CISA Essentials Exam Guide & Test Questions
Course Description Overview
To ensure your success, you should have at least five years of professional experience in information systems auditing, control, or security. You are also required to prove this level of experience to ISACA in order to obtain certification. The major areas of work experience are described in the CISA job practice domains:
- The process of auditing information systems
- Governance and management of IT
- Information systems acquisition, development, and implementation
- Information systems operations, maintenance, and service management
- Protection of information assets
Section 1: The Process of Auditing Information Systems Domain
Chapter 1: Some Organizations, Laws, Standards, and Frameworks
Chapter 2: ISAAS
Chapter 3: From Governance to Procedures
Chapter 4: KGI, CSF, KPI, and KRI
Chapter 5: ALE, RTO, RPO, SDO, MTO, MTD, and AIW
Chapter 6: Risk Appetite, Tolerance, and Capacity
Chapter 7: From Threats to Controls
Chapter 8: Risk Management
Chapter 9: Sampling
Chapter 10: IS Auditor Duties for the Process of Auditing Information Systems Domain
Section 2: The Governance and Management of IT Domain
Chapter 11: Security Concepts
Chapter 12: Roles, Responsibilities, and a RACI Matrix
Chapter 13: Human Resources (HR)
Chapter 14: Outsourcing
Chapter 15: Cloud Computing
Chapter 16: Capital Expenditures and Operational Expenditures
Chapter 17: BCP, DRP, and BIA
Chapter 18: Plan Testing
Chapter 19: Enterprise Architecture
Chapter 20: Governance
Chapter 21: Information Security Policy
Chapter 22: Information Technology Management Practices
Chapter 23: IT Organizational Structure Roles and Responsibilities
Chapter 24: IS Auditor Duties for the Governance and Management of IT Domain
Section 3: The Information Systems Acquisition, Development, and Implementation Domain
Chapter 25: Project Management
Chapter 26: Benefits Realization
Chapter 27: The Software Development Lifecycle (SDLC)
Chapter 28: Software Development
Chapter 29: E-Commerce
Chapter 30: EDI
Chapter 31: Email
Chapter 32: Electronic Money
Chapter 33: Integrated Manufacturing System (IMS)
Chapter 34: Industrial Control Systems (ICS)
Chapter 35: Artificial Intelligence and Expert Systems
Chapter 36: Business Intelligence (BI)
Chapter 37: Decision Support System (DSS)
Chapter 38: Re-Engineering
Chapter 39: Other Business Applications
Chapter 40: Infrastructure
Chapter 41: Managing Change, Configuration, Patches, and Releases
Chapter 42: Application Controls
Chapter 43: IS Auditor Duties for the Information Systems Acquisition, Development, and Implementation Domain
Section 4: The Information Systems Operations, Maintenance, and Service Management Domain
Chapter 44: Information Systems Operations
Chapter 45: Hardware Architecture
Chapter 46: Operating Systems
Chapter 47: Database Management
Chapter 48: Third-Party Software
Chapter 49: Network Infrastructure
Chapter 50: Internet Concepts
Chapter 51: Telecommunications
Chapter 52: IS Auditor Duties for the Information Systems Operations, Maintenance, and Service Management Domain
Section 5: The Protection of Information Assets Domain
Chapter 53: Asset Classification
Chapter 54: Security Awareness and Training
Chapter 55: External Parties
Chapter 56: Computer Crime
Chapter 57: Logical Access
Chapter 58: Remote Connectivity
Chapter 59: Media Handling
Chapter 60: Network Security
Chapter 61: Firewalls
Chapter 62: Intrusion Detection
Chapter 63: Encryption
Chapter 64: Penetration Testing
Chapter 65: Environmental Issues
Chapter 66: Data Leakage Prevention (DLP)
Chapter 67: Physical Access
Chapter 68: IS Auditor Duties for the Protection of Information Assets Domain