On-Site Training Course Descriptions 

 

A variety of courses—delivered by trusted industry experts—developed to enhance your skills and knowledge.

More topics. More insight.

Keep your edge in today’s competitive market! ISACA’s on-site training programs provide a unique opportunity to enhance your team’s skills and knowledge through a wide variety of customizable curriculum and globally respected professional certifications. Please click on a topic area for more information.

Audit/Assurance Courses

Fundamentals of IT Audit and Assurance (FITAA)

The role of the auditor has evolved from focusing solely on management to becoming responsible for the controls that provide the proper governance of an enterprise’s most valuable asset—information. This course will enhance understanding of the necessary tools and techniques, illustrate why they are needed, and show how they should be used to optimize the assessment and assurance process. Please note: This is not a CISA review course.

Learning Objectives:

  • Provide stakeholders assurance that the enterprise’s information is properly protected
  • Assure that the correct controls are in place and effective in order to achieve business goals
  • Have more than just a basic understanding of the controls and objectives
  • Understand organizational risks and how to mitigate them to provide assurance

Prerequisites: None.

Target Audience:

  • New IT auditors
  • Financial and operational auditors seeking a better understanding of IT controls
  • Auditors and accountants needing to understand IT controls for compliance reporting
  • IT professionals seeking to understand assurance and/or assessment processes
  • Those aspiring to attain the CISA designation

Back to top of page

 

IT Audit and Assurance Practices (ITAAP)

Building on information presented in the Fundamentals of IT Audit and Assurance, this course is a practice-based program that uses lecture, class interaction and case studies. Since it is aligned with the CISA job practice areas and ISACA’s IS Auditing Standards, Guidelines and Procedures, the course is of great value to professionals preparing for the CISA examination. Please note: This is not a CISA review course.

Learning Objectives:

  • Develop a risk assessment process and related mitigation strategies
  • Develop an audit or internal assessment plan
  • Develop effective and results-oriented assurance practices on which management can rely

Prerequisite: The Fundamentals of IT Assurance and Audit course; or understanding of IT and assurance concepts.

Target Audience:

  • Experienced IT auditors who need an in-depth understanding of assurance practices
  • Assurance professionals and financial and operational auditors who need an understanding of IT
  • IT professionals who need an understanding of selfassessment practices and processes
  • IT or assurance professionals looking for methods to identify, measure and test risk
  • Security professionals who need to understand how to test and measure security controls

Back to top of page

 

The Essentials of Cloud Computing for Audit Professionals

Examine cloud computing models, look into the threat model and security issues related to data and computation outsourcing, and explore practical applications of secure cloud computing. Examine the threats and security implications to befall poorly established and maintained cloud computing environment. Discuss audit approaches and methodologies for assessing internal control exposures within cloud computing environments.

Learning Objectives:

  • Discuss key security and control considerations within cloud computing environments
  • Understand and contrast security threats, risks and benefits of implementing cloud solutions
  • Recognize steps and processes used to perform an audit assessment of a cloud computing environment
  • Assess environments that would benefit from implementing cloud solutions, and those that might not
  • Weigh the impact of improperly controlled cloud computing environments on organizational sustainability

Prerequisites: None.

Target Audience:

  • Internal and external auditors (IT, financial, operational)
  • Chief Technology Officers, Chief Information Officers, Chief Security Officers
  • Persons charged with establishing or reviewing the implications of implementing cloud computing strategies
  • Persons charged with substantiating organizational compliance to governance regulations
  • Professionals who want to learn more about assessing their organization’s implementation of cloud computing technologies

Back to top of page

 

Web Application Security for Auditors

 

This seminar will focus on the audit and security issues related to web application systems and related technology components and infrastructure.

Learning Objectives:

  • Provide an understanding of key web application technologies; components and infrastructure
  • Provide and understanding of key risks to web applications
  • Discuss audit and control issues in web application systems

Prerequisite: None.

Target Audience:

  • Internal and external auditors (IT, financial, operational)
  • New IT auditors
  • Financial and operational auditors seeking a better understanding of IT controls
  • Auditors and accountants needing to understand IT controls for compliance reporting
  • IT professionals seeking to understand assurance and/or assessment processes
  • Those aspiring to attain the CISA designation

Back to top of page

 

Security Topics

Information Security Management

Information is much more accessible and available today. Similarly, the risks and security threats associated with information have increased, not only in number, but also in complexity. Participants will learn how to develop and manage a capability to respond to and recover from disruptive and destructive information security events. Please note: This is not a CISA review course.

Learning Objectives:

  • Ensure that an enterprise’s information is protected
  • Have the expertise needed to reduce risk and protect the enterprise
  • Design, develop, implement and manage an effective security management program
  • Establish and maintain an IT governance framework aligned with business objectives
  • Identify and manage information security risks

Prerequisites: Knowledge and understanding of information security architecture and technology. Previous managerial experience is helpful but not required. This program is designed specifically for information security professionals who have, or aspire to have, information security management responsibilities.

Target Audience:

  • Information security practitioners
  • Information security consultants
  • Information security managers
  • Security professionals, including those aspiring to attain the CISM designation

Back to top of page

 

Information Security Management (Advanced)

This session will provide detailed workshop discussion and case studies on key information security areas. We will focus on practical development and implementation of processes to manage governance, risk and compliance areas relating to information security within the enterprise.

Learning Objectives:

  • Understand key information security governance requirements and practices
  • Understand information security risks and processes to identify and manage risk within the organization
  • Understand key risk mitigation strategies for current and emerging information security issues
  • Develop and implementation key areas of an organizations information security program to mitigate risks to acceptable levels

Prerequisites: Successful completion of Information Security Management. Knowledge and understanding of information security architecture and technology. Previous managerial experience is helpful but not required.

Target Audience:

  • Information security practitioners
  • Information security consultants
  • Information security managers
  • Security professionals, including those aspiring to attain the CISM designation

Back to top of page

 

Security & Audit Courses

Securing & Auditing Wireless & Mobile Technologies

 

This seminar will focus on the audit and security issues related to the use of Wireless and Mobile Technologies including:

  • Detailed discussion Wireless Network Security Issues
  • Live wireless LAN environment used in class to demonstrate key concepts and security/audit areas /steps
  • Demonstration and discussion of security and audit tools and techniques

Learning Objectives:

  • Understand current mobile security risk and control Issues
  • Understand and identify key risks relating to BYOD (Bring Your Own Device) within the organization
  • Learn about current Mobile Device Management components and controls
  • Discussion of security and audit tools and techniques

Prerequisites: Knowledge and understanding of information security architecture and technology. Previous managerial experience is helpful but not required. This program is designed specifically for information security professionals who have, or aspire to have, information security management responsibilities.

Target Audience:

  • Information security practitioners
  • Information security consultants
  • Information security managers
  • Security professionals, including those aspiring to attain the CISM designation

Back to top of page

 

Securing & Auditing Mobile Technologies

 

This seminar will focus on the audit and security issues related to the use of Mobile Technologies with a specific focus on BYOD.

Learning Objectives:

  • Understand current mobile security risk and control Issues
  • Understand and identify key risks relating to BYOD (Bring Your Own Device) within the organization
  • Learn about current Mobile Device Management components and controls
  • Discussion of security and audit tools and techniques

Prerequisites: Successful completion of Information Security Management. Knowledge and understanding of information security architecture and technology. Previous managerial experience is helpful but not required.

Target Audience:

  • Information security practitioners
  • Information security consultants
  • Information security managers
  • Security professionals, including those aspiring to attain the CISM designation

Back to top of page

 

Windows 8 Security & Audit

 

Understand the Windows 8 Operating System (including mobile versions) from a security and audit perspective, including key difference between Windows XP, Windows 7 and Windows 8 operating systems.

This session will focus on the audit and security issues related to the use of Windows 2008 Server Operating System including:

  • Detailed discussion of Windows 2008 architecture and security components
  • Use of Windows 2008 server operating systems to demonstrate key security features
  • Demonstrations of Windows 2008 security and audit tools
  • Discussion of Windows 2008 Server security features, including default security settings, security hardening steps and use of the Group Policy

This session will focus on the audit and security issues related to the use of Windows 2012 Server Operating System.

Learning Objectives:

  • Understand Windows 8 Security features and mechanisms including Local Security Policy, User Accounts; Action Center; User Access Control, Security Event Logs, Encryption etc.
  • Understand Windows 8 security in context of the organization and related Windows 2012 Server security including use of Group Policy Objects, Client Security Baselines and Network Access Protection
  • Understand and audit Windows Firewall and advanced security features
  • Secure and Audit the Windows 8 operating system environment using security baselines
  • Discussion of Windows 2012 architecture and security components
  • Understand key Windows 2012 Server security features
  • Understand audit issues specific to Windows 2012 operating systems

Prerequisites: None

Target Audience:

  • Information security practitioners
  • Information security consultants
  • Information security managers

Back to top of page

 

Audit & Security of Firewalls

 

This seminar will focus on the audit and security issues related to the use of Virtual Machine environments.

Learning Objectives:

  • Understand VMware Virtual Machine architecture and security components (VMware vSphere)
  • Discuss VMware ESXi and vCenter security and control features
  • Understand audit objectives and checklists for the ESXi and vCenter environments

Prerequisites: None

Target Audience:

  • Information security practitioners
  • Information security consultants
  • Information security managers

Back to top of page

 

Virtualization Security & Audit

 

Firewalls are used in today’s business environments to protect Internet, Extranet, Intranet, VPN and internal network segments. Different types of architectures and technologies can be deployed to provide required levels of security.

Learning Objectives:

This seminar will provide a detailed understanding of an audit approach to assessing an organization’s firewall implementations.

Prerequisites: None

Target Audience:

  • Information security practitioners
  • Information security consultants
  • Information security managers

Back to top of page

 

Cloud Computing Security & Audit

 

This seminar will focus on the audit and security issues related to the use of Virtual Machine environments.

Learning Objectives:

  • Understand Cloud architectures and security & control components
  • Understand Cloud Service Models
  • Understand key risk and control issues with the different Cloud deployment models

Prerequisites: None

Target Audience:

  • Information security practitioners
  • Information security consultants
  • Information security managers

Back to top of page

 

Database Security and Audit

 

The focus of this session will be on the audit, control and security issues related to the use of database management systems in today’s business environments.

  • A specific focus of the session will be security and audit of Oracle 11g; Microsoft SQL Server 2008/2012 and DB2/UDB 9.x environments.
  • Learn practical approaches and techniques for evaluating the implementation of database security and control.
  • Live demonstrations using Oracle; SQL Server and DB2/UDB database environments will reinforce the principles presented.

Prerequisites: None

Target Audience:

  • Information security practitioners
  • Information security consultants
  • Information security managers

Back to top of page

 

Risk Courses

IT Risk Management

The course describes the principles of IT risk management, the responsibilities and accountability for IT risk, how to build up awareness, and how to communicate risk scenarios, business impact and key risk indicators. Included in the course is an explanation of how Risk IT relates to COBIT and an examination of the implementation and operational issues of ISACA’s Risk IT framework.

Learning Objectives:

  • Describe the principles of IT risk management
  • List the components of ISACA’s Risk IT framework
  • Explain how the Risk IT framework relates to COBIT
  • Integrate IT risk management with ERM
  • Maintain an operational risk profile, assess and respond to risk
  • Collect event data, monitor risk and report exposures and opportunities
  • Recognize how the Risk IT framework can help achieve best practices in IT risk management

Prerequisites: None

Back to top of page

 

Risk-Based Approach to IT Infrastructure Security & Control Assessments

 

Key information security governance controls, including a risk-based approach to design, operation and assessment of security and controls are critical to ensuring that an organization’s information assets are adequately protected to prevent compromise.

Learning Objectives:

This session will discuss a risk-based approach to assessment of security and control in the following areas:

  • Understand Configuration Management Controls
  • Learn Security Configuration Standards
  • Build Patch, Change Management and Security Compliance Processes
  • Learn Security Event Monitoring
  • Understand Vulnerability Assessment & Management

Prerequisites: None

Back to top of page

 

COBIT & Governance Courses

COBIT 5 Foundation Course

Delve into the essential components of COBIT 5 to learn how it covers the business end-to-end and helps you effectively govern and manage enterprise IT. Developed for anyone interested in obtaining foundation-level knowledge of COBIT, the course explains the COBIT framework and supporting materials in a logical and example-driven approach.

Learning Objectives:

This session will discuss a risk-based approach to assessment of security and control in the following areas:

  • Learn how IT management issues are affecting organizations
  • Understand the need for an effective framework to govern and manage enterprise IT
  • Explore how COBIT is used with other standards and best practices
  • Understand the functions that COBIT provides and the benefits of using COBIT
  • Learn how to apply COBIT in a practical situation

Prerequisites: There are no mandatory prerequisites; however, work experience in governance, process improvement or IT services is recommended.

Target Audience:

  • IT/IS & Business Management
  • IT /IS Auditors
  • Information Security and IT Practitioners
  • Consultants
  • Anyone wishing to achieve the COBIT 5 Foundation Certification
  • This course is also useful for those who want to gain knowledge of the scope and structure of COBIT 5 or want to improve IT Governance in their or their clients' organizations

Back to top of page

 

COBIT 5 Implementation Course

Get a practical appreciation of how to apply the COBIT 5 Implementation Guide to specific business problems, pain points, trigger events and risk scenarios within the organization. Learn to apply COBIT 5 into your enterprise and to effectively use it for client initiatives. Attendees will walk away with an appreciation of how to effectively use the COBIT 5 continual improvement lifecycle approach for different organizational scenarios.

Learning Objectives:

This session will discuss a risk-based approach to assessment of security and control in the following areas:

  • Effectively analyze enterprise drivers
  • Implementation challenges, their root causes and success factors
  • Learn how to avoid potential implementation pitfalls by leveraging good practices

Prerequisites: Successful Completion of the COBIT 5 Foundation Exam

Target Audience:

  • IT/IS & Business Management
  • IT /IS Auditors
  • Information Security and IT Practitioners
  • Consultants
  • Anyone wishing to achieve the COBIT 5 Foundation Certification
  • This course is also useful for those who want to gain knowledge of the scope and structure of COBIT 5 or want to improve IT Governance in their or their clients' organizations

Back to top of page

 

COBIT 5 Assessor Course

The COBIT 5 Assessor course provides a basis for assessing an enterprise’s process capabilities against the COBIT 5 Process Reference Model (PRM). Evidence-based to enable a reliable, consistent and repeatable way to assess IT process capabilities, this model helps IT leaders gain C-level and board member buy-in for change and improvement initiatives.

Learning Objectives:

  • How to perform a process capability assessment using the Assessor Guide: using COBIT 5
  • How to apply the Process Assessment Model (The PAM) in performing a process capability assessment
  • How to identify and assess the roles and responsibilities in the process capability assessment process

Prerequisites: Successful Completion of the COBIT 5 Foundation Exam

Target Audience:

  • IT/IS & Business Management
  • IT /IS Auditors
  • Information Security and IT Practitioners
  • Consultants
  • Anyone wishing to achieve the COBIT 5 Foundation Certification
  • This course is also useful for those who want to gain knowledge of the scope and structure of COBIT 5 or want to improve IT Governance in their or their clients' organizations

Back to top of page

 

COBIT: Strategies for Implementing IT Governance

This course discusses how COBIT is used to promote effective alignment of IT with business goals in the management of value delivery and risk mitigation. This comprehensive COBIT training program highlights IT issues, governance concepts, risk management and control. The course uses ISACA’s the most current COBIT and Val IT information, as well as supporting components and related tools to provide guidance in implementing an IT governance process.

Learning Objectives:

  • Define successful enterprise governance of IT and IT governance principles, and integrate these principles into enterprise governance of IT
  • Know practical implementation factors and how to sustain IT governance implementation
  • Identify IT issues and the related business impacts
  • Apply the framework(s) in practice, and discuss COBIT’s relationship to other frameworks and standards
  • Create meaningful measures and integrate management feedback in performance measurement frameworks

Prerequisites:

  • Previous IT governance, assurance/audit, security and/or management experience
  • An understanding of the concepts, terminology, approaches, methodologies and techniques to govern the IT environment
  • Managerial experience will be beneficial, but is not required.

Target Audience:

  • Anyone who needs and uses IT in support of their success
  • IT professionals and business managers responsible for organizational information systems and security
  • IT professionals and business managers responsible for implementing Enterprise Governance of IT
  • IT assurance and audit professionals
  • Business and IT professionals
  • Current or aspiring Certified in the Governance of Enterprise IT (CGEIT) holders

Back to top of page

 

Governance of Enterprise IT

This Training Week course will assist in the development of a governance strategy to provide effective processes that can bring and help sustain value, while effectively managing risk to, and in, an organization. This course will help clarify the questions asked within enterprises, and explain the value that governance brings to the enterprise, and the risks that can be encountered if IT governance practices are not implemented. The course will also explain how to sustain governed practices, and the primary issues to be addressed with the change to the existing business philosophy and current IT processes.

Learning Objectives:
  • Value and risk practices necessary for business success
  • Potential tools and capabilities needed to implement enterprise governance
  • Constraints to achieving governance success
  • The need to govern IT as a business resource and measure its success in those terms
  • Measures to validate governance success

Prerequisites:

  • Previous IT governance, assurance/audit, security and/or management experience
  • An understanding of the concepts, terminology, approaches, methodologies and techniques to govern the IT environment
  • Managerial experience will be beneficial, but is not required
Target Audience:
  • IT management looking for more efficient and effective practices to support the business
  • Managers responsible for IT investments
  • Compliance and Information Security professionals
  • Senior IT management looking for more efficient and effective practices in managing resources including IT resources
  • Organizational strategic managers

Back to top of page

 

Using COBIT 5 in IT Assurance and Audit

This training will increase your understanding of the core concepts and the relationship between control, IT assurance and IT governance, as well as the core concepts of an assessment of the effectiveness of controls. The training includes the core concepts of COBIT and how COBIT can be used to conduct IT assurance engagements and support assurance activities. Learn how to link the business and IT goals to support the organization along with documenting and communicating the business impact of control weaknesses.

Learning Objectives:

  • Understand the relationship between IT governance, business and assurance
  • Explore baseline & COBIT concepts and the business goals links to IT goals
  • Learn the IT drivers for assurance
  • Understand business & IT controls in relation to supporting the organization
  • Discuss assurance Initiatives and activities
  • Explore the assurance guide and COBIT support for assurance

Prerequisites: None

Target Audience:
  • New IT auditors
  • Financial and operational auditors seeking a better understanding of IT controls
  • Auditors and accountants needing to understand IT controls for compliance reporting
  • IT professionals seeking to understand assurance and/or assessment processes
  • Those aspiring to attain the CISA designation

Back to top of page

 

Certification Review Courses

CISA Exam Review

The CISA Exam preparation course provides 5 days of comprehensive review of each of the 5 CISA job domains. Facilitators will engage attendees with case studies, scenarios and sample exam questions specific to each domain. Learn specific strategies, techniques and tips for taking and passing the exam.

  Download Course Outline

CISM Exam Review

While information has become more easily accessible and readily available, the associated risks and security threats have not only increased in number, but also complexity. As a result, the importance of ensuring that an enterprise’s information is protected has also increased. It is now more important than ever for executives to ensure that their IT security managers have the expertise needed to reduce risk and protect the enterprise.

Designed specifically for information security professionals who are preparing to sit for the CISM exam, the course focuses on the four content areas of the Certified Information Security Manager (CISM) job practice: information security governance, risk management and compliance, information security program development and management, information security incident management. Sample exam items will be used throughout the course to reinforce content and familiarize attendees with the CISM exam question format.

Download Course Outline

CRISC Exam Review

Designed to assist and enhance the study process, this course will focus on identifying and evaluating entity-specific risk, understanding enterprises business objectives by designing, implementing, monitoring and maintaining risk-based, efficient and effective IS controls. Each of the CRISC job domains will be discussed and attendees will become familiar with the CRISC exam question format.

  Download Course Outline

CGEIT Exam Review

Prepare yourself to pass the demanding ISACA CGEIT exam the first time by investing in an ISACA Exam Review Course. You'll study with an experienced, accredited professional who will break down the exam's Five Domains, conduct mock exams, and provide study preparation materials such as CDs that contain hundreds of sample exam practice questions. Courses vary in length from several weeks to several days (intensive) to fit your needs and schedule.

Download Course Outline

 

Back to top of page

 

Don't See What You Need?

Consult with an ISACA accredited trainer to customize a current course to your enterprise's specific needs. For more information, contact onsitetraining@isaca.org.