TBD

Check back often for updates or send us an email at [email protected] so we can notify you of upcoming courses.

Experienced information security managers and those who have information security management responsibilities. Individuals who are currently, or will be, working in an IS security position such as Departmental/Corporate or functional Information System Security Officers, IS security advisors, System Security Certifiers, System Security Accreditors, System Security Auditors, or security practitioner, who have five years of experience with audit, IT systems, and security of information systems.

Systems administration experience, familiarity with TCP/IP, and an understanding of UNIX, Linux, and Windows. This advanced course also requires intermediate-level knowledge of the security concepts covered in our Essentials of Information Security course.

1. Certification Requirements

2. Introduction to the Seven Domains

3. Technical Infrastructure and Operation

• General-Purpose Computers

• Hardware

• Architecture Memory

• Operations

• Memory Addressing

• Reference Monitor

• Languages

• Transmissions

• Systems Acquisition

• Systems Management

• Systems Databases

• Systems Operations

• Telecommunications

• Telecommunications Security

• Data Network Types: LAN

• Data Network Types: WAN

• The OSI Model

• Description

• Protocol Definition

• Layer Behavior

• Layers Defined

• Layer Protocols

• Layer Devices and Equipment

4. Management, Planning, and Organization of Information Systems

• Policies

• Operations

• Personnel

• Documentation

• Standards

• Guidelines

5. Protection of Information Assets

• Information Security

• Confidentiality

• Integrity

• Availability

• Compliance with Local and International Law

• Security Management

• Classification

• System Access

• System Access Control

• Security Awareness & Training

• New Employees’ Training (NEO)

• Policy Examples and Resources

• CIRT

• Security Incident Phases

• Privacy Impact Analysis (PIA)

• Access Control

• Authentication

• Passwords

• Malicious Logic

• Biometrics

• Authorization Techniques

• Cryptography

6. Applications Development

• Systems Development Life Cycle (SDLC)

• Software Models

• Approaches

• Personnel

• Tools

• Rapid Application Development (RAD)

• Business Process Re-Engineering

• Computer Aided Software Engineering (CASE)

• Capability Maturity Model (S/W) (CMM)

• Extensible Markup Language (XML)

7. Business Processes and Risk Management

• Business Process Re-Engineering (BPR)

• Risk Management

• Security Risk Concept

• Security Risk Concept Exercise

• IT Governance

• System Development

• System Documentation

• Project Lifestyle Phases

• Project Lifestyle Models

• Business Applications Systems

• E-Commerce Models

• EDI Components

• Expert Systems Development

• Data Warehouse

• Data Mining

• Database Security

8. Disaster Recovery Planning (DRP)

• Business Continuity Planning (BCP) Motivation

• BCP vs. DRP

• BCP

• Overview

• Requirements

• Plan Documentation

• Disaster Recovery

• Strategy

• Plan Development

• Training & Documentation

• Testing & Maintenance

9. The Formal Audit Process

• IS Audit Function

• IS Audit Planning

• ISACA

• Internal Control System

• IS Control Procedures

• Control Objectives for Information and Related Technology (COBIT)

• Performing an IS Audit

10. Review of Certification Requirements

11. Review of the Seven Domains

12. Test-Taking Tips

The CISA exam is offered each year in June and December, consists of 200 multiple-choice questions, and is focused on the six domains defined by ISACA