المدرب: أ.أحمد أبو عيشة
Program Introduction
Audits are conducted for a variety of reasons. An audit can help an organization ensure effective operations, affirm its compliance with various regulations and confirm that the business is functioning well and is prepared to meet potential challenges
An audit can also help to gain assurance on the level of protection available for information assets. Most significantly, an audit can assure stakeholders of the financial, operational and ethical wellbeing of the organization. IS audits support all those outcomes, with a special focus on the information and related systems upon which most businesses and public institutions depend for competitive advantage
IS audit being the formal examination and/or testing of information systems to determine whether
Information systems are following applicable laws, regulations, contracts and/or industry guidelines
Information systems and related processes comply with governance criteria and related and relevant policies and procedures
IS data and information have appropriate levels of confidentiality, integrity and availability
IS operations are being accomplished efficiently and effectiveness targets are being met
Training Program Objectives & Outcomes
This official CISA training course provides in-depth coverage of the five CISA domains covered on the CISA certification exam. These domains include Information System Auditing, governance and management of IT; information systems acquisition, development, and implementation; information systems operations and business resilience; and protection of information assets
:Upon successful completion of CISA training, the trainees will know how to
Prepare for the Certified Information Systems Auditor (CISA) Exam
Develop and implement a risk-based IT audit strategy in compliance with IT audit standard
Evaluate the effectiveness of an IT governance structure
Ensure that the IT organizational structure and human resources (personnel) management support the organization’s strategies and objectives
Review the information security policies, standards, and procedures for completeness and alignment with generally accepted practices
Program Contents & Detailed Training Syllabus
DOMAIN 1 – INFORMATION SYSTEMS AUDITING PROCESS
Providing industry-standard audit services to assist organizations in protecting and controlling information systems, Domain-1 affirms your credibility to offer conclusions on the state of an organization’s IS/IT security, risk and control solutions
| Section B – Audit Execution | Section A – Audit Planning |
| Audit Project Management | IS Audit Standards, Guidelines, and Codes of Ethics |
| Sampling Methodology | Business Processes |
| Audit Evidence Collection Techniques | Types of Controls |
| Data Analytics | Risk-Based Audit Planning |
| Reporting and Communication Techniques | Types of Audits and Assessments |
|
Quality Assurance and Improvement of the Audit Process |
DOMAIN 2 – GOVERNANCE & MANAGEMENT OF IT
This domain confirms to stakeholders your abilities to identify critical issues and recommend enterprise-specific practices to support and safeguard the governance of information and related technologies
| Section B – IT Management | Section A – IT Governance |
| IT Resource Management | IT Governance and IT Strategy |
| IT Service Provider Acquisition and Management | IT-Related Frameworks |
| IT Performance Monitoring and Reporting | IT Standards, Policies, and Procedures |
| Quality Assurance and Quality Management of IT | Organizational Structure |
| Enterprise Architecture | |
| Enterprise Risk Management | |
| Maturity Models | |
| Laws, Regulations, and Industry Standards affecting the Organization |
DOMAIN 3 – INFORMATION SYSTEMS ACQUISITION, DEVELOPMENT & IMPLEMENTATION
Domains 3 and 4 offer proof not only of your competency in IT controls, but also your understanding of how IT relates to business
| Section B – Information Systems Implementation | Section A – Information Systems Acquisition and Development |
| Testing Methodologies | Project Governance and Management |
| Configuration and Release Management | Business Case and Feasibility Analysis |
| System Migration, Infrastructure Deployment and Data Conversion | System Development Methodologies |
| Post-implementation Review | Control Identification and Design |
DOMAIN 4 – INFORMATION SYSTEMS OPERATIONS & BUSINESS RESILIENCE
Domains 3 and 4 offer proof not only of your competency in IT controls, but also your understanding of how IT relates to business
| Section B – Business Resilience | Section A – Information Systems Operations |
|
Business Impact Analysis (BIA) |
Common Technology Components |
| System Resiliency | IT Asset Management |
| Data Backup, Storage, and Restoration | Job Scheduling and Production Process Automation |
| Business Continuity Plan (BCP) | System Interfaces |
| Disaster Recovery Plans (DRP) | End-User Computing |
| Data Governance | |
| Systems Performance Management | |
| Problem and Incident Management | |
| Change, Configuration, Release, and Patch Management | |
| IT Service Level Management | |
| Database Management |
DOMAIN 5 – PROTECTION OF INFORMATION ASSETS
Cybersecurity now touches virtually every information systems role, and understanding its principles, best practices and pitfalls is a major focus within Domain 5
|
Section B – Security Event Management |
Section A – Information Asset Security and Control |
|
Security Awareness Training and Programs |
Information Asset Security Frameworks, Standards, and Guidelines |
|
Information System Attack Methods and Techniques |
Privacy Principles |
|
Security Testing Tools and Techniques |
Physical Access and Environmental Controls |
|
Security Monitoring Tools and Techniques |
Identity and Access Management |
|
Incident Response Management |
Network and End-Point Security |
|
Evidence Collection and Forensics |
Data Classification |
|
Data Encryption and Encryption-Related Techniques |
|
|
Public Key Infrastructure (PKI) |
|
|
Web-Based Communication Techniques |
|
|
Virtualized Environments |
|
|
Mobile, Wireless, and Internet-of-Things (IoT) Devices
|
Target Group of Audience
Executives and professionals in IT, experts in information and operational risk management, specialists in IT infrastructure security, this might include the following groups
IS/IT Auditors
Information Security Professionals
IT Security Professionals
Security Officers
Internal Audit Professionals
Risk Management Professionals
Compliance Management Professionals
IT Governance Professionals
IT Infrastructure Administrators
Training Methodology
Tuition by CISA professionals using industry-specific examples.
The training comprises case studies.
Test CISA exam will be run upon training completion.
عدد الساعات : 45 ساعة تدريبية .
تاريخ الانعقاد : أيام السبت 3/08 -07/09/2024
وقت الانعقاد : 09:00 – 16:30
مكان الانعقاد : مقر المعهد المصرفي الفلسطيني – رام الله.
الرسوم: ( 750$) للمشارك الواحد من المؤسسات الأعضاء، و ( 850$) للمشارك الواحد من المؤسسات غير الأعضاء.
معلومات عن المدرب:
Ahmad Nizar Abu Eisha M.Sc. IS, CISM, CISA
Sc. of Information Security: Cybercrimes & Digital Evidence Analysis
Bachelor of Technology: Computer Science
Certified Information Security Manager® (CISM)
Certified Information Systems Auditor® (CISA)
+16 years in Information Security, Technology Risk Management & Information Systems Audit fields.
Head of Information Security and Business Continuity
President of ISACA Ra
