25 Feb - 30 May, Tues, Wed, Thurs, Fri: 5:30 - 7:30
Course Description
Description:
Information technology, long considered as only an enabler of an organization's strategy, is now regarded as an integral part of this business strategy. Strategic alignment between Information Technology and enterprise objectives is one of the critical success factors. With the changing landscape concerning security, corporate governance , IT service delivery and systems reliability as well as regulatory requirements, the CISA course becomes vital for information technology line and senior managers.
The course moulds information technology professionals into complete and competent individuals. The course covers the following domain areas: security of information technology assets, information systems infrastructure and lifecycle, information systems audit, IT governance, business continuity and disaster recovery and IT service delivery and support. The course maps directly to the requirements for CISA certification and on completion of the course a certificate in Information Systems Security and Auditing is awarded. CISA candidates who often find that many subjects are normally skimmed and often missed by volunteer study and self-study would find the course adequate.
Target Group:
Information systems management, audit, control and security professionals including the following:
·Security managers / analysts
·Software Managers
·Infrastructure/Network Managers
·IT Managers/ Directors
·IS Auditors
Prerequisites:
The course is meant for IT practitioners specified in the target group as well as university graduates with an auditing specialty.
Objectives:
At the end of the course the student should be able to:
Evaluate the logical, environmental, and IT infrastructure security to ensure that it satisfies the organization's business requirements for safeguarding information assets against unauthorized use, disclosure, modification, damage, or loss.
Evaluate the processes and procedures used to store, retrieve, transport, and dispose of confidential information assets.
Conduct IS audits in accordance with generally accepted IS audit standards and guidelines to ensure that the organization's information technology and business systems are adequately controlled, monitored, and assessed.
Communicate emerging issues, potential risks, and audit results to key stakeholders and advise on implementation of risk management and control practices.
Evaluate proposed control mechanisms for systems and/or infrastructure during specification, development/acquisition, and testing to ensure that they will provide safeguards and comply with the organization's policies and other requirements.
Evaluate the effectiveness of IT governance structure to ensure adequate board control over the decisions, directions, and performance of IT so that it supports the organization's strategies and objectives.
Evaluate IT organizational structure and human resources (personnel) management to ensure that they support the organization's strategies and objectives.
Evaluate the organization's IT policies, standards, and procedures; and the processes for their development, approval, implementation, and maintenance to ensure that they support the IT strategy and comply with regulatory and legal requirements.
Evaluate service level management practices to ensure that the level of service from internal and external service providers is defined and managed.
Evaluate the use of capacity and performance monitoring tools and techniques to ensure that IT services meet the organization's objectives.
Evaluate change, configuration, and release management practices to ensure that changes made to the organization's production environment are adequately controlled and documented.
Evaluate the organization's disaster recovery plan to ensure that it enables the recovery of IT processing capabilities in the event of a disaster.
Evaluate the organization's business continuity plan to ensure its ability to continue essential business operations during the period of an IT disruption.
Topics
The following topics are presented and discussed to increase your understanding and abilities. CISA candidates are expected to have detailed understanding in each of these areas.
1. Securing Information Assets
IS auditing standards; Risk-based approach; Controls; Audit objectives, planning & scope; Cobit; Field Work; Identifying conditions & defining reportable findings; Review of work; Audit Results Communication;
3. IT Governance
IT governance structure, IT organizational structure and HR management; Evaluating IT Strategies; Evaluating IT policies, standards & procedures; IT Resource Investment; Evaluating Risk-management, monitoring and assurance practices;
4. Systems and Infrastructure lifecycle
Evaluation approach, Project Management; Functional Requirements, Feasibility Analysis; System Design; System Development; System; Acquisition, Implementation, Post-Implementation;
5. IT Service delivery and support
Service Level Management; Evaluating Systems Software; Evaluating Hardware Acquisition & Installation; Evaluating network infrastructure (voice & data); Evaluating change, configuration and release management; Capacity and Performance monitoring tools & techniques; Data Administration practices; Problem & Incident management practices.
6. Business Continuity and disaster recovery
Planning for adequate Recovery & Continuity; Business Impact Analysis; Media and Documentation Back up; Evaluating Recovery plans, documentation and Maintenance; Evaluating Alternative Business Processing Plans; Evaluating Testing methods, Results-reporting and follow-up processes;
Instructors
CISA certified and Security professionals.
More Information
For candidates intending to sit for the CISA examinations with ISACA, more information is available from www.isaca.org/cisa.
