it is independent and the most prestige IT auditors certification. CISA program is accredited by ANSI and is recognized on a state level in many countries worldwide.
The Certified Information System Auditor course comes as a boon in an age that depends heavily on IT systems.

CISA Course Content
CISA – Consists of 5 domains :
  • Domain 1: The process of auditing information systems
  • Domain 2: Governance and management of IT
  • Domain 3: Information systems acquisition, development, and implementation
  • Domain 4: Information systems operations, maintenance and support
  • Domain 5: Protection of information assets

Domain wise Detailed Content

Domain 1 :

  • The Process of Auditing Information Systems.

    7 areas that you need to prepare

  • Management of the IS Audit Function
  • ISACA IT Audit and Assurance Standards and Guidelines
  • Risk Analysis
  • Internal Controls
  • Performing an IS Audit
  • Control Self-Assessment
  • The Evolving IS Audit Process

Domain 2 :

  • Governance and Management of IT.

    12 areas that you need to prepare

  • Corporate Governance
  • IT Governance (ITG)
  • Information Technology Monitoring and Assurance Practices for Board and Senior Management
  • Information Systems Strategy
  • Maturity and Process Improvement Models
  • IT Investment and Allocation Practices
  • Policies and Procedures
  • Risk Management
  • Human Resources Management (before, during and after)
  • IS Organizational Structure and Responsibilities
  • Auditing IT Governance Structure and Implementation
  • Auditing Business Continuity

Domain 3 :

  • Systems Acquisition, Development and Implementation.

    12 areas that you need to prepare

  • Business realization
  • Project Management Structure
  • Project Management Practices
  • Business Application Development
  • Business Application Systems
  • Alternative Development Methods
  • Infrastructure Development/Acquisition Practices
  • Information Systems Maintenance Practices
  • System Development Tools and Productivity Aids
  • Process Improvement Practices
  • Application Controls
  • Auditing Systems Development, Acquisition and Maintenance

Domain 4 :

  • Information Systems Operations, Maintenance and Support.

    6 areas that you need to prepare

  • Information Systems Operations
  • Information Systems Hardware
  • IS Architecture and Software
  • IS Network Infrastructure
  • Auditing Infrastructure and Operations
  • Disaster Recovery Planning

Domain 5 :

  • Protection of Information Assets.

    7 areas that you need to prepare

  • Importance of Information Security Management
  • Logical Access
  • Network Infrastructure Security
  • Auditing Information Security Management Framework
  • Auditing Network Infrastructure Security
  • Physical Access Exposures and Controls
  • Mobile Computing

Internet & Network Security Professional

  • Network Basics
  • Intro to managing services
  • IT Security & Data Security
  • Component of IT Security
  • IT Security Tools

    a. Manage Engine
    b. Web sense
    c. End point securities
    d. Symantec Gate Way

  • Server Security
  • Application Security
  • Network Security
  • VoIP Security
  • Enterprises level security
  • ITIL Security Management

    a. Security management
    b. Control
    c. Plan
    d. Implementation
    e. Evaluation
    f. Maintenance
    g. Complete process-data model
    h. Relations with other ITIL processes

  • Malware
  • Risk Management
  • Cryptography
  • Identity and Authentication
  • Authentication Mechanisms
  • Perimeter Security
  • Cloud Security
  • Intrusion Detection
  • Incident Response
  • Contingency Planning
  • Intro to CISSP
  • Intro to IT Audit & Security


The Certified in Risk and Information Systems Control™ certification is designed for IT professionals
who have hands-on experience with risk identification, assessment, and evaluation; risk response; risk monitoring;
IS control design and implementation; and IS control monitoring and maintenance.

  • Who Should Attend
  • Management & Operational IT Professional
  • To get the CRISC credential, a professional must:
  • • Concur to abide by the CRISC Continuing Education Policy
    • Pass the CRISC exam
    • Stick to the ISACA Code of Professional Ethics

  • JOB Levels (with ISACA Certification )
  • Senior IT Auditor,
  • Security Engineer Architect,
  • IT Security Analyst,or Information Assurance Program Manager
  • Course Outline

  • • Risk Identification Assessment and Evaluation (RI)
  • • Risk Response (RR)
  • • Risk Monitoring (RM)
  • • IS Control Design and Implementation (CD)
  • • IS Control Monitoring and Maintenance (MM)

  • Risk Identification, Assessment and Evaluation

  • • Collect information and review documentation to ensure that risk scenarios are identified and evaluated.
  • • Identify legal, regulatory and contractual requirements and organizational policies and standards related to information systems to determine their potential impact on the business objectives.
  • • Identify potential threats and vulnerabilities for business processes, associated data and supporting capabilities to assist in the evaluation of enterprise risk.

  • Information Systems Control Design and Implementation

  • • Interview process owners and review process design documentation to gain an understanding of the business process objectives.
  • • Analyze and document business process objectives and design to identify required information systems controls.
  • • Design information systems controls in consultation with process owners to ensure alignment with business needs and objectives.
  • • Facilitate the identification of resources

  • Risk Response
  • • Identify and evaluate risk response options and provide management with information to enable risk response decisions.
  • • Review risk responses with the relevant stakeholders for validation of efficiency, effectiveness and economy.
  • • Apply risk criteria to assist in the development of the risk profile for management approval.
  • • Assist in the development of risk response action plans to address risk factors identified in the organizational risk profile.
  • • Assist in the development of business cases supporting the investment plan to ensure that risk responses are aligned with the identified business objectives.

  • Information Systems Control Monitoring and Maintenance
  • • Plan, supervise and conduct testing to confirm continuous efficiency and effectiveness of information systems controls.
  • • Collect information and review documentation to identify information systems control deficiencies.
  • • Review information systems policies, standards and procedures to verify that they address the organization's internal and external requirements.
  • • Assess and recommend tools and techniques to automate information systems control verification processes.

  • Risk Monitoring
  • • Collect and validate data that measure key risk indicators (KRIs) to monitor and communicate their status to relevant stakeholders.
  • • Monitor and communicate key risk indicators (KRIs) and management activities to assist relevant stakeholders in their decision-making process.
  • • Facilitate independent risk assessments and risk management process reviews to ensure that they are performed efficiently and effectively.