Certified Information Security Auditor (CISA)










Course name: Certified Information Security Auditor (CISA)

Number of days: 4 days

Dates: Monday 17th December to Thursday 20th December 2018

Venue: McKesson, 3300 Airport Business Park, Cork

Training provider: The Knowledge Academy

Subsidised member fee: €1200

Non-member fee: €1700


To book a place on this course or to register your interest, email Annette Coburn skillnet@itcork.ie




Students taking this course should have a minimum of five years of professional information systems auditing, control, or security work experience as described in the CISA job practice domain areas:

  • The Process of Auditing Information Systems
  • Governance and Management of IT
  • Information Systems Acquisition, Development, and Implementation
  • Information Systems Operations, Maintenance and Support
  • Protection of Information Assets



The intended audience for this course is information security and IT professionals, such as network administrators and engineers, IT managers, and IT auditors, and other individuals who want to learn more about information security, who are interested in learning in-depth information about information security management, who are looking for career advancement in IT security, or who are interested in earning the CISM certification.



Upon successful completion of this course, students will be able to:

– establish and maintain a framework to provide assurance that information security strategies are aligned with business objectives and consistent with applicable laws and regulations.

– identify and manage information security risks to achieve business objectives.

– create a program to implement the information security strategy.

– implement an information security program.

– oversee and direct information security activities to execute the information security program.

– plan, develop, and manage capabilities to detect, respond to, and recover from information security incidents.




The course provides candidates with a comprehensive understanding of the Five Domains of Information Security Auditing and uses an engaging and interactive training methodology to ensure that delegates are able to apply learning within the workplace. The course provides plenty of opportunities for revision and exam preparation and gives delegates the best chance of achieving this globally acknowledged certification.

Domain 1: Information Systems Audit Process

  • Developing a risk-based IT audit strategy.
  • Planning specific audits.
  • Conducting audits to IS audit standards.
  • Implementation of risk management and control practices.

Domain 2: IT Governance and Management 

  • Effectiveness of IT governance structure.
  • IT organisational structure and human resources (personnel) management.
  • Organisation’s IT policies, standards and procedures.
  • Adequacy of the Quality Management System.
  • IT management and monitoring controls.
  • IT resource investment.
  • IT contracting strategies and policies.
  • Management of organisations IT-related risks.
  • Monitoring and assurance practices.
  • Organisation business continuity plan.

Domain 3: Information Systems Acquisition, Development and Implementation

  • Business case development for IS acquisition, development, maintenance and retirement.
  • Project management practices and controls.
  • Conducting reviews of project management practices.
  • Controls for requirements, acquisition, development and testing phases.
  • Readiness for information systems.
  • Project plan reviewing.
  • Post implementation system reviews.

Domain 4: Information Systems Operations, Maintenance and Support

  • Conduct periodic reviews of organisation objectives.
  • Service level management.
  • Third party management practices.
  • Operations and end-user procedures.
  • Process of information systems maintenance.
  • The impact of data administration practices on the integrity and optimisation of databases.
  • Capacity and performance monitoring tools and techniques.
  • Problem and incident management practices.
  • Change, configuration and release management practices.
  • Adequacy of backup and restore provisions.  Disaster recovery plans.

Domain 5: Protection of Information Assets

  • Information security policies, standards and procedures.
  • Designing, implementing and monitoring logical security controls.
  • Designing, implementing and monitoring data classification processes.
  • Designing, implementing and monitoring physical access and environmental controls.
  • Processes for storing, retrieving, transporting and disposing information assets.



To book a place on this course or to register your interest, email Annette Coburn skillnet@itcork.ie