Start with 7 free days of training.

Gain instant access to our entire IT training library, free for your first week.
Train anytime on your desktop, tablet, or mobile devices.

This course will be retired in 252 days. If you have questions, please contact us.

As a Certified Information Systems Auditor (CISA), you'll perform business-critical functions by assessing your organization's IT and business systems to ensure they are monitored, controlled, and protected....
As a Certified Information Systems Auditor (CISA), you'll perform business-critical functions by assessing your organization's IT and business systems to ensure they are monitored, controlled, and protected.

CISA is on the level of CISSP and CCIE in prestige — and in the way it distinguishes you from your peers. CISA is globally recognized within the IT industry and beyond, and is used by the US Department of Defense and others as a minimum requirement for many high-end security positions. And studies have found that having the CISA credential can increase your salary potential.

Recommended Experience
  • Familiarity with IT operations
  • Familiarity with IT development lifecycles and project management
Recommended Equipment
  • No special equipment or software needed
Related Certifications
  • Certified Information Systems Auditor (CISA)
Related Job Functions
  • Operations management
  • Development management
  • Project management
  • Auditor
Steve Caseley has been a CBT Nuggets trainer since 2004 and holds a variety of PMI certifications, including PMI-PMP, PMI-ACP, and PMI-SP.
 show less
1. CISA Overview (7 min)
2. The Process of Auditing Information Systems (11 min)
3. IT Audit Standards, Guidelines, Tools and Techniques, and Code of Ethics (9 min)
4. Audit Risk Assessment (15 min)
5. Business Processes (5 min)
6. Control Objectives (8 min)
7. Audit Planning and Management (9 min)
8. Laws and Regulations (3 min)
9. Evidence (11 min)
10. Sampling Methodologies (9 min)
11. Reporting and Communications (5 min)
12. Audit Quality Assurance (3 min)
13. Types of Audits (5 min)
14. Governance and Management of IT (8 min)
15. Information Systems Strategy (10 min)
16. Standards, Governance and Frameworks (9 min)
17. IT Organization (6 min)
18. Legal Compliance (8 min)
19. Enterprise Architecture (4 min)
20. Maintenance of Policies and Procedures (2 min)
21. Maturity Models (5 min)
22. Process Optimization (3 min)
23. IT Investment Strategies (5 min)
24. IT Vendor Selection and Management (8 min)
25. IT Risk Management (8 min)
26. Control Processes (4 min)
27. Quality Management Systems (4 min)
28. IT Performance Monitoring and Reporting (6 min)
29. BCP - Business Impact Analysis (8 min)
30. BCP – Maintenance and Testing (3 min)
31. BCP - Invoke and Return to Normal (7 min)
32. Information Systems Acquisition, Development and Implementation (9 min)
33. Benefits Realization (5 min)
34. Vendor Management (7 min)
35. Project Governance (9 min)
36. Project Management (17 min)
37. Risk Management (5 min)
38. Requirements Management (7 min)
39. Application Architecture (5 min)
40. Methodologies (12 min)
41. Control Objectives and Techniques (11 min)
42. Testing (10 min)
43. Configuration and Change Management (6 min)
44. System Migration and Deployment (10 min)
45. Project Success Criteria (5 min)
46. Post-Implementation Reviews (4 min)
47. Information Systems Operations, Maintenance & Support (8 min)
48. Service Level Frameworks (6 min)
49. Service Level Management (7 min)
50. Monitor 3rd Party Compliance (4 min)
51. Architecture (11 min)
52. Computer Hardware, Software and Networks (22 min)
53. Software Resiliency Tools and Techniques (4 min)
54. Software Licensing and Inventory Interfaces (3 min)
55. Managing Schedules (6 min)
56. System Interface Integrity (10 min)
57. Capacity Planning (4 min)
58. Performance Monitoring (3 min)
59. Data Backup (5 min)
60. Database Administration Practices (9 min)
61. Data Quality and Retention (6 min)
62. Problem and Incident Management (5 min)
63. Managing Change to Production Environments (3 min)
64. Risks and Controls for End User Computing (6 min)
65. Disaster Recovery – Legal and Contractual Issues (7 min)
66. Business Impact of Disaster Recovery (2 min)
67. Disaster Recovery Plan Maintenance (5 min)
68. Alternate Processing Sites (9 min)
69. Disaster Recovery Testing (4 min)
70. Invoking Disaster Recovery (6 min)
71. Protection of Information Assets (8 min)
72. Information Asset Protection (4 min)
73. Privacy Principles (6 min)
74. Security Controls (5 min)
75. Environmental Protection (6 min)
76. Physical Access Controls (5 min)
77. Logical Access Controls (3 min)
78. Identification and Authentication (3 min)
79. Virtual Systems (5 min)
80. Mobile Devices (3 min)
81. Voice Communication (4 min)
82. Internet Security, Protocols and Techniques (9 min)
83. Network Security Concerns (4 min)
84. Data Encryption (3 min)
85. Public Key Infrastructure (5 min)
86. Peer to Peer Computing (5 min)
87. Data Classification Standards (4 min)
88. Handling Confidential Data (4 min)
89. Data Leakage (4 min)
90. End-User Computing Security (5 min)
91. Security Awareness Program (4 min)
92. Cyber Attacks (7 min)
93. Detection Tools (4 min)
94. Security Testing Techniques (6 min)
95. Security Incidents (3 min)
96. Handling of Evidence (4 min)
97. Fraud Risk Factors (6 min)
98. Passing the Exam (7 min)

CISA Overview


Hi. I'm Steve Caseley from CBT Nuggets, and welcome to this Nugget and this series on the CISA, Certified Information Systems Auditor. This Nugget series is focused on preparing you to take and pass your CISA certification exam. There are five knowledge areas that the exam questions are drawn on.


The first of these is process. And to be more explicit, the first domain is the process of auditing information systems. It defines the procedures and the methodology that an IS auditor should follow when completing a CISA audit. The next domain is focused on governance, or again, the full definition is governance and management of IT.


Governance and management of IT is focused on the leadership and the organizational structures and processes that ensure the IT operates effectively. We as auditors will be reviewing and validating that the organization following its own governance and following its own processes.


The next domain is information systems acquisition, development, and implementation. The questions from this knowledge area are going to focus on you being able to review and validate that the hardware and, very explicitly, that the testing methods being applied in the organization are adequate, and that they're following industry best practices, and that the resultant systems that the IT department will be deploying are, in fact, solid, reliable, robust systems capable of being in run in the organization.


The fourth domain is information systems operations, maintenance, and support. I think the name speaks for itself. But this domain is focused on the day-to-day care and feeding of the application systems. This is day-in, day-out keeping them up and running.


This is ensuring that disaster recovery and business continuity plans are in place to recover from those disasters. And it's also focused on the support that's required to upgrade and modernize the software on an as-needed basis to ensure that it continues to support the management requirements of the organization.


And our final domain can probably be summed up in a single word called security, but the official title is protection of information assets, ensuring that we have adequate security in play. It's to ensure that we have reviewed and validated that the adequate controls are in place for full protection the information assets of the organization that's being audited.


So with those five domains that we're going to be tested on, the next step of this introductory Nugget is to ensure that you are prepared for taking and passing that exam. The first general qualification is you need five years of experience in IS audit.


That is A, a fundamental entry to get into the exam, but more importantly, it is an absolute fundamental requirement that you will need to submit projects and experiences before you actually get your certification. So make sure you've got those five years of experience, or at least will have those five years of experience before you are ready to submit that final step of your qualification.


Other than that, how are you going to make sure that you pass this exam? Lots and lots and lots of study. Highly recommend that you go out and buy the actual review manual from ISACA. It's not a cheap book to buy, nor is it the most exciting book to read, but it absolutely fundamentally lays out exactly what it is that the exam is going to be based on, and because there is tons and tons of real life practical experience that will be brought into the questions.


These are not all theory, academic questions. As a matter of fact, a lot of the questions are going to be in a real-life situation-- given this network configuration and this firewall set-up, what would you consider to be the risks? But you really will need to have a very strong depth and breadth across the complete IT spectrum.


So you will need to have lots of other supplemental knowledge to help you through. And the good news, as a subscriber to CBT Nuggets, we have lots and lots of that supplemental knowledge, and I'll talk about that in just a little bit more detail in a moment.


And finally, you will be expected to sign the CISA code of ethics. It basically says, and I will follow the expectations CISA as defined by ISACA. So with all that said and done, you submit your application, you pay the fee, and you will most likely receive the invitation to take the exam.


And what specifically what I recommend for supplemental material for you to take and be prepared for this exam? Well, literally just about any and every Nugget that's out there in the CBT Nuggets library is going to help you be better prepared for the experiential component of your CISA exam.


Do I expect you to take every single Nugget in the CBT Nugget Library? No, probably not. You wouldn't get them all done for years. But think about what your personal experience base is, then go out and find the Nuggets on Cisco. Or perhaps you think, no, I'm pretty good with that, but this Linux thing is pretty common.


Maybe I need to find out a little bit more about Linux. So use your own knowledge base, what you're strong at, and then use Nuggets library to shore up and give you the rest of the experience that you need. And that concludes the CISA overview. If you feel that I've covered a lot of material and gone very quickly, that's deliberate.


This is an overview. All of the Nuggets that follow this overview will peel the onion layer by layer and give you all of the details that you're going to need to understand the theory and the practical applications required of that theory to take and pass your certification exam.


I personally do not have my CISA certification, but that's purely because my employers have never required that I get the formal certification. I do have over 35 years of hands-on experience in IT, and over 15 years of direct experience in IT delivery reviews and audits.


And I bring these years of experience into this Nugget series to ensure that you're prepared for and can successfully pass your certification. I hope this Nugget has been informative for you, and thank you very much for viewing.

The Process of Auditing Information Systems

IT Audit Standards, Guidelines, Tools and Techniques, and Code of Ethics

Audit Risk Assessment

Business Processes

Control Objectives

Audit Planning and Management

Laws and Regulations


Sampling Methodologies

Reporting and Communications

Audit Quality Assurance

Types of Audits

Governance and Management of IT

Information Systems Strategy

Standards, Governance and Frameworks

IT Organization

Legal Compliance

Enterprise Architecture

Maintenance of Policies and Procedures

Maturity Models

Process Optimization

IT Investment Strategies

IT Vendor Selection and Management

IT Risk Management

Control Processes

Quality Management Systems

IT Performance Monitoring and Reporting

BCP - Business Impact Analysis

BCP – Maintenance and Testing

BCP - Invoke and Return to Normal

Information Systems Acquisition, Development and Implementation

Benefits Realization

Vendor Management

Project Governance

Project Management

Risk Management

Requirements Management

Application Architecture


Control Objectives and Techniques


Configuration and Change Management

System Migration and Deployment

Project Success Criteria

Post-Implementation Reviews

Information Systems Operations, Maintenance & Support

Service Level Frameworks

Service Level Management

Monitor 3rd Party Compliance


Computer Hardware, Software and Networks

Software Resiliency Tools and Techniques

Software Licensing and Inventory Interfaces

Managing Schedules

System Interface Integrity

Capacity Planning

Performance Monitoring

Data Backup

Database Administration Practices

Data Quality and Retention

Problem and Incident Management

Managing Change to Production Environments

Risks and Controls for End User Computing

Disaster Recovery – Legal and Contractual Issues

Business Impact of Disaster Recovery

Disaster Recovery Plan Maintenance

Alternate Processing Sites

Disaster Recovery Testing

Invoking Disaster Recovery

Protection of Information Assets

Information Asset Protection

Privacy Principles

Security Controls

Environmental Protection

Physical Access Controls

Logical Access Controls

Identification and Authentication

Virtual Systems

Mobile Devices

Voice Communication

Internet Security, Protocols and Techniques

Network Security Concerns

Data Encryption

Public Key Infrastructure

Peer to Peer Computing

Data Classification Standards

Handling Confidential Data

Data Leakage

End-User Computing Security

Security Awareness Program

Cyber Attacks

Detection Tools

Security Testing Techniques

Security Incidents

Handling of Evidence

Fraud Risk Factors

Passing the Exam

Please help us improve by sharing your feedback on training courses and videos. For customer service questions, please contact our support team. The views expressed in comments reflect those of the author and not of CBT Nuggets. We reserve the right to remove comments that do not adhere to our community standards.

comments powered by Disqus
Intermediate 11 hrs 98 videos


Training Features

Practice Exams
These practice tests help you review your knowledge and prepare you for exams.

Virtual Lab
Use a virtual environment to reinforce what you are learning and get hands-on experience.

Offline Training
Our iOS and Android mobile apps offer the ability to download videos and train anytime, anywhere offline.

Accountability Coaching
Develop and maintain a study plan with one-to-one assistance from coaches.

Supplemental Files
Files/materials that supplement the video training.

Speed Control
Play videos at a faster or slower pace.

Included in this course
Pick up where you left off watching a video.

Included in this course
Jot down information to refer back to at a later time.

Closed Captions
Follow what the trainers are saying with ease.
Steve Caseley
Nugget trainer since 2004