CISA EXAM PREPARATION - Weekend Program THE CISA QUALIFICATION: CERTIFICATION PREPARATION COURSE SYLLABUS PT. RIALACHAS TATHYA PRAYUKTI Menara Palma 12th Floor Jalan HR Rasuna Said Blok X2 Kav 6 Jakarta, Indonesia 12950 P: +62 21 29.39.11.06 E: contact@rialachas.com
The CISA Qualifications: ISACA Certificate The mark of excellence for a professional certification program is the value and recognition it bestows on the individual who achieves it. Since 1978, the Certified Information Systems Auditor (CISA) program, sponsored by ISACA, has been the globally accepted standard of achievement among information systems (IS) audit, control and security professionals. The technical skills and practices that CISA promotes and evaluates are the building blocks of success in the field. Possessing the CISA designation demonstrates proficiency and is the basis for measurement in the profession. With a growing demand for professionals possessing IS audit, control and security skills, CISA has become a preferred certification program by individuals and organizations around the world. CISA certification signifies commitment to serving an organization and the chosen profession with distinction. Target Group The course is for those who desiring to learn IT audit methodologies, to pass CISA exam and to become CISA certified professionals. This course specifically focuses on the entire CISA knowledge requirements in a highly structured manner. The course is designed ideal for CISA candidates to review subjects normally skimmed and often missed by volunteer study and self-study. This may include but is not limited to IT Consultant, IT auditor, IT professionals and IT Operation practitioners Learning Objectives Students can expect to gain competencies in their preparation of CISA examination upon successful completion of the education and examination components related to this training: The tasks and knowledge statements depict the tasks performed by CISAs and the knowledge required to perform these tasks. Exam candidates will be tested based on their practical knowledge associated with performing these tasks. The current job practice analysis contains the following domains and percentages: The Process of Auditing Information Systems (14%) Governance and Management of IT (14%) Information Systems Acquisition, Development and Implementation (19%) Information Systems Operations, Maintenance and Support (23%) Protection of Information Assets (30%) Prerequisite Entry Criteria There are no prerequisite for students wishing to be trained and examined for this qualification. IT is however recommended students have prior knowledge and experience on Information System audit, control, and security. P a g e 2
Certification Preparation Course Syllabus CISA Certification Preparation Course is awarded to those who complete the following seven units of study and successfully pass the relevant multiple choice examination. The units cover the topics listed. 1. The Information Systems Audit Process This unit introduces the students to IS audit services in accordance with IS audit standards, guidelines, and best practices to assist the organization in ensuring that its information technology and business systems are protected and controlled. To meet the learning outcomes of this unit, the students must be able to understand, describe, identify, demonstrate, apply, distinguish, produce, decide or analyze: ISACA Information Systems Auditing Standards and Guidelines Develop and Implement an Information Systems Audit Strategy Plan an Audit Conduct an Audit The Evidence Lifecycle Communicate Issues, Risks, and Audit Results Support the Implementation of Risk Management and Control Practices 2. IT Governance This unit will cover IT Governance in accordance to provide assurance that the organization has the structure policies, accountability, mechanisms and monitoring practices in place to achieve the requirements of corporate governance of IT. To meet the learning outcomes of this unit, the students must be able to understand, describe, identify, demonstrate, apply, distinguish, produce, decide, justify or analyze: Evaluate the Effectiveness of IT Governance Evaluate the IT Organizational Structure Evaluate the IT Strategy Evaluate IT Policies, Standards, and Procedures for Compliance Ensure Organizational Compliance IT Resource Investment, Use, and Allocation Practices Evaluate IT Contracting Strategies and Policies Evaluate Risk Management Practices Performance Monitoring and Assurance Practices 3. System and Infrastructure Life Cycle This unit will cover management practices for the development/acquisition, testing, implementation, maintenance and disposal of systems and infrastructure. To meet the learning outcomes of this unit, the students must be able to understand, describe, identify, demonstrate, apply, distinguish, produce, decide, justify or analyze: Determine the Business Case for Change Evaluate Project Management Frameworks and Governance Practices Perform Periodic Project Reviews Evaluate Control Mechanisms for Systems Evaluate Development and Testing Processes Evaluate Implementation Readiness Evaluate a System Migration P a g e 3
Perform a Post-Implementation System Review Perform Periodic System Reviews Evaluate the Maintenance Process Evaluate the Disposal Process 4. IT Service Delivery and Support This unit will cover the activities related to IT service management practices that ensure delivery of the level of services required to meet the organization s objectives. To meet the learning outcomes of this unit, the students must be able to understand, describe, identify, demonstrate, apply, distinguish, produce, decide, justify or analyze: Evaluate Service Level Management Practices Evaluate Operations Management Evaluate Data Administration Practices Evaluate the Use of Capacity and Performance Monitoring Methods Evaluate Change, Configuration, and Release Management Practices Evaluate Problem and Incident Management Practices Evaluate the Functionality of the IT Infrastructure 5. Protection of Information Assets This unit will address how to provide assurance that the security architecture (policies, standards, procedures, and controls) ensures the confidentiality, integrity and availability of information assets. To meet the learning outcomes of this unit, the students must be able to understand, describe, identify, demonstrate, apply, distinguish, produce, decide, justify or analyze: Information Security Design Encryption Basics Evaluate the Design, Implementation, and Monitoring of Logical Access Controls Evaluate the Design, Implementation, and Monitoring of Physical Access Controls Evaluate the Design, Implementation, and Monitoring of Environmental Controls Evaluate Network Infrastructure Security Evaluate the Confidential Information Processes and Procedures P a g e 4
The Course and CISA Exam Simulation Meeting the learning objectives of this syllabus can be assisted through the use of exam simulation after the delivery of topic listed in the syllabus. It is recommended that course providers make use of exam simulation to enhance the reinforcement of the learning objectives in this syllabus. To aid course providers, there are areas within each learning unit whose learning objective include such phrases as identify, describe, analyze, etc. which may be considered as opportunities to introduce practical course exercises. The course proposed provides a 66 total study hours that includes domain concepts, exam simulation and discussion. Day Date Topics Day 1 March 7, 2015 Pre-test, Becoming CISA and IS Audit Process Day 2 March 14, 2015 IT Governance and Risk Management 1 Day 3 March 28, 2015 IT Governance and Risk Management 2 Day 4 April 4, 2015 System and Infrastructure Lifecycle Day 5 April 11, 2015 IT Service Delivery and Support Day 6 April 18, 2015 Protection of Information Assets 1 Day 7 April 25, 2015 Protection of Information Assets 2 Day 8 May 2, 2015 Try Out 1 and Discussion Day 9 May 9, 2015 Try Out 2 and Discussion Day 10 May 23, 2015 Final Try Out Day 11 May 30, 2015 Refreshment and Cram P a g e 5