CISSA Certified Information Systems Security Auditor Exam

Opis

Egzamin prowadzący do uzyskania certyfikacji CISSA Certified Information Systems Security Auditor obejmuje swoim zakresem zagadnienia wyznaczone przez program autoryzowanego szkolenia C)ISSA – Certified Information Systems Security Auditor

Przebieg egzaminu

Egzamin zdawany w języku angielskim.

Maksymalny czas trwania egzaminu: 120 minut

Pytania typu test wyboru:

  • jedna prawidłowa odpowiedź
  • wiele prawidłowych odpowiedzi
  • odpowiedzi do ręcznego uzupełnienia

Przybliżona liczba pytań: 100

Egzamin jest realizowany w formule online z dowolnego miejsca i komputera oraz w dowolnym czasie.

Egzamin ma formę „open book” co oznacza, że podczas jego zdawania można korzystać z materiałów szkoleniowy.

Po zakończeniu egzaminu, jego wynik jest prezentowanych od razu. Dodatkowo informacja o wyniku egzaminu wraz z elektronicznym certyfikatem w przypadku pozytywnego wyniku jest wysyłana drogą email na adres podany przy zakładaniu konta My Mile2 https://mile2.com/students.html

Uwaga: W przypadku niepowodzenia (nie zdanie egzaminu) Mile2 oferuje zniżkę na poprawkowy egzamin (50%), w tym celu należy się kontaktować za pośrednictwem email [email protected].

Gdzie?

Wszystkie egzaminy firmy Mile2 w tym egzamin Mile2 CISSA Certified Information Systems Security Auditor jest zdawany za pośrednictwem autorskiego systemu egzaminacyjnego online MACS (Mile2® Assessment and Certification System). System egzaminacyjny dostępny jest wprost na stronie www.mile2.com , aby uzyskać do niego dostęp w pierwszej kolejności należy zalogować się na swoje konto My Mile2 a po zalogowaniu po prawej stronie w User menu znajduje się link do MACS. Przechodząc do MACS widzimy wszystkie swoje zakupione lub opłacone za pomocą voucherów dostępne egzaminy.

Rejestracja na egzamin wymaga zakupu stosownego egzaminu za pośrednictwem sklepu online https://mile2.com/mile2-online-estore/exams.html , również ta sama droga obowiązuje w przypadku posiadania voucher egzaminacyjny np. otrzymywany podczas autoryzowanego szkolenia Mile2 – kupujemy wybrany egzamin wybierając jako formę płatności voucher. Po dokonaniu zakupu egzamin jest dostępny na naszym koncie My Mile2 i jest gotowy do uruchomienia w dowolnym dogodnym czasie dla kandydata.

Wymagania

Pozytywny wynik egzaminu.

Cena

400 USD

Zagadnienia

Egzamin Mile2 CISSA Certified Information Systems Security Auditor został zaprojektowany do sprawdzania wiedzy i umiejętności kandydatów z następujących obszarów:

The Process of Auditing Information Systems

  • Audit Charter
  • Definition of Auditing
  • Definition of Information Systems Auditing
  • Audit Objectives
  • Audit Planning
  • Audit Planning cont.
  • IS Audit Resource Management
  • Types of Audits
  • Elements of an Audit
  • Creating the Plan for an Audit
  • Planning the Audit
  • Audit Methodology
  • Phases of an Audit
  • Audit Work papers
  • Audit Procedures
  • Types of Tests for IS Controls
  • Forensic Audits
  • Fraud Detection

Risk Based Auditing

  • Risk – Based Auditing
  • Definition of Risk
  • Purpose of Risk Management
  • Risk Management
  • Purpose of Risk Analysis
  • Why Use Risk Based Auditing
  • Risk Assessment and Treatment
  • Risk Assessment and Treatment cont.
  • General Controls
  • Internal Controls
  • Areas of Internal Control
  • IS Controls Versus Manual Controls
  • IS Controls
  • IS Controls cont.
  • Internal Control Objectives
  • Assessing and Implementing Countermeasures
  • Performing an Audit Risk Assessment
  • A Risk Based Audit Approach
  • Risk – based Auditing

Audit Planning and Performance

  • Audit Planning
  • Effect of Laws and Regulations on IS Audit Planning
  • Performing the Audit
  • ISACA IT Audit and Assurance Tools and Techniques
  • ISACA IT Audit and Assurance Standards Framework
  • Relationship Among Standards, Guidelines and Tools and Techniques
  • ISACA IT Audit and Assurance Standards
  • Framework cont.
  • Evidence
  • Gathering Evidence
  • Sampling
  • Compliance vs. Substantive Testing
  • Testing Controls
  • Integrated Auditing
  • Using the Services of Auditors and Experts
  • Audit Risk
  • Computer-assisted Audit Techniques

Reporting on Audit

  • Audit Analysis and Reporting
  • Audit Documentation
  • Automated Work Papers
  • Automated Work Papers cont.
  • Evaluation of Audit Strengths and Weaknesses
  • Communicating Audit Results
  • Management Implementation of Audit Recommendations

IT Governance and Management

  • Governance and Management of IT
  • Corporate Governance
  • IT Governance
  • Information Technology Monitoring and Assurance Practices for Management
  • Best Practices for IT Governance
  • Information Security Governance
  • Result of Security Governance

Strategic Planning and Models

  • IS Strategy
  • Strategic Enterprise Architecture Plans
  • IT Strategy Committee
  • Standard IT Balanced Scorecard
  • Enterprise Architecture
  • Maturity and Process Improvement Models
  • IT Investment and Allocation Practices
  • Auditing IT Governance Structure and Implementation
  • Policies, Standards and Procedures
  • Policies and Procedures
  • Policies
  • Procedures
  • Standards
  • Risk Management
  • Risk Management Process
  • Risk Analysis Methods
  • Risk Mitigation

Resource Management

  • Organization of the IT Function
  • IS Roles and Responsibilities
  • Segregation of Duties Within IS
  • Segregation of Duties Controls
  • Human Resource Management
  • Sourcing Practices
  • Management of IT Functional Operations
  • Organizational Change Management
  • Change Management cont.
  • Quality Management
  • Performance Optimization
  • Reviewing Documentation
  • Reviewing Contractual Commitments

Business Continuity Planning

  • Business Continuity Planning
  • IS Business Continuity Planning
  • Disasters and Other Disruptive Events
  • Business Continuity Planning Process
  • Business Continuity Policy
  • Business Continuity Planning Incident Management
  • Business Impact Analysis cont.
  • Development of Business Continuity Plans
  • Other Issues in Plan Development
  • Components of a Business Continuity Plan
  • Components of a Business Continuity Plan cont.
  • Insurance
  • Plan Testing
  • Summary of Business Continuity
  • Auditing Business Continuity
  • Reviewing the Business Continuity Plan
  • Evaluation of Prior Test Results
  • Evaluation of Offsite Storage
  • Interviewing Key Personnel
  • Evaluation of Security at Offsite Facility
  • Reviewing Alternative Processing Contract
  • Reviewing Insurance Coverage

Systems Acquisition, Development and Implementation

  • Program and Project Management
  • Portfolio/Program Management
  • Portfolio/Program Management cont.
  • Business Case Development and Approval
  • Benefits Realization Techniques
  • General IT Project Aspects
  • Project Context and Environment
  • Project Organizational Forms
  • Project Communication
  • Project Objectives
  • Roles and Responsibilities of Groups and Individuals
  • Project Management Practices
  • Project Planning
  • Project Planning cont.
  • General Project Management
  • Project Controlling
  • Project Risk
  • Closing a Project

Systems Development Models

  • Business Application Development
  • Traditional SDLC Approach
  • Traditional SDLC Approach cont.
  • Traditional SDLC Approach cont.
  • Requirements Definition
  • Business Process Reengineering and Process Change Projects
  • Business Process Reengineering and Process Change Projects cont.
  • Risk Associated with Software Development
  • Use of Structures Analysis, Design and Development Techniques
  • Alternative Development Methods
  • Agile Development
  • Agile Development
  • Prototyping
  • Rapid Application Development
  • Other Alternative Development Methods
  • Computer-aided Software Engineering
  • Fourth-generation Languages

Types of Specialized Business Applications

  • Electronic Commerce
  • Electronic Data Interchange
  • Electronic Mail
  • Electronic Banking
  • Electronic Finance
  • Electronic Funds Transfer
  • Automated Teller Machine
  • Artificial Intelligence and Expert Systems
  • Business Intelligence
  • Decision Support Systems
  • Decision Support Systems cont.
  • Acquisition
  • Infrastructure Development / Acquisition Practices
  • Project Phases of Physical Architecture Analysis
  • Hardware Acquisition
  • System Software Acquisition
  • Auditing Systems Development, Acquisition and Maintenance
  • Auditing Systems Development Acquisition
  • System Software Change Control Procedures

Application Controls

  • Application Controls
  • Input/Origination Controls
  • Processing Procedures and Controls
  • Output Controls
  • Types of Output Controls
  • Business Process Control Assurance
  • Auditing Application Controls
  • Application Testing
  • Precautions Regarding Testing
  • System Change Procedures and the Program Migration Process

Information Systems Operations, Maintenance and Support

  • Information Security Management
  • Information Systems Operations
  • Management of IS Operations
  • IT Service Management
  • Infrastructure Operations
  • Monitoring Use of Resources
  • Support / Help Desk
  • Change Management Process
  • Release Management

System and Communications Hardware

  • Computer Hardware Components and Architectures
  • Computer Hardware Components and Architectures cont.
  • Security Risks with Portable Media
  • Security Controls for Portable Media
  • Hardware Maintenance Program
  • Hardware Monitoring Procedures
  • Capacity Management
  • IS Architecture and Software
  • Operating Systems
  • Access Control Software
  • Data Communications Software
  • Data Management
  • Database Management System cont.
  • Tape and Disk Management Systems
  • Utility Programs
  • Software Licensing Issues
  • Digital Rights Management
  • Auditing Networks
  • Network Infrastructure
  • Enterprise Network Architectures
  • Types of Networks
  • Network Standards and Protocol
  • OSI Architecture
  • Application of the OSI Model in Network Architectures cont.
  • Network Architectures
  • Network Components
  • Communications Technologies
  • Communications Technology cont.
  • Wireless Networking
  • Risks Associated with Wireless Communications
  • Internet Technologies
  • Auditing of Network Management
  • Auditing of Applications Management
  • Hardware Reviews
  • Operating System Reviews
  • Database Reviews
  • Network Infrastructure and Implementation Reviews
  • Network Infrastructure and Implementation Reviews
  • Physical Security Audits
  • Access Controls Review
  • Scheduling Reviews
  • Scheduling Reviews; Questions to Consider
  • Auditing Job Scheduling
  • Job Scheduling Reviews
  • Personnel Reviews
  • Business Continuity and Disaster Recovery
  • Audits
  • Auditing of Business Continuity Plans
  • Recovery Point Objective and Recovery Time
  • Objective
  • Business Continuity Strategies
  • Recovery Strategies
  • Recovery Alternatives
  • Audit of Third Party Recovery Agreements
  • Organization and Assignment of Responsibilities
  • Team Responsibilities
  • Backup and Restoration

Auditing Networks

  • Network Infrastructure
  • Enterprise Network Architectures
  • Types of Networks
  • Network Services
  • Network Standards and Protocols
  • OSI Architecture
  • OSI Architecture (continued)
  • Application of the OSI Model in Network Architectures cont.
  • Network Architectures
  • Network Components
  • Communications Technologies
  • Communications Technology cont.
  • Wireless Networking
  • Risk Associated with Wireless Communications
  • Internet Technologies
  • Auditing of Network Management
  • Auditing of Applications Management
  • Hardware Reviews
  • Operating Systems Reviews
  • Database Reviews
  • Network Infrastructure and Implementation Reviews
  • Network Infrastructure and Implementation Reviews
  • Physical Security Audits
  • Access Controls Review
  • Access Controls Review cont.
  • Scheduling Reviews
  • Scheduling Reviews; Questions to Consider
  • Auditing Job Scheduling
  • Job Scheduling Reviews
  • Personnel Reviews

Business Continuity and Disaster Recovery Audits

  • Auditing of Business Continuity Plans
  • Recovery Point Objective and Recovery Time Objective
  • Business Continuity Strategies
  • Recovery Strategies
  • Recovery Alternatives
  • Audit of Third Party Recovery Agreements
  • Organization and Assignment of Responsibilities
  • Team Responsibilities
  • Backup and Restoration
  • End of Domain Four

Protection of Information Assets

  • Information Security Management
  • Importance of Information Security Management
  • Key Elements of Information Security Management
  • Critical Success Factors to Information Security Management
  • Inventory and Classification of Information Assets
  • Privacy Management Issues and the Role of IS Auditors
  • Social Media Risks

Access Controls

  • System Access Permission
  • Mandatory and Discretionary Access Controls
  • IAAA
  • Authentication
  • Authorization
  • Challenges with Identity Management
  • Identification and Authentication
  • Logical Access Exposures
  • Paths of Logical Access
  • Logical Access Control Software
  • Auditing Logical Access
  • Access Control Lists
  • Centralized versus Decentralized Access
  • Decentralized Access Risks
  • Single Sign-on (SSO)
  • Single Sign-on Advantages
  • Single Sign-on Disadvantages
  • Familiarization with the Organization’s IT Environment
  • Remote Access
  • Remote Access Security
  • Auditing Remote Access
  • Logging All System Access

Equipment and Network Security

  • Security of Portable Media
  • Mobile Device Security
  • Storing, Retrieving, Transporting and Disposing of Confidential Information
  • Concerns Associated with Storage Media
  • Network Infrastructure Security
  • LAN Security Issues
  • Client-server Security
  • Wireless Security Threats
  • Audit Log Analysis Tools
  • Internet Threats and Security
  • Causes of Internet Attacks
  • Firewalls
  • Firewall Issues
  • Network Security Architectures
  • Honeypots and Honeynets
  • Intrusion Detection and Prevention Systems
  • IDS / IPS Components
  • IDS / IPS Features
  • Voice-Over IP (VoIP)
  • Techniques for Testing Security
  • Auditing Network Infrastructure Security

Encryption

    • Encryption Definition
    • Encryption
    • Symmetric Encryption
    • Asymmetric Algorithms
    • Hashing Algorithms
    • Digital Signatures
    • Digital Envelope
    • Public Key Infrastructure (PKI)
    • Uses of Encryption in Communications
    • Auditing Encryption Implementations
    • Malware
    • Viruses
    • Virus Protection
    • Other Forms of Malware
    • Incident Handling and Evidence
    • Security Incident Handling and Response
    • Evidence Handling
    • Physical and Environmental Controls
    • Physical Access Issues and Exposures
    • Physical Access Issues and Exposures cont.
    • Physical Access Controls
    • Controls for Environmental Exposures
    • Controls for Environmental Exposures cont.
    • Controls for Environmental Exposures cont.
    • Electrical Problems
    • Auditing Physical Access

Dodatkowe informacje

Jak się przygotować?

Sugerowane:

Bezpośrednia drogą przygotowująca do egzaminu jest udział w autoryzowanym szkoleniu Mile2:

C)ISSA – Certified Information Systems Security Auditor

W przypadku udziału w autoryzowanym szkoleniu Mile2, jego uczestnik otrzymuje poza materiałami szkoleniowymi w formie papierowe lub/i elektronicznej również darmowy voucher egzaminacyjny na stosowny egzamin certyfikacyjny.

Wysoce rekomendowane:

Upewnienie się, że wszystkie przedstawione zagadnienia egzaminacyjne są kandydatowi bardzo dobrze znane zarówno od strony teoretycznej jak i praktycznej.

Inne:

Mile2 oferuje również szereg innych materiałów i form edukacji pozwalających na przygotowanie się do egzaminu CISSA Certified Information Systems Security Auditor są to:

– materiały typu prep guide https://mile2.com/mile2-online-estore/prep-guides.html

– książki szkoleniowe w wersji elektronicznej https://mile2.com/mile2-online-estore/electronic-books.html

– dostęp do laboratorium ćwiczeniowego Mile2 Cyber Range https://mile2.com/mile2-online-estore/cyber-range.html

– materiały wideo z nagranymi sesjami szkoleniowymi https://mile2.com/mile2-online-estore/training-videos.html