Cisa 2013 ch0

Copyright@2013 Al-Taysir for Information Systems Security Consulting LLC
 What is CISA?
 Why to be CISA?
 How to be CISA?
 CISA Principles
 CISA Modules
 Course Guidelines
3

 Certified Information Systems Auditor
 Audience: IT people, InfoSec people, managers,
lawyers, Internal Auditors, Investigators, Business
Owners…
4

 Deep understanding for IT-Security-Business
relationship
 Help enhancing for your business
 Be a reference in your business
5

 Study materials
 Review practice questions
 Incorporate your knowledge and experience
 Apply your knowledge and experience for
judgment
6

Copyright@2013 Al-Taysir for Information Systems Security Consulting LLC 7

 The ultimate goal is alignment and supporting
strategic business objectives
 Any thing is a matter of Change.
 Any change has a risk
 Each risk should be evaluated
 Each risk should be managed by set of controls
 Each control should have an objective, owner,
documentation, approval, and a method to
monitor
 CISA is concerned with controls
8

 CISA can be the role of adviser, auditor, tester or
investigator
 CISA CANNOT be in the role of implementer,
administrator, decision maker, helpdesk,
operator, programmer , or manager
9

 The Process of Auditing Information Systems
(14%)
 Governance and Management of IT (14%)
 Information Systems Acquisition, Development
and Implementation (19%)
 Information Systems Operations, Maintenance
and Support (23%)
 Protection of Information Assets (30%)
10

 Audit Basics
 ISACA IS Auditing Standards Framework
 Audit Controls
 Performing IS Audit
 The Evolving IS Audit Process
11

 IT Governance
 Information Security Governance
 Enterprise Architecture and IT Management
 Business Continuity Planning
12

 Project Management
 Application Development
 Business Information Systems
 Alternatives for Project Organization
 Infrastructure Development/Acquisition Practices
 Process Improvement
 Application Controls
 Auditing Systems Development, Acquisition and
Maintenance
13

 Information Systems Operations
 Computer Hardware Components and
Architectures
 Telecommunications
 Disaster Recovery
 Auditing IS Infrastructure and Operations
14

 Information Security Management
 Access Controls
 Logical Access Controls
 Physical and Environmental Security
 Auditing of Protection of Information Assets
15

 Main Module Slides:
 Agenda
 Introduction
 Set of Subjects
 Summary
 Complementary Module Slides:
 Case Studies
 Practice Questions
16

 I am instructor, NOT consultant
 Generic answers for generic questions
 Technology unbiased
 Read materials, prepare yourself at night for
what you will take tomorrow
 Without practice, your are not CISA
 Solve questions, and review explanations
 You will be tested locally as to practice, not to be
certified
17

 Make sure that you understand materials before
attending the certification exam
 Ask at the end of each section, or when the
instructor motivate you to ask!
 I will teach you how to be CISA, I will help you
become CISA, but WITHOUT warranty you will be
CISA!
 You will take the exam. Success is your effort and
expertise
18

Me
 Prepare course materials
 Prepare course practice
questions, quizzes, case
studies and workshops
 Train you what CISA is, and
how to become CISA
 Answer questions
You
 Study course materials
 Solve questions, quizzes, case
studies and participate in
discussions
 Take the exam
 Ask questions
19

Cisa 2013 ch0

More Related Content

What's hot

Similar to Cisa 2013 ch0

More from Aladdin Dandis

Recently uploaded

Cisa 2013 ch0