Domain 1: Information System Auditing Process (21%)
· Planning
· Execution
Domain 2: Governance and Management of IT (17%)
· IT Governance and IT Strategy
· IT Management
Domain 3: Information Systems Acquisition,
Development and Implementation (12%)
· Information Systems Acquisition and Development
· Information Systems Implementation
Domain 4:
IS Operations and Business Resilience (23%)
· Information Systems Operations
· Business Resilience
Domain 5: Information Asset Security and
Control (27%)
· Information Asset Security Frameworks, Standards and Guidelines
· Security Event Management
The CISA designation is for Information Systems Audit
professionals who have 5 years of front-line experience with the audit of
information systems such as
Domain 1: Information System Auditing Process (21%)
· Planning
o IS Audit Standards, Guidelines and Codes of Ethics
o Business Processes
o Types of Controls
o Risk-based Audit Planning
o Types of Audits and Assessments
· Execution
o Audit Project Management
o Sampling Methodology
o Audit Evidence Collection Techniques
o Data Analytics
o Reporting and Communication Techniques
o Quality Assurance and Improvement of the Audit Process
Domain 2: Governance and Management of IT (17%)
· IT Governance and IT Strategy
o IT-related Frameworks
o IT Standards, Policies and Procedures
o Organizational Structure
o Enterprise Architecture
o Enterprise Risk Management
o Maturity Models
o Laws, Regulations and Industry Standards Affecting the Organization
· IT Management
o IT Resource Management
o IT Service Provider Acquisition and Management
o IT Performance Monitoring and Reporting
o Quality Assurance and Quality Management of IT
Domain 3: Information Systems Acquisition, Development and Implementation (12%)
· Information Systems Acquisition and Development
o Project Governance and Management
o Business Case and Feasibility Analysis
o System Development Methodologies
o Control Identification and Design
· Information Systems Implementation o
o Testing Methodologies
o Configuration and Release Management
o System Migration, Infrastructure Deployment and Data Conversion o Post-implementation Review
Domain 4: IS Operations and Business Resilience (23%)
· Information Systems Operations
o Common Technology Components
o IT Asset Management
o Job Scheduling and Production Process Automation
o System Interfaces o End-user Computing
o Data Governance
o Systems Performance Management
o Problem and Incident Management
o Change, Configuration, Release and Patch Management
o IT Service Level Management
o Database Management
· Business Resilience
o Business Impact Analysis
o System Resiliency
o Data Backup, Storage and Restoration o
o Business Continuity Plan
o Disaster Recovery Plans
Domain 5: Information Asset Security and Control (27%)
· Information Asset Security Frameworks, Standards and Guidelines
o Privacy Principles
o Physical Access and Environmental Controls
o Identity and Access Management
o Network and End-point Security
o Data Classification
o Data Encryption and Encryption-related Techniques
o Public Key Infrastructure
o Web-based Communication Technologies
o Virtualized Environments
o Mobile, Wireless and Internet-of-things Devices
· Security Event Management
o Security Awareness Training and Programs
o Information System Attack Methods and Techniques
o Security Testing Tools and Techniques
o Security Monitoring Tools and Techniques
o Incident Response Management
o Evidence Collection and Forensics
Required fields are marked (*).
Anamnagar - 32 Kathmandu, Nepal
info@labanepal.com
+977-1-4102721, 4102722, 4244804
10 AM - 5 PM
Required fields are marked (*).
Anamnagar - 32 Kathmandu, Nepal
info@labanepal.com
+977-1-4102721, 4102722, 4244804
10 AM - 5 PM