CISA/ CISSP

This is a 4-days fast-track CISA exam preparation course provided for the student who already CISSP certified. The training will only focus on the audit technique and auditor concerns. All the technical details and content covered by CISSP will be skipped, and the trainee should self-study all the materials.

Day 1:  Focus on Domain 1 to understand the Audit process and techniques

Day 2: Focus on Domain 2 and Domain 3, brief discuss the auditor concern on IT Governance, Project Management, and Software Development / Acquisition

Day 3: Focus on Domain 4 and Domain 5, brief discuss the auditor concern on Day-to-day operation and information asset protection

Day 4: After finish all the MCs (homework) form Domain 1 to Domain 5, a training session to discuss some of the MC questions and answers.
 

Pre-requisition:

- The candidate should have strong knowledge on technical background covered in the CISSP

Domain 1: The process of Auditing Information Systems- Information Security Audit 

• Information Security Management Framework
• COBIT5 / ISO 19011:2011
• Planning, Code of Ethics, 
• Audit Classification
• Audit Program
• Audit Methodology
• ISO 27001:2013 / PCI DSS
• Risk-based Audit
• Audit Testing
• Audit Sampling
• Audit Evidence
• Computer-assisted Audit Techniques
• Audit Result
• Audit Documentation
• Control Self-Assessment
• Continuous Auditing
  - Self Study:
• Security Principles and definition
• Risk Management
• Information System Control
• Vulnerability Assessment

Domain 2: Governance and Management of IT- Tutorial only focus provide a brief discussion on auditor concern. Self-study for these subjects with the provided notes

• IT Security Governance
• IT Steering Committee
• Enterprise Architecture
• Strategic Planning
• Policies
• Legal, Regulator, Compliance
• Privacy
• Human Resource Management
• Outsourcing / Supplier Management
• Cloud Computing
• Organization Structure / Roles and Responsibly 

Domain 3: IS Acquisition, Development & Implementation

- Tutorial only focus provide a brief discussion on auditor concern. Self-study for these subjects with the provided notes

• Project Management
• Software Development
• Business Application Systems
• Software Vulnerabilities
• Software Controls
• Change Management Process
• Configuration Management Process
• Business Process Re-engineering
• OWASP Top-10

Domain 4: IS Operation, Maintenance & Support

- Tutorial only focus provide a brief discussion on auditor concern. Self-study for these subjects with the provided notes

• Information System Operations
• Information System Hardware
• IS Architecture and software
• IS Network Infrastructure
• Monitoring, Measurement, Analysis, Evaluation
• Database management system
• BCP and DRP
• Backup Management

Domain 5: Protection of Information Assets

- Tutorial only focus provide a brief discussion on auditor concern. Self-study for these subjects with the provided notes

• Asset Management
• Access Control
• Physical and Environmental Security
• Privacy
• Computer Crime
• Encryption

Date: 15/5, 17/5, 24/5, 7/6
Time: 19:00-22:00

Course fee: HKD3,500