Program Introduction

ISACA Student Membership

ISACA Exam Voucher

CISA Notes

Information System Auditing Process

Audit Standards, Guidelines, Functions, and Codes of Ethics

ISACA IS Audit and Assurance Guidelines

ISACA IS Audit and Assurance Standards

Planning

Audit Charter

ISACA Code of Professional Ethics

IT Assurance Framework (ITAF)

Management of the IS Audit Function

Compliance Audit

IS Audit Resource Management

IS Audit

Types of Audits, Assessments, and Reviews

Using the Services of Other Auditors and Experts

Administrative Audit

Financial Audit

Integrated Audit

Operational Audit

Specialized Audits

Forensic Audit

Fraud Audit

Functional Audit

Third-Party Service Audit

Audit Universe and Risk Assessment

Individual Audit Assignments

Integrated Auditing

Risk-Based Audit Planning

Short- and Long-Term Audit Planning

Audit Risk and Materiality

Detection Risk

Effect of Laws and Regulations on IS Audit Planning

Inherent Risk

IS Audit Risk Assessment Techniques

Risk Analysis

Types of Controls and Considerations

Control Objectives and Control Measures

Corrective Controls

Detective Controls

Preventive Controls

Center for Internet Security (CIS) 18 Critical Security Controls

Compensating Controls

Control Relationship to Risk

OWASP Software Assurance Maturity Model (SAMM)

Prescriptive Controls and Frameworks

Cloud Security Alliance (CSA) Cloud Controls Matrix (CCM)

Evaluation of the Control Environment

Management Control Monitoring

Payment Card Industry (PCI) Data Security Standard (DSS)

Service Organization Controls (SOC) Reports

Application of IS-Specific Controls

Audit Project Management

General Control Methods

Managerial Controls

Physical Controls

Technical Controls

Audit Objectives

Audit Testing and Sampling Methodology

Execution and Monitoring of the Audit Plan

Planning the Audit Engagement

Statistical and Non-Statistical Sampling

Audit Documentation

Audit Evidence Collection Techniques

Evaluation of Evidence

Methods of Collection (Interviews, Observation, Review of Documentation)

Types of Evidence

Audit Data Analytics

Computer-Assisted Audit Techniques (CAATs)

Continuous Auditing and Monitoring

Data Integrity, Privacy, and Security

Audit Findings and Recommendations

Audit QA and Continuous Improvement

Communicating Audit Results

Quality Assurance and Improvement of the Audit Process

Reporting and Communication Techniques

EAM, Snapshots, Audit Hooks)

Governance and Management of IT

Governance, Risk, and Compliance

Impact of Laws, Regulations, and Industry Standards on IS Audit

IT Governance

Laws, Regulations, and Industry Standards

Audit’s Role in EGIT

Enterprise Governance of Information and Technology

Good Practices for EGIT

Information Security Governance

Organizational Structure, IT Governance, and IT Strategy

Business Intelligence

Information Systems Strategy

IT Policies, Standards, Procedures, and Guidelines

Organizational Structure of the IT Strategy and Steering Levels

Strategic Planning

Enterprise Architecture and Considerations

Framework for Enterprise Architecture

Sherwood Applied Business Security Architecture (SABSA)

The Zachman Framework for Enterprise Architecture

TOGAF (The Open Group Architecture Framework)

Enterprise Risk Management (ERM)

Risk Appetite and Risk Tolerance

Risk Management Framework

Role of EA in Auditing Infrastructure and Operations

Data Privacy Laws and Regulations

Data Privacy Principles

Data Privacy Program and Principles

Data Privacy Program Management

Data Classification Schemes

Data Governance and Classification

Data Governance Framework

Data Management Policies and Procedures

Data Privacy Auditing

Data Lifecycle Management

IT Asset Management

IT Human Resource Management

IT Resource Management

IT Management

IT Infrastructure and Operations

IT Service Management

IT Vendor Management

Software and License Management

Third-Party Service Delivery Management

IT Performance Monitoring and Reporting

Vendor Risk Management

Approaches and Techniques

IT Balanced Scorecard

IT Governance and Management Reporting

Performance Metrics and KPIs

Tools and Techniques for IT Performance Monitoring

IT Quality Management Systems

Quality Assurance and Quality Management of IT

Six Sigma

Information Systems Acquisition and Development

Information Systems Acquisition, Development and Implementation

Project Governance and Management

Project Governance and Management

Project Management Techniques

Project Benefits Realization

Project Life Cycle and Phases

Project Management Metrics

Project Management Success Factors

Project Management Tools

Business Case and Feasibility Analysis

Business Case Development

Feasibility Analysis

Project Feasibility

Project Objectives

Cost-Benefit Analysis

Project Scoping

Requirements Definition

Risk Analysis and Management

Stakeholder Identification and Analysis

Agile Development

Prototyping

Rapid Application Development (RAD)

System Development Methodologies

Traditional System Development Life Cycle (SDLC)

Computer-Aided Software Engineering (CASE) Tools

Implementation Considerations

Object-Oriented Systems Development (OOSD)

Software Acquisition and Development

Control Identification and Design

Control Objectives for Information and Related Technologies (COBIT)

Information Technology Infrastructure Library (ITIL)

Internal Controls

Risk Management

Control Frameworks

Information Systems Implementation

Integration Testing

System Readiness and Implementation Testing

Unit Testing

Implementation Configuration and Release Management

Implementation Readiness Assessment

Post-Implementation Review

System Testing

User Acceptance Testing (UAT)

Change Control Procedures

Change Management

Release Management

System Migration, Infrastructure Deployment and Data Conversion

Benefits Realization Review

System Performance Evaluation

System Control

Acquisition Practices

Hardware

Information Systems Operations and Business Resilience

Information Systems Operations

Infrastructure

IT Components

Cloud Services

Data Centers

IT Asset Management

Networks

oftware

Asset Classification

Asset Disposal

Asset Inventory

Asset Lifecycle Management

Job Scheduling and Production Process Automation

External System Interfaces

Internal System Interfaces

Job Scheduling

Production Process Automation

System Interfaces

Availability Management

End-User Computing and Shadow IT

End-User Computing Risks

Shadow IT Risks

Systems Availability and Capacity Management

Capacity Planning

Incident Analysis

Incident Identification

Incident Response

Problem and Incident Management

Change Management

Configuration Management

IT Change, Configuration, and Patch Management

Operational Log Management

Patch Management

IT Service Level Management

Log Analysis

Log Collection

Log Retention

Service Level Agreements (SLAs)

Data Integrity

Data Security

Database Administration

Database Management

Service Performance Monitoring

Business Impact Analysis

Business Resilience

Critical Business Functions

Impact Scenarios

System and Operational Resilience

Backup Strategies

Data Backup, Storage, and Restoration

Data Restoration

Resilience Planning

Resilience Testing

Business Continuity Plan

Continuity Planning

Continuity Testing

Disaster Recovery Plans

Recovery Strategies

Agile Methodology

Business Continuity Plan

Continuity Planning

Continuity Testing

Disaster Recovery Plans

Recovery Strategies

Information Asset Security and Control

Information Asset Security Policies, Frameworks, Standards, and Guidelines

Information Asset Security Policies, Procedures, and Guidelines

Policy Development Process

Purpose and Benefits

COBIT

Information Security Frameworks and Standards

NIST Cybersecurity Framework

Policy Framework

Physical and Environmental Controls

Baseline Configuration

Baseline Security Evaluation Checklist

Environmental Exposures and Controls

Information Security Baselines

Environmental Controls

Fire Suppression Systems

Physical Access Exposures and Controls

Physical Security

Power Supply

Access Control Mechanisms

Industrial Control Systems Security

Physical Security Monitoring

SCADA Systems

Surveillance Systems

Access Control Mechanisms

Industrial Control Systems Security

Physical Security Monitoring

ICS Security Risks

Information Security Management

Security Governance and Management

Security Governance Framework

Security Roles and Responsibilities

Data Classification and Ownership

Data Classification Process

Program Development

Security Awareness and Training

Data Encryption and Cryptography

Data Ownership and Stewardship

Encryption Techniques

Network Security

Public Key Infrastructure (PKI)

Firewalls and Network Segmentation

Intrusion Detection and Prevention Systems

Operating System Security

OS Hardening

Patch Management

Application Security

Database Activity Monitoring

Database Encryption

Database Security

Secure Software Development

BYOD Security

Cloud Security Frameworks

Cloud Security Risks