing for the CISA Certification Exam, e.g. by using multiple choices questions from previous CISA sessions (or comparable exams).

Audience:

This course is aimed at students with (future) roles like

• Information system directors, CISOs
• Auditors moving into the information security domain
• Staff responsible for business continuity
• People for which the control of information security is fundamental in achieving their goals

Prerequisites:

Basic knowledge of Information Systems is recommended.

Minimum of two students are required to run this course.

Examination and Certification:

This course has been designed and is delivered by Nitroxis and their trainers.

Note: this course does not include the CISA exam. This has to be taken at the dedicated test facilities as defined by ISACA. ISACA‘s certification requirements apply.