
About this course
Certified Information Systems Auditor (CISA)® is one of the world’s most popular information security/information technology auditing certifications for professionals worldwide. CISA certification course is developed by ISACA and ideal for anybody looking to forge their career in the IT Security/Cybersecurity domain. This 4-day Certified Information Systems Auditor (CISA) certification course validates your auditing, control, and security skills among the best in the industry.
Course Benefits
- A thorough understanding of knowledge and skills required for an IS Auditor
- Insights into the level of knowledge required to meet the complexities of a digital business landscape
- An in-depth understanding of auditing information systems
- Knowledge of management and governance of IT processes and systems
- Understanding of acquisition, development, test, and implementation of critical business information systems
- Thorough knowledge of managing, maintaining, and securing information assets
- Proper understanding of the CISA course material to clear your CISA exam on the first attempt
Who should attend?
This course is suitable for;
- IT Managers
- Network Architects
- Security Consultants
- Auditing Professionals
- Security Architects
- Security Auditors
- Security Managers
- Security Analysts
- Security Systems Engineers
- Anybody who wants to gain knowledge of globally-recognized CISA information systems auditing process
- Anybody who is looking create a career in information systems auditing
Course Contents
DOMAIN 1 – INFORMATION SYSTEMS AUDITING PROCESS
- Planning
- IS Audit Standards, Guidelines, and Codes of Ethics
- Business Processes
- Types of Controls
- Risk-Based Audit Planning
- Types of Audits and Assessments
- Execution
- Audit Project Management
- Sampling Methodology
- Audit Evidence Collection Techniques
- Data Analytics
- Reporting and Communication Techniques
DOMAIN 2 – GOVERNANCE & MANAGEMENT OF IT
- IT Governance
- IT Governance and IT Strategy
- IT-Related Frameworks
- IT Standards, Policies, and Procedures
- Organizational Structure
- Enterprise Architecture
- Enterprise Risk Management
- Maturity Models
- Laws, Regulations, and Industry Standards affecting the Organization
- IT Management
- IT Resource Management
- IT Service Provider Acquisition and Management
- IT Performance Monitoring and Reporting
- Quality Assurance and Quality Management of IT
DOMAIN 3 – INFORMATION SYSTEMS ACQUISITION, DEVELOPMENT & IMPLEMENTATION
- Information Systems Acquisition and Development
- Project Governance and Management
- Business Case and Feasibility Analysis
- System Development Methodologies
- Control Identification and Design
- Information Systems Implementation
- Testing Methodologies
- Configuration and Release Management
- System Migration, Infrastructure Deployment, and Data Conversion
- Post-implementation Review
DOMAIN 4 – INFORMATION SYSTEMS OPERATIONS & BUSINESS RESILIENCE
- Information Systems Operations
- Common Technology Components
- IT Asset Management
- Job Scheduling and Production Process Automation
- System Interfaces
- End-User Computing
- Data Governance
- Systems Performance Management
- Problem and Incident Management
- Change, Configuration, Release, and Patch Management
- IT Service Level Management
- Database Management
- Business Resilience
- Business Impact Analysis (BIA)
- System Resiliency
- Data Backup, Storage, and Restoration
- Business Continuity Plan (BCP)
- Disaster Recovery Plans (DRP)
DOMAIN 5 – PROTECTION OF INFORMATION ASSETS
- Information Asset Security and Control
- Information Asset Security Frameworks, Standards, and Guidelines
- Privacy Principles
- Physical Access and Environmental Controls
- Identity and Access Management
- Network and End-Point Security
- Data Classification
- Data Encryption and Encryption-Related Techniques
- Public Key Infrastructure (PKI)
- Web-Based Communication Techniques
- Virtualized Environments
- Mobile, Wireless, and Internet-of-Things (IoT) Devices
- Security Event Management
- Security Awareness Training and Programs
- Information System Attack Methods and Techniques
- Security Testing Tools and Techniques
- Security Monitoring Tools and Techniques
- Incident Response Management
- Evidence Collection and Forensics
- Supporting Tasks
Examination
• Paper-based Examination
• 4 Hours
• 200 MCQ Questions
• Minimum score of 450 out of a possible maximum of 800
Training Info
Duration: 4 Days
Date: June 24-27, 2025
Time: 9.30 am. – 16.30 pm.
Venue: ACinfotec Training Center
16th Fl., Asia Centre Bldg., South Sathorn Rd.
Training Fees: 34,000 Baht (ex.vat7%)
Tel. 02 670 8980-3 ext.304, 305, 303
E-mail.[email protected]