CISA TIMETABLE (4 DAYS)



Similar documents
Certified Information Systems Auditor (CISA)

Domain 1 The Process of Auditing Information Systems

BUY ONLINE FROM:

Asheville-Buncombe Technical Community College Department of Networking Technology. Course Outline

ACADEMIA LOCAL CISCO UCV-MARACAY CONTENIDO DE CURSO CURRICULUM CCNA. SEGURIDAD CCNA SECURITY. VERSION 1.0

Computer Security. Principles and Practice. Second Edition. Amp Kumar Bhattacharjee. Lawrie Brown. Mick Bauer. William Stailings

IT Networking and Security

Eleventh Hour Security+

Fundamentals of Network Security - Theory and Practice-

Rajan R. Pant Controller Office of Controller of Certification Ministry of Science & Technology rajan@cca.gov.np

(Instructor-led; 3 Days)

CompTIA Security+ Certification Study Guide. (Exam SYO-301) Glen E. Clarke. Gravu Hill

Information Technology General Controls Review (ITGC) Audit Program Prepared by:

An expert s tips for cracking tough CISSP exam

Industrial Network Security for SCADA, Automation, Process Control and PLC Systems. Contents. 1 An Introduction to Industrial Network Security 1

Network Security Administrator

Security Controls What Works. Southside Virginia Community College: Security Awareness

CS 356 Lecture 19 and 20 Firewalls and Intrusion Prevention. Spring 2013

Table of Contents. Auditor's Guide to Information Systems Auditing Richard E. Cascarino Copyright 2007, John Wiley & Sons, Inc.

a) Encryption is enabled on the access point. b) The conference room network is on a separate virtual local area network (VLAN)

IT - General Controls Questionnaire

IT Networking and Security

Course Content Summary ITN 261 Network Attacks, Computer Crime and Hacking (4 Credits)

REGULATIONS FOR THE SECURITY OF INTERNET BANKING

DESIGNATED CONTRACT MARKET OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE

JK0 015 CompTIA E2C Security+ (2008 Edition) Exam

OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE

MASTER OF SCIENCE IN INFORMATION ASSURANCE PROGRAM DEPARTMENT OF COMPUTER SCIENCE HAMPTON UNIVERSITY

Supplier Security Assessment Questionnaire

CNA 432/532 OSI Layers Security

Network & Information Security Policy

2. From a control perspective, the PRIMARY objective of classifying information assets is to:

EC-Council Network Security Administrator (ENSA) Duration: 5 Days Method: Instructor-Led

CIS 253. Network Security

Govt. of Karnataka, Department of Technical Education Diploma in Computer Science & Engineering. Sixth Semester

How To Manage Security On A Networked Computer System

The Information Security Problem

SWAP EXECUTION FACILITY OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE

Network Security. Outlines: Introduction to Network Security Dfii Defining Security Zones DMZ. July Network Security 08

AUD105-2nd Edition. Auditor s Guide to IT - 20 hours. Objectives

CH ENSA EC-Council Network Security Administrator Detailed Course Outline

InfoSec Academy Application & Secure Code Track

Network Security: 30 Questions Every Manager Should Ask. Author: Dr. Eric Cole Chief Security Strategist Secure Anchor Consulting

INFORMATION TECHNOLOGY

ISACA PROFESSIONAL RESOURCES

Birst Security and Reliability

Security + Certification (ITSY 1076) Syllabus

Department of Computer & Information Sciences. CSCI-445: Computer and Network Security Syllabus

Introduction to Cyber Security / Information Security

Vendor Risk Assessment Questionnaire

Larry Wilson Version 1.0 November, University Cyber-security Program Critical Asset Mapping

Nepal Rastra Bank Information Technology Guidelines

FRONT RUNNER DIPLOMA PROGRAM INFORMATION SECURITY Detailed Course Curriculum Course Duration: 6 months

Injazat s Managed Services Portfolio

Risk Management Guide for Information Technology Systems. NIST SP Overview

Chapter 1 The Principles of Auditing 1

Additional Offeror Qualifications: Not applicable.

IT Audit- Hospital Risks, Controls and Audit. AHIA Conference. Grant Thornton LLP. All rights reserved.

Information Technology Career Cluster Introduction to Cybersecurity Course Number:

Curran, K. Tutorials. Independent study (including assessment) N/A

Bellevue University Cybersecurity Programs & Courses

Best Practices For Department Server and Enterprise System Checklist

Web Foundations Series Internet Business Associate

IT Architecture Review. ISACA Conference Fall 2003

Security+ Guide to Network Security Fundamentals, Fourth Edition. Chapter 13 Business Continuity

Retention & Destruction

Data Security and Healthcare

TASK TDSP Web Portal Project Cyber Security Standards Best Practices

Information Technology Engineers Examination. Information Security Specialist Examination. (Level 4) Syllabus

CompTIA Security+ (Exam SY0-410)

FedVTE Training Catalog SPRING advance. Free cybersecurity training for government personnel. fedvte.usalearning.gov

Chapter 7 Information System Security and Control

Projectplace: A Secure Project Collaboration Solution

Cisco Advanced Services for Network Security

System Audit Framework

---Information Technology (IT) Specialist (GS-2210) IT Security Competency Model---

FedVTE Training Catalog SUMMER advance. Free cybersecurity training for government personnel. fedvte.usalearning.gov

LINUX / INFORMATION SECURITY

Diploma in Information Security Control, Audit and Management (CISSP Certification)

Cloud Security and Managing Use Risks

CS 356 Lecture 17 and 18 Intrusion Detection. Spring 2013

Security Controls for the Autodesk 360 Managed Services

Cyber Resilience Implementing the Right Strategy. Grant Brown Security specialist,

Network Security 網 路 安 全. Lecture 1 February 20, 2012 洪 國 寶

THE BUSINESS CASE FOR NETWORK SECURITY: ADVOCACY, GOVERNANCE, AND ROI

3rd Party Assurance & Information Governance outlook IIA Ireland Annual Conference Straightforward Security and Compliance

6. AUDIT CHECKLIST FOR NETWORK ADMINISTRATION AND SECURITY AUDITING

Information Security Risk Assessment Checklist. A High-Level Tool to Assist USG Institutions with Risk Analysis

Principles of ICT Systems and Data Security

Security Policy JUNE 1, SalesNOW. Security Policy v v

NSA/DHS CAE in IA/CD 2014 Mandatory Knowledge Unit Checklist 4 Year + Programs

How to Secure Your Environment

CESG Certification of Cyber Security Training Courses

CRISC Glossary. Scope Note: Risk: Can also refer to the verification of the correctness of a piece of data

Exam 1 - CSIS 3755 Information Assurance

University of Pittsburgh Security Assessment Questionnaire (v1.5)

FormFire Application and IT Security. White Paper

Information Technology Security Procedures

FBLA Cyber Security aligned with Common Core FBLA: Cyber Security RST RST RST RST WHST WHST

Personal Security Practices of the CAO

Transcription:

CISA TIMETABLE (4 DAYS) ISACA-CISA

Day 1 9.00 9.30 Welcome, Introductions, Coffee 9.30 11.00 About the CISA Exam Domain 1 - The Process of Auditing Information Systems Auditing Types of Audits Audit Methodology 11.00 11.15 Break 11.15 12.00 Risk-Based Auditing Risk Assessment Process A Risk-Based Audit Approach Internal Controls Audit Planning Effect of Laws and Regulations on IS Audit Planning Steps to determine compliance with external requirements 12.00 13.00 Lunch break 13.00 16.15 Performing the Audit Standards, Guidelines, Tools and Techniques ISACA IT Audit and Assurance Tools and Techniques ISACA IT Audit and Assurance Standards Framework Evidence Sampling Attribute sampling Variable sampling Statistical sampling terms Compliance vs. Substantive Testing Integrated Auditing Audit Analysis and Reporting Audit Documentation Automated Work Papers Evaluation of Audit Strengths and Weaknesses Computer-Assisted Audit Techniques Communicating Audit Results Control Self-Assessment (CSA) Objectives of Control Self-Assessment Benefits of Control Self-Assessment Disadvantages of Control Self-Assessment Continuous Auditing Continuous Auditing IT techniques Continuous Auditing Advantages & Disadvantages ISACA Code of Professional Ethics 16.15 16.30 Break 16.30 17.00 Sample questions

Day 2 9.00 9.30 9.30 11.00 Domain 2 - Governance and Management of IT Governance and Management of IT Corporate Governance IT Governance Best Practices for IT Governance Information Security Governance Strategic Planning and Models IS Strategy IT Strategy Committee Standard IT Balanced Scorecard Enterprise Architecture Maturity and Process Improvement Models Auditing IT Governance Structure and Implementation 11.00 11.15 Break 11.15 12.00 Policies, Standards and Procedures Policies Procedures Standards Risk Management Risk Management Process Risk Analysis methods / techniques categories Qualitative Risk Analysis methods Quantitative Risk Analysis methods Quantitative vs. Qualitative Risk Response Options Resource Management IS Roles and Responsibilities Segregation of Duties Within IS Human Resource Management Personnel Security Principles Insider Threats Sourcing Practices 12.00 13.00 Lunch break 13.00 16.15 Management of IT Functional Operations Organizational Change Management Quality Management Performance Optimization Business Continuity Planning (BCP) IS Business Continuity Planning Disasters and Other Disruptive Events Business Continuity Planning Process BIA discovery techniques Business Impact Analysis (BIA) Business Continuity Plan

Components of a Business Continuity Plan Disaster Recovery Sample questions 16.15 16.30 Break 16.30 17.00 Domain 3 - Information Systems Acquisition, Development, and Implementation Program and Project Management Project / Program / Portfolio Project / Program / Portfolio Management Business Case Development and Approval Benefits Realization Techniques Project Communication Roles and Responsibilities of Groups and Individuals Project Planning Project Risk Day 3 9.00 9.30 9.30 11.00 Systems Development Lifecycle (SDLC) Business Application Development Traditional SDLC Approach Boehm s Spiral Model Rapid Application Development (RAD) Model DSDM Atern & AgilePM Structured Analysis, Design and Development Techniques Alternative Development Methods Agile Development Types of Specialized Business Applications Electronic Commerce Electronic Data Interchange (EDI) Electronic Mail Electronic Banking Electronic Finance Electronic Funds Transfer (EFT) Automated Teller Machine (ATM) Business Intelligence (BI) Acquisition Infrastructure Development / Acquisition Practices Hardware Acquisition System Software Acquisition Auditing Systems Development Acquisition Application Controls Input/Origination Controls Processing Procedures and Controls Output Controls Auditing Application Controls System Change Procedures and the Program Migration Process Sample questions

11.00 11.15 Break 11.15 13.00 Domain 4 - Information Systems Operations, Maintenance and Support Auditing System Operations and Maintenance Information Security Management Information Systems Operations Infrastructure Operations Support / Help Desk Change Management Process Release Management System and Communications Hardware Computer Hardware Components and Architectures Security Risks with Portable Media Capacity Management IS Architecture and Software Operating Systems Database Management System (DBMS) Tape and Disk Management Systems Software Licensing Issues Digital Rights Management (DRM) 12.00 13.00 Lunch break 13.00 16.15 Auditing Networks Types of Data Network Structures Network Services OSI Architecture Types of Data Networks Topology Network Components (LAN / WAN devices) Communications Technologies Wireless Networking Risks Associated with Wireless Communications Auditing of Network Management Auditing Job Scheduling Job Scheduling Reviews Personnel Reviews Business Continuity and Disaster Recovery Plans Auditing of Business Continuity Plans Business Continuity Strategies Elements of Recovery Recovery Alternatives Hot Site Warm Site Cold Site Mirror Site or Multiple Processing Centers Auditing of Business Continuity Plans 16.15 16.30 Break 16.30 17.30 Sample questions

Day 4 9.00 9.30 9.30 11.00 Domain 5 - Protection of Information Assets Information Security Management Importance of Information Security Management Key Elements of Information Security Management CSFs to Information Security Management Privacy Management Issues and the Role of IS Auditors Social Media Risks Access Controls System Access Permission Mandatory and Discretionary Access Controls IAAA Authentication Authorization Challenges with Identity Management Technical exposures include Logical Access Control Software Centralized vs. Decentralized Access Single Sign On (SSO) Remote Access Auditing Remote Access Sample questions 11.00 11.15 Break 11.15 12.00 Equipment and Network Security Security of Portable Media Mobile Device Security Network Infrastructure Security LAN Security Issues Client-server Security Wireless Security Threats Internet Threats and Security (active attacks) Firewalls Honeypots and Honeynets Intrusion Detection and Prevention Systems Network-based IPS (N-IPS) Network-based IDS (N-IDS) Host-based IDS (H-IDS) VoIP security issues Encryption Strength of Encryption Symmetric Encryption Symmetric Key Cryptography Asymmetric Algorithms Asymmetric Key Cryptography Hashing Algorithms Digital Signatures

12.00 13.00 Lunch break 14.00 16.15 Malware Malicious Code Threats Unauthorized Software Viruses Protection Incident Handling and Evidence Security Incident Handling and Response Evidence Handling Physical and Environmental Controls Locks Entrance Protection Closed-circuit television (CCTV) Security guards Lighting Electrical Power Supply Electrostatic Discharge HVAC Fire Suppression Systems Fire / Smoke Detection Controls for Environmental Exposures 16.15 16.30 Break 16.30 17.00 Sample questions That s all folks!

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information