Certificate Programs: Information System Security

Certified Information Security Auditor (CISA)



CISA is world-renowned as the standard of achievement for those who audit, control, monitor and assess an organization’s information technology and business systems. The CISA designation was created for professionals with work experience in information systems auditing, control or security that include:

> The Process of Auditing Information Systems
> Governance and Management of IT
> Information Systems Acquisition, Development and Implementation
> Information Systems Operations, Maintenance and Support
> Protection of Information Assets




The Information Systems Audit Process

: ISACA Information Systems Auditing Standards and Guidelines

: Develop and Implement an Information Systems Audit Strategy

: Plan an Audit

: Conduct an Audit

: The Evidence Lifecycle

: Communicate Issues, Risks, and Audit Results

: Support the Implementation of Risk Management and Control Practices

IT Governance

: Evaluate the Effectiveness of IT Governance

: Evaluate the IT Organizational Structure

: Evaluate the IT Strategy

Evaluate IT Policies, Standards, and Procedures for Compliance

: Ensure Organizational Compliance

: IT Resource Investment, Use, and Allocation Practices

: Evaluate IT Contracting Strategies and Policies

: Evaluate Risk Management Practices

: Performance Monitoring and Assurance Practices


Systems and Infrastructure Lifecycle Management

: Determine the Business Case for Change

: Evaluate Project Management Frameworks and Governance Practices

: Perform Periodic Project Reviews

: Evaluate Control Mechanisms for Systems

: Evaluate Development and Testing Processes

: Evaluate Implementation Readiness

: Evaluate a System Migration


Systems and Infrastructure Lifecycle Maintenance

: Perform a Post-Implementation System Review

: Perform Periodic System Reviews

: Evaluate the Maintenance Process

: Evaluate the Disposal Process


IT Service Delivery and Support

: Evaluate Service Level Management Practices

: Evaluate Operations Management

: Evaluate Data Administration Practices

: Evaluate the Use of Capacity and Performance Monitoring Methods

: Evaluate Change, Configuration, and Release Management Practices

: Evaluate Problem and Incident Management Practices

: Evaluate the Functionality of the IT Infrastructure


Protection of Information Assets

: Information Security Design

: Encryption Basics

: Evaluate the Design, Implementation, and Monitoring of Logical Access Controls

: Evaluate the Design, Implementation, and Monitoring of Physical Access Controls

: Evaluate the Design, Implementation, and Monitoring of Environmental Controls

: Evaluate Network Infrastructure Security

: Evaluate the Confidential Information Processes and Procedures


Business Continuity and Disaster Recovery

: Evaluate the Adequacy of Backup and Restore

: Evaluate the BCP and DRP


Try our extensive database of FAQs or submit your own question...

Connect with Us