| Session |
From |
To |
Duration |
Days - Time |
|
| TBD |
TBD |
TBD |
TBD |
TBD |
|
Experienced information security managers and those who have information security management responsibilities. Individuals who are currently, or will be, working in an IS security position such as Departmental/Corporate or functional Information System Security Officers, IS security advisors, System Security Certifiers, System Security Accreditors, System Security Auditors, or security practitioner, who have five years of experience with audit, IT systems, and security of information systems.
Knowledge needed to manage, design, oversee, and assess an information security function within an organization. In-depth coverage of the seven domains required to pass the CISA exam:
• Technical infrastructure and operations
• Management planning and organization of information systems
• Applications development
• Protection of information assets
• Business process evaluations and risk management
• Disaster recovery planning
• The formal audit process
Systems administration experience, familiarity with TCP/IP, and an understanding of UNIX, Linux, and Windows. This advanced course also requires intermediate-level knowledge of the security concepts covered in our Essentials of Information Security course.
The CISA exam is offered each year in June and December, consists of 200 multiple-choice questions, and is focused on the six domains defined by ISACA
1. Certification Requirements
2. Introduction to the Seven Domains
3. Technical Infrastructure and Operation
• General-Purpose Computers
• Hardware
• Architecture
• Memory
• Operations
• Memory Addressing
• Reference Monitor
• Languages
• Transmissions
• Systems Acquisition
• Systems Management
• Systems Databases
• Systems Operations
• Telecommunications
• Telecommunications Security
• Data Network Types: LAN
• Data Network Types: WAN
• The OSI Model
• Description
• Protocol Definition
• Layer Behavior
• Layers Defined
• Layer Protocols
• Layer Devices and Equipment
4. Management, Planning, and Organization of Information Systems
• Policies
• Operations
• Personnel
• Documentation
• Standards
• Guidelines
5. Protection of Information Assets
• Information Security
• Confidentiality
• Integrity
• Availability
• Compliance with Local and International Law
• Security Management
• Classification
• System Access
• System Access Control
• Security Awareness & Training
• New Employees' Training (NEO)
• Policy Examples and Resources
• CIRT
• Security Incident Phases
• Privacy Impact Analysis (PIA)
• Access Control
• Authentication
• Passwords
• Malicious Logic
• Biometrics
• Authorization Techniques
• Cryptography
6. Applications Development
• Systems Development Life Cycle (SDLC)
• Software Models
• Approaches
• Personnel
• Tools
• Rapid Application Development (RAD)
• Business Process Re-Engineering
• Computer Aided Software Engineering (CASE)
• Capability Maturity Model (S/W) (CMM)
• Extensible Markup Language (XML)
7. Business Processes and Risk Management
• Business Process Re-Engineering (BPR)
• Risk Management
• Security Risk Concept
• Security Risk Concept Exercise
• IT Governance
• System Development
• System Documentation
• Project Lifestyle Phases
• Project Lifestyle Models
• Business Applications Systems
• E-Commerce Models
• EDI Components
• Expert Systems Development
• Data Warehouse
• Data Mining
• Database Security
8. Disaster Recovery Planning (DRP)
• Business Continuity Planning (BCP) Motivation
• BCP vs. DRP
• BCP
• Overview
• Requirements
• Plan Documentation
• Disaster Recovery
• Strategy
• Plan Development
• Training & Documentation
• Testing & Maintenance
9. The Formal Audit Process
• IS Audit Function
• IS Audit Planning
• ISACA
• Internal Control System
• IS Control Procedures
• Control Objectives for Information and Related Technology (COBIT)
• Performing an IS Audit
10. Review of Certification Requirements
11. Review of the Seven Domains
12. Test-Taking Tips
