CISA Training
£999.00
Course Structure
- The course consists of five days of classroom-based training
- The exam must be booked separately through ISACA
Course Content
Information Systems Audit Process:
- Developing a risk-based IT audit strategy
- Planning specific audits
- Conducting audits to IS audit standards
- Implementation of risk management and control practices
IT Governance and Management:
- Effectiveness of IT Governance structure
- IT organisational structure and human resources (personnel) management
- Organisation’s IT policies, standards and procedures
- Adequacy of the Quality Management System
- IT management and monitoring of controls
- IT resource investment
- IT contracting strategies and policies
- Management of organisations IT related risks
- Monitoring and assurance practices
- Organisation business continuity plan
Information Systems Acquisition, Development and Implementation:
- Business case development for IS acquisition, development, maintenance and retirement
- Project management practices and controls
- Conducting reviews of project management practices
- Controls for requirements, acquisition, development and testing phases
- Readiness for information systems
- Project Plan Reviewing
- Post Implementation System Reviews
Information Systems Operations, Maintenance and Support:
- Conduct periodic reviews of organisations objectives
- Service level management
- Third party management practices
- Operations and end-user procedures
- Process of information systems maintenance
- Data administration practices to determine the integrity & optimisation of databases
- Use of capacity and performance monitoring tools & techniques
- Problem and incident management practices
- Change, configuration and release management practices
- Adequacy of backup and restore provisions
- Organisation’s disaster recovery plan in the event of a disaster
Protection of Information Assets:
- Information security policies, standards and procedures
- Design, implementing, monitoring of system and logical security controls
- Design, implementing, monitoring of data classification processes and procedures
- Design, implementing, monitoring of physical access and environmental controls
- Processes and procedures to store, retrieve, transport and dispose of information assets