CALEA Training

ISACA: CISA, CISM, CRISC

Course Overview

Get Recognized as an Expert in Your Profession

Earn an ISACA certification and enhance your professional credibility. A CISA, CISM or CRISC after your name confirms to employers that you possess the experience and knowledge to meet the challenges of the modern enterprise. ISACA Certification are globally accepted and recognized. They combine the achievement of passing an exam with credit for your work and educational experience, giving you the credibility you need to move ahead in your career. Certification proves to employers that you have what it takes to add value to their enterprise. In fact, many organizations and governmental agencies around the world require or recognize ISACA´s Certification.

Independent studies consistently rate ISACA designations among the highest paying IT and impactful Certification that an IT professional can earn. Earning and maintaining an ISACA certification:

  • Boosts your earning potential
  • Counts in the hiring process
  • Enhances your professional credibility and recognition

CISA

Course Description COURSE BROCHURE

Certified Information Systems Auditor (CISA) is a registered trademark and course developed by ISACA and the most globally recognized certification for IT Audit professionals serves to validate competence in the fields of audit, control and security of information systems.

CISA course and certification exam ensure professional’s to demonstrate their capabilities in managing non-compliance, conformities and instituting controls within the organization, and undertake to comply with the rigorous auditing standards set by ISACA.

The course is designed purposely to give participants an idea to decide how valuable the CISA is, and understand to attain the certification.

This course is based on guidelines to cover the below following topics / domains and provide participants a curve in there preparation of CISA Exam.

  • Domain 1 - Information System Auditing Process
  • Domain 2 - Governance and Management of IT
  • Domain 3 - Information Systems Acquisition, Development and Implementation
  • Domain 4 - IS Operations and Business Resilience
  • Domain 5 - Information Asset Security and Control

This preparation course focuses and develops expertise in defining Audit best practices in acquisitioning, developing and implementing information systems.

By attending this course, professionals will get a comprehensive review to govern and control enterprise IT and perform an effective security audit on any organization along with best practices of protecting them.

Upon successful passing the CISSP Exam, professional will gain the skills and knowledge necessary to:

  • Understand the principle and practices of information systems operations, maintenance, and service management
  • Goals and objectives of IT audit, its role in internal control system.
  • Techniques of audit planning and audit performance, gathering of audit related information and audit evidence.
  • Audit and evaluation of effectiveness of the IT internal controls system (IT function management, operation and support).
  • Learn the fundamental audit, control, and security skills
  • Learn to plan, conduct, and report on information systems audits
  • Learn to evaluate organizational structures, policies, practices, and processes
  • Demonstrate competence in five domains, including standards and practices; organization and management; processes; integrity, confidentiality and availability; and software development, acquisition and maintenance

Who Should Attend

This program is intended for professionals who have at least 5 years of in Information Systems auditing, control or security work experience. The program is ideal for those working in positions such as, but not limited to -

  • IT Auditors / Manager, Security Consultant / Manager, IT Director / Manager, Systems Engineer / Analyst, CIO, CTO, CISO or anyone willing to learn Information Systems Auditing

Course Duration

  • 32 Hours (4 Days * 8 Hours)

Course Content / Outline

Domain 1 - Information System Auditing Process

  • Plan an audit to determine whether information systems are protected, controlled, and provide value to the organization.
  • Conduct an audit in accordance with IS audit standards and a risk-based IS audit strategy.
  • Communicate audit progress, findings, results and recommendations to stakeholders.
  • Conduct audit follow-up to evaluate whether risk has been sufficiently addressed.
  • Evaluate IT management and monitoring of controls.
  • Utilize data analytics tools to streamline audit processes.
  • Provide consulting services and guidance to the organization in order to improve the quality and control of information systems.
  • Identify opportunities for process improvement in the organization’s IT policies and practices.

Domain 2 - Governance and Management of IT

  • Evaluate the IT strategy for alignment with the organization’s strategies and objectives.
  • Evaluate the effectiveness of IT governance structure and IT organizational structure.
  • Evaluate the organization’s management of IT policies and practices.
  • Evaluate the organization’s IT policies and practices for compliance with regulatory and legal requirements.
  • Evaluate IT resource and portfolio management for alignment with the organization’s strategies and objectives.
  • Evaluate the organization’s risk management policies and practices.
  • Evaluate IT management and monitoring of controls.
  • Evaluate the monitoring and reporting of IT key performance indicators (KPIs).
  • Evaluate whether IT supplier selection and contract management processes align with business requirements.
  • Evaluate whether IT service management practices align with business requirements.
  • Conduct periodic review of information systems and enterprise architecture.
  • Evaluate data governance policies and practices.
  • Evaluate the information security program to determine its effectiveness and alignment with the organization’s strategies and objectives.
  • Evaluate potential opportunities and threats associated with emerging technologies, regulations, and industry practices.

Domain 3 - Information Systems Acquisition, Development and Implementation

  • Evaluate whether the business case for proposed changes to information systems meet business objectives.
  • Evaluate the organization’s project management policies and practices.
  • Evaluate controls at all stages of the information systems development life cycle.
  • Evaluate the readiness of information systems for implementation and migration into production.
  • Conduct post-implementation review of systems to determine whether project deliverables, controls and requirements are met.
  • Evaluate change, configuration, release, and patch management policies and practices.

Domain 4 - IS Operations and Business Resilience

  • Evaluate the organization’s ability to continue business operations.
  • Evaluate whether IT service management practices align with business requirements.
  • Conduct periodic review of information systems and enterprise architecture.
  • Evaluate IT operations to determine whether they are controlled effectively and continue to support the organization’s objectives.
  • Evaluate IT maintenance practices to determine whether they are controlled effectively and continue to support the organization’s objectives.
  • Evaluate database management practices.
  • Evaluate data governance policies and practices.
  • Evaluate problem and incident management policies and practices.
  • Evaluate change, configuration, release, and patch management policies and practices.
  • Evaluate end-user computing to determine whether the processes are effectively controlled.

Domain 5 - Information Asset Security and Control

  • Conduct audit in accordance with IS audit standards and a risk-based IS audit strategy.
  • Evaluate problem and incident management policies and practices.
  • Evaluate the organization’s information security and privacy policies and practices.
  • Evaluate physical and environmental controls to determine whether information assets are adequately safeguarded.
  • Evaluate logical security controls to verify the confidentiality, integrity, and availability of information.
  • Evaluate data classification practices for alignment with the organization’s policies and applicable external requirements.
  • Evaluate policies and practices related to asset life cycle management.
  • Evaluate the information security program to determine its effectiveness and alignment with the organization’s strategies and objectives.
  • Perform technical security testing to identify potential threats and vulnerabilities.
  • Evaluate potential opportunities and threats associated with emerging technologies, regulations, and industry practices.

CISM

Course Description COURSE BROCHURE

Certified Information Security Manager (CISM) is a registered trademark and course developed by ISACA and the most globally recognized certification among information security management professionals craft skills to effective security management and consulting services.

CISM course and certification exam ensure professional’s to demonstrate their capabilities in developing and managing information security programs along with understanding the core relationship with overall business goals.

The course is designed purposely to give participants an idea to decide how valuable the CISM is, and understand to attain the certification.

This course is based on guidelines to cover the below following topics / domains and provide participants a curve in there preparation of CISM Exam.

  • Domain 1 - Information Security Governance
  • Domain 2 - Information Risk Management
  • Domain 3 - Information Security Program Development and Management
  • Domain 4 - Information Security Incident Management

This preparation course focuses and develops understanding needed to efficiently evaluate, improve and direct organizational information security.

By attending this course, professionals will get a comprehensive review to advance and achieve a robust information security posture to encourage the confidence of management in respective organization’s information security

Upon successful passing the CISSP Exam, professional will gain the skills and knowledge necessary to:

  • Understand the relationship between Information security and business goals along with objectives.
  • Learn to develop an information security governance framework.
  • Learn to identify, manage and guard an organization’s assets for Information security perspective.
  • Learn to manage IT risk to an organizationally acceptable level.
  • Learn to define and design security architecture for your IT operation.
  • Learn to develop and execute the capability to detect, investigate, remediate and recover from security incidents.
  • Focus on IT compliance and the integrity of enterprise systems to establish a more secure enterprise IT framework

Who Should Attend

This program is intended for professionals who have at least 5 years of in Information Systems Security auditing, control or work experience. The program is ideal for those working in positions such as, but not limited to -

  • IT Auditors / Manager, Security Consultant / Manager, IT Director / Manager, Systems Engineer / Analyst, CIO, CTO, CISO or anyone willing to learn how to manage, design, supervise or evaluate an enterprise’s information security.

Course Duration

  • 32 Hours (4 Days * 8 Hours)

Course Content / Outline

Domain 1 - Information Security Governance

  • Explain the need for and the desired outcomes of an effective information security strategy.
  • Create an information security strategy aligned with organizational goals and objectives
  • Gain stakeholder support using business cases
  • Identify key roles and responsibilities needed to execute an action plan
  • Establish metrics to measure and monitor the performance of security governance

Domain 2 - Information Risk Management

  • Explain the importance of risk management as a tool to meet business needs and develop a security management program to support these needs
  • Identify, rank, and respond to a risk in a way that is appropriate as defined by organizational directives
  • Assess the appropriateness and effectiveness of information security controls
  • Report information security risk effectively

Domain 3 - Information Security Program Development and Management

  • Align information security program requirements with those of other business functions
  • Manage the information security program resources
  • Design and implement information security controls
  • Incorporate information security requirements into contracts, agreements and third-party management processes

Domain 4 - Information Security Incident Management

  • Understand the concepts and practices of Incident Management
  • Identify the components of an Incident Response Plan and evaluate its effectiveness
  • Understand the key concepts of Business Continuity Planning, or BCP and Disaster Recovery Planning, or DRP
  • Be familiar with techniques commonly used to test incident response capabilities

CRISC

Course Description COURSE BROCHURE

Certified in Risk and Information Systems Control (CRISC)is a registered trademark and course developed by ISACA and the most globally recognized certification towards risk professionals designed to excel risk assessments tasks such as managing the IT risks, design, implementation, monitoring and maintenance of IS controls.

CRISC course and certification exam ensure professional’s to demonstrate their capabilities and expertise in identifying and managing enterprise IT risk and implementing and maintaining information systems controls.

The course is designed purposely to give participants an idea to decide how valuable the CRISC is, and understand to attain the certification.

This course is based on guidelines to cover the below following topics / domains and provide participants a curve in there preparation of CRISC Exam.

  • Domain 1 - IT Risk Identification
  • Domain 2 - IT Risk Assessment
  • Domain 3 - Risk Response and Mitigation
  • Domain 4 - Risk Control Monitoring and Reporting

This preparation course focuses on risk identification, assessment, response, control monitoring techniques and develops understanding needed to strategies, implement, observe and preserve IS controls for enterprises.

By attending this course, professionals will get a comprehensive review to identifying, assessing and evaluating entity-specific and organizational risk as well as how to help enterprises accomplish business objectives by designing, implementing, monitoring and maintaining risk-based, efficient and effective information systems control.

Upon successful passing the CISSP Exam, professional will gain the skills and knowledge necessary to:

  • Learn effectively prepare and enact strategic and focused plans to mitigate risk.
  • Learn to create the baseline for risk management within their organizations.
  • Learn the execution of the IT risk management strategy
  • Learn to analyze and evaluate IT risk to determine the likelihood and impact on business objectives.
  • Learn to determine risk response options and evaluate the effectiveness to manage risk.
  • Continuously monitor and report on IT risk and controls.

Who Should Attend

This program is intended for professionals who have at least 3 years of experience in professional-level risk control and management The program is ideal for those working in positions such as, but not limited to -

  • IT Auditors / Manager, Security Consultant / Manager, IT Director / Manager, Systems Engineer / Analyst, CIO / CTO / CISO, Risk and Control Professional, Business Analyst, Project and Compliance Manager or anyone willing to learn IT and enterprise risk management

Course Duration

  • 32 Hours (4 Days * 8 Hours)

Course Content / Outline

Domain 1 - Risk Management

  • Collect and review environmental risk data
  • Identify potential vulnerabilities to people, processes and assets
  • Develop IT scenarios based on information and potential impact to the organization
  • Identify key stakeholders for risk scenarios
  • Establish risk register
  • Gain senior leadership and stakeholder approval of the risk plan
  • Collaborate to create a risk awareness program and conduct training

Domain 2 - IT Risk Assessment

  • Analyze risk scenarios to determine likelihood and impact
  • Identify current state of risk controls and their effectiveness
  • Determine gaps between the current state of risk controls and the desired state
  • Ensure risk ownership is assigned at the appropriate level
  • Communicate risk assessment data to senior management and appropriate stakeholders
  • Update the risk register with risk assessment data

Domain 3 - Risk Response and Mitigation

  • Align risk responses with business objectives
  • Develop consult with and assist risk owners with development risk action plans
  • Ensure risk mitigation controls are managed to acceptable levels
  • Ensure control ownership is appropriately assigned to establish accountability
  • Develop and document control procedures for effective control
  • Update the risk register
  • Validate that risk responses are executed according to risk action plans

Domain 4 - Risk and Control Monitoring and Reporting

  • Risk and control monitoring and reporting
  • Define key risk indicators (KRIs) and identify key performance indicators (KPIs) to enable performance measurement key risk indicators (KRIs) and key performance indicators (KPIs)
  • Determine the effectiveness of control assessments
  • Identify and report trends/changes to KRIs/KPIs that affect control performance or the risk profile