CISA Exam Boot Camp

Part 1: The Process of Auditing Information Systems

Provide audit services in accordance with IT audit standards to assist the organization in protecting and controlling information systems.

1. Audit process / IT audit standards
2. Audit & risk
3. Control objectives and controls
4. Audit planning
5. Audit QA

Part 2: Governance and Management of IT

Provide assurance that the necessary leadership and organization structure and processes are in place to achieve objectives and to support the organization's strategy.

1. Governance
2. Roles / responsibilities
3. Policies / standards / guidelines
4. Enterprise Risk management
5. Information Security Strategy
6. Quality management
7. Resource management
8. Human Resources
9. Contract management
10. Business Continuity Planning

Part 3: Information Systems Acquisition, Development, and Implementation

Provide assurance that the practices for the acquisition, development, testing, and implementation of information systems meet the organization’s strategies and objectives.

1. Benefit realization
2. Project/program management
3. IT architectures
4. Acquisition
5. Project risk analysis/management
6. SDLC
7. Development methodologies
8. Configuration management / release management
9. Migration
10. Post-implementation

Part 4: Information Systems Operations, Maintenance, and Support

Provide assurance that the processes for information systems operations, maintenance, and support meet the organization’s strategies and objectives.

1. Third parties management
2. Operations
3. Databases
4. Capacity planning
5. System interfaces
6. Software
7. Incident management
8. Configuration Management
9. Disaster Recovery Planning
10. Backup & restoration

Part 5: Protection of Information Assets

Provide assurance that the organization’s security policies, standards, procedures, and controls ensure the confidentiality, integrity, and availability of information assets.

1. Confidentiality – Integrity – Availability
2. Identification – Authentication – Authorization – Accounting
3. Policies / Standards / Baselines / Guidelines
4. Security awareness
5. Access controls
6. Controls
7. Encryption
8. Public Key Infrastructure
9. Mobile / wireless
10. Data classification
11. Environmental protection
12. Forensics
13. VOIP security
14. Social media security

• IT Auditors
• Security Auditors
• Information Systems Managers
• Internal Audit Directors
• Security Analysts
• Risk Analysts
• Compliance Managers
• IT Project Managers
• Security Managers and Directors

• Understand the fundamentals of audit and risk analysis techniques
• Become familiar with audit planning
• Understand the criticality of Enterprise Risk Management (ERM) and Quality Management
• Recognize the contributions an auditor can make to basic business functions such as human resource management and contract management
• Discover how IS audit can play an important role in improving the System Development Life Cycle (SDLC) and acquisitions processes
• Understand how to identify and mitigate problems during the operations and maintenance of IT systems
• Develop processes and procedure for conducting incident management, business continuity, and disaster recovery
• Understand the major tenants of IS security including confidentiality, integrity, and availability
• Explore basic IT security controls including encryption, mobile security, and data classification
• Discover the challenges organizations face when implementing cloud-based solutions and techniques for auditing the cloud

Candidates must take 150 multiple-choice questions over 4 hours. The Exam can be proctored online or at an in-person testing center.

Candidates who are unable to take their exam on their scheduled date are able to reschedule during their eligibility period if completed more than 48 hours prior to the originally scheduled testing appointment.