Certified Information System Auditor (CISA)

Secrets of a Successful Auditor

• Understanding the Demand for IS Audits
• Understanding Policies, Standards, Guidelines, and Procedures
• Understanding Professional Ethics
• Understanding the Purpose of an Audit
• Business Processes
• Differentiating between Auditor and Auditee Roles
• Implementing Audit Standards
• Auditor Is an Executive Position
• Understanding the Corporate Organizational Structure
• Summary
• Exam Essentials

Governance and Management of IT

• Strategy Planning for Organizational Control
• Overview of Tactical Management
• Planning and Performance
• Overview of Business Process Reengineering
• Operations Management
• Summary
• Exam Essentials

Audit Process

• Understanding the Audit Project Management
• Establishing and Approving an Audit Charter
• Preplanning Specific Audits
• Performing an Audit Risk Assessment
• Determining Whether an Audit Is Possible
• Performing the Audit
• Gathering Audit Evidence
• Conducting Audit Evidence Testing
• Generating Audit Findings
• Report Findings
• Conducting Follow-up (Closing Meeting)
• Summary
• Exam Essentials

Networking Technology Basics

• Understanding the Differences in Computer Architecture
• Selecting the Best System
• Introducing the Open Systems Interconnection Model
• Understanding Physical Network Design
• Understanding Network Cable Topologies
• Differentiating Network Cable Types
• Connecting Network Devices
• Using Network Services
• Expanding the Network
• Using Software as a Service (SaaS)
• The Basics of Managing the Network
• Summary
• Exam Essentials

Information Systems Life Cycle

• Governance in Software Development
• Management of Software Quality
• Overview of the Executive Steering Committee
• Change and Configuration Management
• Management of the Software Project
• Overview of the System Development Life Cycle
• Overview of Data Architecture
• Decision Support Systems
• Program Architecture
• Centralization vs. Decentralization
• Electronic Commerce
• Summary
• Exam Essentials

System Implementation and Operations

• Understanding the Nature of IT Services
• Performing IT Operations Management
• Performing Service-Level Management
• Performing Capacity Management
• Using Administrative Protection
• Performing Problem Management
• Monitoring the Status of Controls
• Implementing Physical Protection
• Summary
• Exam Essentials

Protecting Information Assets

• Understanding the Threat
• Physical Access and Environmental Controls
• Using Technical Protection
• Incident Response Management
• Evidence Collection and Forensics
• Summary
• Exam Essentials

Business Continuity Planning (BCP)

• Debunking the Myths
• Defining Disaster Recovery
• Defining the Purpose of Business Continuity
• Understanding the Five Conflicting Disciplines Called Business Continuity
• Uniting Other Plans with Business Continuity
• Understanding the Five Phases of a Business Continuity Program
• Understanding the Auditor Interests in BC/DR Plans

Appendix A