CISA: Préparation intensive de 40 heures
Event Information
Description
Objectifs
CISA est une certification très en demande pour tout professionnel évoluant dans le domaine des technologies de l'information et des télécommunications. Cette formation vous donne les outils nécessaires pour passer la certification CISA qui est très recherchée par les employeurs. De plus, elle met en évidence vos capacités et vos atouts distinctifs auprès de vos collègues, de votre patron et de vos clients. La méthode est personnalisée et rapide. Pour réserver votre place: info@vamait.com 514-718-1860 www.vamait.com
https://www.eventbrite.ca/e/cisa-preparation-intensive-de-40-heures-ou-80-heures-tickets-18882681609
Personnes Ciblées
Professionnels en technologie de l’information, en génie, en têlécommunication et toute autre personne intéréssée par la gestion des processus.
Pré-requis
Expériences en technologie de l'information ou en comptabilité.
Durée du cours
40 heures.
Prix régulier
1500$.
Prix préférentiel
1000$ pour une inscription faite avant le vendredi 19 mai 2017.
Maximum de personnes par session
5.
Dates
Montréal
Samedi 20 mai
Dimanche 21 mai
Samedi 27 mai
Dimanche 28 mai
Samedi 3 juin
Dimanche 4 juin
Samedi 10 juin
Dimanche 11 juin
Samedi 17 juin
Dimanche 18 juin
CISA est important pour les raisons suivantes entre autres
1. Avoir des connaissances pour faire une différence en audit, sécurité, control et assurance
2. Trouver un meilleur emploi dans un marché compétitif
3. Se positionner pour son avancement et celui de l’entreprise
4. Asseoir sa crédibilité auprès de ses collègues, de son patron et ses clients
5. Gagner du temps, de la productivité (efficacité, efficience, etc) dans son travail
6. Avoir un meilleur salaire
CISA Review Course
Curriculum
A- Self-assessment
B- Discuss specific topics within the chapters relevant to the exam
Domain 1—The Process of Auditing Information Systems (14%)
Exam Relevance
Learning Objectives
Task statement
Knowledge statement
1.1 ISACA IT Audit and Assurance Standards
1.1.1 Organization of the IS Audit Function
1.1.2 IS Audit Resource Management
1.1.3 Audit Planning
1.1.4 Effect of Laws and Regulations on IS Audit Planning
1.2 ISACA IT Audit and Assurance Standards, Guidelines and Tools and Techniques, Code of Professional Ethics and other applicable standards
1.2.1 ISACA Code of Professional Ethics
1.2.2 ISACA IS Audit and Assurance Standards Framework
1.2.3 ISACA IS Audit and Assurance Guidelines
1.2.4 ISACA IS Audit and Assurance Tools and Techniques
1.2.5 Relationship Among Standards, Guidelines, and Tools and Techniques
1.2.6 Information Technology Assurance Framework (ITAF™)
1.3 Risk assessment concepts, tools and techniques in an audit context
1.3.1 Risk Analysis
1.3.2 Risk-based Auditing
1.3.3 Risk Assessment and Treatment
1.3.4 Risk Assessment Techniques
1.4 Control objectives and controls related to information systems
1.4.1 Internal Controls
1.4.2 IS Control Objectives
1.4.3 General Controls
1.4.4 IS Controls
1.4.5 Compliance vs. Substantive Testing
1.5 COBIT 5
1.5.1 Principle 1: Meeting Stakeholder Needs
1.5.2 Principle 2: Covering the Enterprise End-to-end
1.5.3 Principle 3: Applying a Single Integrated Framework
1.5.4 Principle 4: Enabling a Holistic Approach
1.5.5 Principle 5: Separating Governance From Management
1.6 Audit planning and audit project management techniques, including follow-up
1.6.1 Performing an IS Audit
1.6.2 Classification of Audits
1.6.3 Audit Programs
1.6.4 Audit Methodology
1.6.5 Fraud Detection
1.6.6 Risk-based Auditing
1.6.7 Audit Risk and Materiality
1.6.8 Audit Objectives
1.6.9 Communicating Audit Results
1.6.10 Management Implementation of Recommendations
1.6.11 Audit Documentation
1.7 evidence collection techniques used to gather, protect and preserve audit evidence
1.7.1 Evidence
1.7.2 Interviewing and Observing Personnel in Performance of Their Duties
1.8 Different sampling methodologies
1.9 Audit quality assurance systems and frameworks
1.9.1 Using the Services of Other Auditors and Experts
1.10 Computer-assisted Audit Techniques
1.10.1 Evaluation of Audit Strengths and Weaknesses
1.11 Control Self-Assessment
1.11.1 Objectives of CSA
1.11.2 Benefits of CSA
1.11.3 Disadvantages of CSA
1.11.4 Auditor Role in CSA
1.11.5 Technology Drivers for CSA
1.11.6 Traditional vs. CSA Approach
1.12 Integrated Auditing
1.13 Continuous Auditing
Domain 2—Governance and Management of IT (14%)
Exam Relevance
Learning Objectives
Task statement
Knowledge statement
2
2.1 IT governance, management, security and control frameworks, and related standards, guidelines, and practices
2.1.1 Corporate Governance
2.1.2 Governance of Enterprise IT
2.1.3 Best Practices for Governance of Enterprise IT
2.1.4 Information Security Governance
2.2 purpose of IT strategy, policies, standards and procedures for an organization and the essential elements of each
2.2.1 Policies and Procedures
2.2.2 Strategic Planning
2.2.3 Steering Committee
2.3 organizational structure, roles and responsibilities related to IT
2.3.1 Human Resource Management
2.3.2 IS Organizational Structure and Responsibilities
2.3.3 IS Roles and Responsibilities
2.3.4 IT Governing Committees
2.3.5 Auditing IT Governance Structure and Implementation
2.3.6 Segregation of Duties Within IS
2.4 processes for the development, implementation and maintenance of IT strategy, policies, standards and procedures
2.5 Organization’s technology direction and IT architecture and their implications for setting long-term strategic directions
2.5.1 Enterprise Architecture
2.5.2 Sourcing Practices
2.6 Enterprise risk management
2.6.1 Organizational Change Management
2.6.2 Risk Management
2.6.3 Developing a Risk Management Program
2.6.4 Risk Management Process
2.6.5 Risk Analysis Methods
2.7 Resource investment and allocation practices, including prioritization criteria
2.7.1 IT Investment and Allocation Practices
2.7.2 Financial Management Practices
2.8 Practices for monitoring and reporting of IT performance
2.8.1 Performance Optimization
2.8.2 IT Balanced Scorecard
2.8.3 Maturity and Process Improvement Models
2.8.4 Quality Management
2.8.5 Reviewing Documentation
2.8.6 Reviewing Contractual Commitments
2.9 Standards and procedures for the development and maintenance of the business continuity plan and testing methods
2.9.1 Business Continuity Planning
2.9.2 Disasters and Other Disruptive Events
2.9.3 Business Continuity Planning Process
2.9.4 Business Continuity Policy
2.9.5 Business Continuity Planning Incident Management
2.9.6 Business Impact Analysis
2.9.7 Development of Business Continuity Plans
2.9.8 Other Issues in Plan Development
2.9.9 Components of a Business Continuity Plan
2.9.10 Plan Testing
2.9.11 Summary of Business Continuity and Disaster Recovery
2.9.12 Auditing Business Continuity
2.9.13 Reviewing the Business Continuity Plan
2.9.14 Evaluation of Prior Test Results
2.9.15 Evaluation of Offsite Storage
2.9.16 Interviewing Key Personnel
2.9.17 Evaluation of Security at Offsite Facility
2.9.18 Reviewing Alternative Processing Contract
2.9.19 Reviewing Insurance Coverage
Domain 3—Information Systems Acquisition, Development and Implementation (19%)
Exam Relevance
Learning Objectives
Task statement
Knowledge statement
3
3.1 Benefits realization practices
3.1.1 Benefits Realization Techniques
3.1.2 Business Case Development and Approval
3.2 Project governance mechanisms
3.2.1 Portfolio/Program Management
3.2.2 Project Context and Environment
3.2.3 Project Organizational Forms
3.2.4 Project Communication and Culture
3.2.5 Project Objectives
3.2.6 Roles and Responsibilities of Groups and Individuals involved in the systems development process
3.2.7 Project Management Practices
3.3 Project management control frameworks, practices and tools
3.3.1 Project Planning
3.3.2 Project Controlling
3.3.3 Closing a Project
3.3.4 Business Application Development
3.3.5 Integrated Resource Management Systems
3.3.6 Risk Associated with Software Development
3.4 System development methodologies and tools including their strengths and weaknesses
3.4.1 Development Methods
3.4.2 Use of Structured Analysis, Design and Development Techniques
3.4.3 Agile Development
3.4.4 Prototyping-Evolutionary Development
3.4.5 Rapid Application Development
3.4.6 Object-oriented System Development
3.4.7 Component-based Development
3.4.8 Web-based Application Development
3.4.9 Reverse Engineering
3.5 Acquisition practices
3.5.1 Infrastructure Development/Acquisition Practices
3.5.2 Project Phases of Physical Architecture Analysis
3.5.3 Planning Implementation of Infrastructure
3.5.4 Hardware Acquisition
3.5.5 System Software Acquisition
3.6 control objectives and techniques that ensure the completeness, accuracy, validity and authorization of transactions and data
3.6.1 Change Management Process Overview
3.6.2 Configuration Management
3.6.3 Application Controls
3.6.4 Input/Origination Controls
3.6.5 Processing Procedures and Controls
3.6.6 Output Controls
3.7 Business Process Control Assurance
3.7.1 Auditing Application Controls
3.7.2 Data Integrity Testing
3.7.3 Data Integrity in Online Transaction Processing Systems
3.7.4 Test Application Systems
3.7.5 Continuous Online Auditing
3.7.6 Online Auditing Techniques
3.8 Auditing Systems Development, Acquisition and Maintenance
3.8.1 Project Management
3.8.2 Feasibility Study
3.8.3 Requirements Definition
3.8.4 Software Acquisition Process
3.8.5 Detailed Design and Development
3.8.6 Testing
3.8.7 Implementation Phase
3.8.8 Postimplementation Review
3.8.9 System Change Procedures and the Program Migration Process
Domain 4—Information Systems Operations, Maintenance and Support (23%)
Exam Relevance
Learning Objectives
Task statement
Knowledge statement
4
4.1 Service level management practices and the components within a service level agreement
4.1.1 Information Systems Operations
4.1.2 Management of IS Operations
4.1.3 IT Service Management
4.1.4 Incident and Problem Management
4.1.5 Support/Help Desk
4.1.6 Change Management Process
4.1.7 Release Management
4.1.8 Information Security Management
4.1.9 Capacity Management
4.1.10 Hardware Maintenance Program
4.1.11 Hardware Monitoring Procedures
4.2 Monitoring third party compliance with the organization’s internal controls
4.2.1 Software Licensing Issues
4.2.2 Digital Rights Management
4.3 Technology concepts related to hardware and network components, system software and database management systems
4.3.1 Computer Hardware Components and Architectures
4.3.2 Architecture and Software
4.3.3 Operating Systems
4.3.4 Access Control Software
4.3.5 Data Communications Software
4.3.6 Data Management
4.3.7 Database Management System
4.3.8 Tape and Disk Management Systems
4.3.9 Utility Programs
4.3.10 IS Network Infrastructure
4.3.11 Enterprise Network Architectures
4.3.12 Types of Networks
4.3.13 Network Services
4.3.14 Network Standards and Protocols
4.3.15 OSI Architecture
4.3.16 Application of the OSI Model in Network Architectures
4.4 Auditing to hardware and network components, system software and database management systems
4.4.1 Auditing Infrastructure and Operations
4.4.2 Hardware Reviews
4.4.3 Operating System Reviews
4.4.4 Database Reviews
4.4.5 Network Infrastructure and Implementation Reviews
4.4.6 IS Operations Reviews
4.4.7 Scheduling Reviews
4.4.8 Problem Management Reporting Reviews
4.5 Development and maintenance of disaster recovery plans
4.5.1 Recovery Point Objective and Recovery Time Objective
4.5.2 Recovery Strategies
4.5.3 Recovery Alternatives
4.5.4 Organization and Assignment of Responsibilities
4.5.5 Backup and Restoration
Domain 5—Protection of Information Assets (30%)
Exam Relevance
Learning Objectives
Task statement
Knowledge statement
5
5.1 Techniques for the design, implementation, and monitoring of security controls, including security awareness programs
5.1.1 Importance of Information Security Management
5.1.2 Key Elements of Information Security Management
5.1.3 Information Security Management Roles and Responsibilities
5.1.4 Inventory and Classification of Information Assets
5.1.5 Critical Success Factors to Information Security Management
5.2 Logical access controls for the identification, authentication and restriction of users to authorized functions and data
5.2.1 System Access Permission
5.2.2 Mandatory and Discretionary Access Controls
5.2.3 Privacy Management Issues and the Role of IS Auditors
5.2.4 Logical Access
5.2.5 Logical Access Exposures
5.2.6 Paths of Logical Access
5.2.7 Logical Access Control Software
5.2.8 Identification and Authentication
5.2.9 Authorization Issues
5.3 Security controls related to hardware, system software (e.g., applications, operating systems), and database management systems.
5.3.1 Storing, Retrieving, Transporting and Disposing of Confidential Information
5.3.2 Network Infrastructure Security
5.3.3 LAN Security
5.3.4 Client-server Security
5.3.5 Wireless Security Threats and Risk Mitigation
5.3.6 Internet Threats and Security
5.3.7 Encryption
5.3.8 Malware
5.3.9 Voice-Over IP
5.3.10 Familiarization with the Enterprise’s IT Environment
5.4 Auditing hardware, system software (e.g., applications, operating systems), and database management systems.
5.4.1 Auditing Logical Access
5.4.2 Techniques for Testing Security
5.4.3 Auditing Network Infrastructure Security
5.4.4 Auditing Remote Access
5.5 Auditing physical controls
5.5.1 Environmental Issues and Exposures
5.5.2 Controls for Environmental Exposures
5.5.3 Physical Access Issues and Exposures
5.5.4 Physical Access Controls
5.5.5 Auditing Physical Access
5.6 processes related to monitoring and responding to security incidents
5.6.1 Information Security and External Parties
5.6.2 Computer Crime Issues and Exposures
5.6.3 Security Incident Handling and Response
C- Practical-Tips-for-CISA-Exam
D- Practice Questions
E- Sample Exam