7-week CISA Bootcamp created and taught by Jeff Jarecki
7-week CISA Bootcamp
This is a 7-week CISA bootcamp. Included in the price is CISA All-in-one Book, custom materials, practice exams, group slack, Exam fee is not included but can be added to an invoice.
Course runs on Wednesday nights from 6-9pm est. (virtual, instructor-led)
Please contact Anna Kepshire at akepshire@@keptraining.com for group discounts or if you need an invoice for reimbursement.
Course Outline
Domain 1 — Information System Auditing Process
• Plan an audit to determine whether information systems are protected, controlled, and provide value to the organization.
• Conduct an audit in accordance with IS audit standards and a risk-based IS audit strategy.
• Communicate audit progress, findings, results and recommendations to stakeholders.
• Conduct audit follow-up to evaluate whether risk has been sufficiently addressed.
• Evaluate IT management and monitoring of controls.
• Utilize data analytics tools to streamline audit processes.
• Provide consulting services and guidance to the organization in order to improve the quality and control of information systems.
• Identify opportunities for process improvement in the organization’s IT policies and practices.
Domain 2 – Governance & Management of IT
• Evaluate the IT strategy for alignment with the organization’s strategies and objectives.
• Evaluate the effectiveness of IT governance structure and IT organizational structure.
• Evaluate the organization’s management of IT policies and practices.
• Evaluate the organization’s IT policies and practices for compliance with regulatory and legal requirements.
• Evaluate IT resource and portfolio management for alignment with the organization’s strategies and objectives.
• Evaluate the organization’s risk management policies and practices.
• Evaluate IT management and monitoring of controls.
• Evaluate the monitoring and reporting of IT key performance indicators (KPIs).
• Evaluate whether IT supplier selection and contract management processes align with business requirements.
• Evaluate whether IT service management practices align with business requirements.
• Conduct periodic review of information systems and enterprise architecture.
• Evaluate data governance policies and practices.
• Evaluate the information security program to determine its effectiveness and alignment with the organization’s strategies and objectives.
• Evaluate potential opportunities and threats associated with emerging technologies, regulations, and industry practices
Domain 3 – Information Systems Acquisition, Development, & Implementation
• Evaluate whether the business case for proposed changes to information systems meet business objectives.
• Evaluate the organization’s project management policies and practices.
• Evaluate controls at all stages of the information systems development life cycle.
• Evaluate the readiness of information systems for implementation and migration into production.
• Conduct post-implementation review of systems to determine whether project deliverables, controls and requirements are met.
• Evaluate change, configuration, release, and patch management policies and practices.
Domain 4 – Information Systems Operations and Business Resilience
• Evaluate the organization’s ability to continue business operations.
• Evaluate whether IT service management practices align with business requirements.
• Conduct periodic review of information systems and enterprise architecture.
• Evaluate IT operations to determine whether they are controlled effectively and continue to support the organization’s objectives.
• Evaluate IT maintenance practices to determine whether they are controlled effectively and continue to support the organization’s objectives.
• Evaluate database management practices.
• Evaluate data governance policies and practices.
• Evaluate problem and incident management policies and practices.
• Evaluate change, configuration, release, and patch management policies and practices.
• Evaluate end-user computing to determine whether the processes are effectively controlled.
Domain 5 – Protection of Information Assets
• Conduct audit in accordance with IS audit standards and a risk-based IS audit strategy.
• Evaluate problem and incident management policies and practices.
• Evaluate the organization’s information security and privacy policies and practices.
• Evaluate physical and environmental controls to determine whether information assets are adequately safeguarded.
• Evaluate logical security controls to verify the confidentiality, integrity, and availability of information.
• Evaluate data classification practices for alignment with the organization’s policies and applicable external requirements.
• Evaluate policies and practices related to asset life cycle management.
• Evaluate the information security program to determine its effectiveness and alignment with the organization’s strategies and objectives.
• Perform technical security testing to identify potential threats and vulnerabilities.
• Evaluate potential opportunities and threats associated with emerging technologies, regulations, and industry practices.
7-week CISA Bootcamp
This is a 7-week CISA bootcamp. Included in the price is CISA All-in-one Book, custom materials, practice exams, group slack, Exam fee is not included but can be added to an invoice.
Course runs on Wednesday nights from 6-9pm est. (virtual, instructor-led)
Please contact Anna Kepshire at akepshire@@keptraining.com for group discounts or if you need an invoice for reimbursement.
Course Outline
Domain 1 — Information System Auditing Process
• Plan an audit to determine whether information systems are protected, controlled, and provide value to the organization.
• Conduct an audit in accordance with IS audit standards and a risk-based IS audit strategy.
• Communicate audit progress, findings, results and recommendations to stakeholders.
• Conduct audit follow-up to evaluate whether risk has been sufficiently addressed.
• Evaluate IT management and monitoring of controls.
• Utilize data analytics tools to streamline audit processes.
• Provide consulting services and guidance to the organization in order to improve the quality and control of information systems.
• Identify opportunities for process improvement in the organization’s IT policies and practices.
Domain 2 – Governance & Management of IT
• Evaluate the IT strategy for alignment with the organization’s strategies and objectives.
• Evaluate the effectiveness of IT governance structure and IT organizational structure.
• Evaluate the organization’s management of IT policies and practices.
• Evaluate the organization’s IT policies and practices for compliance with regulatory and legal requirements.
• Evaluate IT resource and portfolio management for alignment with the organization’s strategies and objectives.
• Evaluate the organization’s risk management policies and practices.
• Evaluate IT management and monitoring of controls.
• Evaluate the monitoring and reporting of IT key performance indicators (KPIs).
• Evaluate whether IT supplier selection and contract management processes align with business requirements.
• Evaluate whether IT service management practices align with business requirements.
• Conduct periodic review of information systems and enterprise architecture.
• Evaluate data governance policies and practices.
• Evaluate the information security program to determine its effectiveness and alignment with the organization’s strategies and objectives.
• Evaluate potential opportunities and threats associated with emerging technologies, regulations, and industry practices
Domain 3 – Information Systems Acquisition, Development, & Implementation
• Evaluate whether the business case for proposed changes to information systems meet business objectives.
• Evaluate the organization’s project management policies and practices.
• Evaluate controls at all stages of the information systems development life cycle.
• Evaluate the readiness of information systems for implementation and migration into production.
• Conduct post-implementation review of systems to determine whether project deliverables, controls and requirements are met.
• Evaluate change, configuration, release, and patch management policies and practices.
Domain 4 – Information Systems Operations and Business Resilience
• Evaluate the organization’s ability to continue business operations.
• Evaluate whether IT service management practices align with business requirements.
• Conduct periodic review of information systems and enterprise architecture.
• Evaluate IT operations to determine whether they are controlled effectively and continue to support the organization’s objectives.
• Evaluate IT maintenance practices to determine whether they are controlled effectively and continue to support the organization’s objectives.
• Evaluate database management practices.
• Evaluate data governance policies and practices.
• Evaluate problem and incident management policies and practices.
• Evaluate change, configuration, release, and patch management policies and practices.
• Evaluate end-user computing to determine whether the processes are effectively controlled.
Domain 5 – Protection of Information Assets
• Conduct audit in accordance with IS audit standards and a risk-based IS audit strategy.
• Evaluate problem and incident management policies and practices.
• Evaluate the organization’s information security and privacy policies and practices.
• Evaluate physical and environmental controls to determine whether information assets are adequately safeguarded.
• Evaluate logical security controls to verify the confidentiality, integrity, and availability of information.
• Evaluate data classification practices for alignment with the organization’s policies and applicable external requirements.
• Evaluate policies and practices related to asset life cycle management.
• Evaluate the information security program to determine its effectiveness and alignment with the organization’s strategies and objectives.
• Perform technical security testing to identify potential threats and vulnerabilities.
• Evaluate potential opportunities and threats associated with emerging technologies, regulations, and industry practices.