ISACA Accredited Training - ISACA
ISACA Accredited Training for CISM, CISA, IS-CRISC, IS-CGEIT & More
ISACA Training Overview
ISACA Certified Training Courses
Prove that you have the skills and knowledge to manage information system risk and governance issues with an ISACA certification. Recognised worldwide, ISACA certification may be the key to unlock opportunities to advance your career.
Join the ranks of the global security professionals who are members of ISACA and leverage their wealth of knowledge and experience to stand out from the crowd and deliver superior value to global organisations and institutions.
Jumping Bean - Accredited ISACA Training Partner
Get your CISA and CISM training from an accredited training partner. Jumping Bean has been delivering training for over 10 years. Our instructors bring a wealth of knowledge and hands-on experience to the class. Get accredited training and get certified!
ISACA Courses Offered:We are constantly expanding the range of courses that we offer. If you don't find the ISACA course you are looking for here, please do not hesitate to contact us and we will gladly look at expanding the range of courses offered.
CISA & CRISC Certification
The Certified Information System Auditor (CISA) certification is aimed at auditors and those involved in information system assurance and control.
This certification proves you have the knowledge and skill to protect information assets, plan and perform information system audits, assess information system development and acquisition, and evaluate the management and governance of IT. it also reflects you have an understanding of how IT relates to business and business objectives.
Certified Information System Auditor (CISA) Course Outline
Domain 1—Information Systems Auditing Process - (21%)
- IS Audit Standards, Guidelines, and Codes of Ethics
- Business Processes
- Types of Controls
- Risk-Based Audit Planning
- Types of Audits and Assessments
- Audit Project Management
- Sampling Methodology
- Audit Evidence Collection Techniques
- Data Analytics
- Reporting and Communication Techniques
Domain 2—Governance and Management of IT - (17%)
- A. IT Governance
- IT Governance and IT Strategy
- IT-Related Frameworks
- IT Standards, Policies, and Procedures
- Organizational Structure
- Enterprise Architecture
- Enterprise Risk Management
- Maturity Models
- Laws, Regulations, and Industry Standards affecting the Organization
- B. IT Management
- IT Resource Management
- IT Service Provider Acquisition and Management
- IT Performance Monitoring and Reporting
- Quality Assurance and Quality Management of IT
Domain 3—Information Systems Acquisition, Development, and Implementation - (12%)
- A. Information Systems Acquisition and Development
- Project Governance and Management
- Business Case and Feasibility Analysis
- System Development Methodologies
- Control Identification and Design
- B. Information Systems Implementation
- Testing Methodologies
- Configuration and Release Management
- System Migration, Infrastructure Deployment, and Data Conversion
- Post-implementation Review
Domain 4—Information Systems Operations and Business Resilience - (23%)
- A. Information Systems Operations
- Common Technology Components
- IT Asset Management
- Job Scheduling and Production Process Automation
- System Interfaces
- End-User Computing
- Data Governance
- Systems Performance Management
- Problem and Incident Management
- Change, Configuration, Release, and Patch Management
- IT Service Level Management
- Database Management
- B. Business Resilience
- Business Impact Analysis (BIA)
- System Resiliency
- Data Backup, Storage, and Restoration
- Business Continuity Plan (BCP)
- Disaster Recovery Plans (DRP)
Domain 5—Protection of Information Assets - (27%)
- A. Information Asset Security and Control
- Information Asset Security Frameworks, Standards, and Guidelines
- Privacy Principles
- Physical Access and Environmental Controls
- Identity and Access Management
- Network and End-Point Security
- Data Classification
- Data Encryption and Encryption-Related Techniques
- Public Key Infrastructure (PKI)
- Web-Based Communication Techniques
- Virtualised Environments
- Mobile, Wireless, and Internet-of-Things (IoT) Devices
- B. Security Event Management
- Security Awareness Training and Programs
- Information System Attack Methods and Techniques
- Security Testing Tools and Techniques
- Security Monitoring Tools and Techniques
- Incident Response Management
- Evidence Collection and Forensics
The Certified in Risk and Information Systems Control certificate shows that the certificate holder has expertise in identifying and managing enterprise IT risk and implementing and maintaining information systems controls.
The certification focuses on risk identification, risk assessment, risk response, and risk reporting.
Certified in Risk & Information Systems Control (CRISC) Course Outline
Domain 1—IT Risk Identification - (27%)
- Collect and review information, including existing documentation, regarding the organization’s internal and external business and IT environments to identify potential or realized impacts of IT risk to the organization’s business objectives and operations.
- Identify potential threats and vulnerabilities to the organization’s people, processes, and technology to enable IT risk analysis.
- Develop a comprehensive set of IT risk scenarios based on available information to determine the potential impact on business objectives and operations.
- Identify key stakeholders for IT risk scenarios to help establish accountability.
- Establish an IT risk register to help ensure that identified IT risk scenarios are accounted for and incorporated into the enterprise-wide risk profile.
- Identify risk appetite and tolerance defined by senior leadership and key stakeholders to ensure alignment with business objectives.
- Collaborate in the development of a risk awareness program, and conduct training to ensure that stakeholders understand risk and to promote a risk-aware culture.
Domain 2—IT Risk Assessment - (28%)
- Analyze risk scenarios based on organizational criteria (e.g., organizational structure, policies, standards, technology, architecture, controls) to determine the likelihood and impact of an identified risk.
- Identify the current state of existing controls and evaluate their effectiveness for IT risk mitigation.
- Review the results of risk and control analysis to assess any gaps between current and desired states of the IT risk environment.
- Ensure that risk ownership is assigned at the appropriate level to establish clear lines of accountability.
- Communicate the results of risk assessments to senior management and appropriate stakeholders to enable risk-based decision making.
- Update the risk register with the results of the risk assessment.
Domain 3—Risk Response Mitigation - (23%)
- Consult with risk owners to select and align recommended risk responses with business objectives and enable informed risk decisions.
- Consult with, or assist, risk owners on the development of risk action plans to ensure that plans include key elements (e.g., response, cost, target date).
- Consult on the design and implementation or adjustment of mitigating controls to ensure that the risk is managed to an acceptable level.
- Ensure that control ownership is assigned to establish clear lines of accountability.
- Assist control owners in developing control procedures and documentation to enable efficient and effective control execution.
- Update the risk register to reflect changes in risk and management’s risk response.
- Validate that risk responses have been executed according to the risk action plans.
Domain 4—Risk and Control Monitoring and Reporting - (22%)
- Define and establish key risk indicators (KRIs) and thresholds based on available data, to enable monitoring of changes in risk.
- Monitor and analyze key risk indicators (KRIs) to identify changes or trends in the IT risk profile.
- Report on changes or trends related to the IT risk profile to assist management and relevant stakeholders in decision making.
- Facilitate the identification of metrics and key performance indicators (KPIs) to enable the measurement of control performance.
- Monitor and analyze key performance indicators (KPIs) to identify changes or trends related to the control environment and determine the efficiency and effectiveness of controls.
- Review the results of control assessments to determine the effectiveness of the control environment.
- Report on the performance of, changes to, or trends in the overall risk profile and control environment to relevant stakeholders to enable decision making.
CISM stands for Certified Information Security Manger. This ISACA certification is aimed at those involved in information security governance, program development and management, incident management and risk management.
The certification proves to employers that you understand how information system security must support business objectives and processes and enable the orginisation to achieve its goals whilst understanding and accepting its risk profile.
Certified Information Security Manager (CISM) Course Outline
Domain 1—Information Security Governance - (24%)
- Establish and/or maintain an information security strategy in alignment with organizational goals and objectives to guide the establishment and/or ongoing management of the information security program.
- Establish and/or maintain an information security governance framework to guide activities that support the information security strategy.
- Integrate information security governance into corporate governance to ensure that organizational goals and objectives are supported by the information security program.
- Establish and maintain information security policies to guide the development of standards, procedures and guidelines in alignment with enterprise goals and objectives.
- Develop business cases to support investments in information security.
- Identify internal and external influences to the organization (e.g., emerging technologies, social media, business environment, risk tolerance, regulatory requirements, third-party considerations, threat landscape) to ensure that these factors are continually addressed by the information security strategy.
- Gain ongoing commitment from senior leadership and other stakeholders to support the successful implementation of the information security strategy.
- Define, communicate, and monitor information security responsibilities throughout the organization (e.g., data owners, data custodians, end-users, privileged or high-risk users) and lines of authority.
- Establish, monitor, evaluate and report key information security metrics to provide management with accurate and meaningful information regarding the effectiveness of the information security strategy.
Domain 2—Information Risk Management - (30%)
- Establish and/or maintain a process for information asset classification to ensure that measures taken to protect assets are proportional to their business value.
- Identify legal, regulatory, organizational and other applicable requirements to manage the risk of noncompliance to acceptable levels.
- Ensure that risk assessments, vulnerability assessments and threat analyses are conducted consistently, at appropriate times, and to identify and assess risk to the organization’s information.
- Identify, recommend or implement appropriate risk treatment/response options to manage risk to acceptable levels based on organizational risk appetite.
- Determine whether information security controls are appropriate and effectively manage risk to an acceptable level.
- Facilitate the integration of information risk management into business and IT processes (e.g., systems development, procurement, project management) to enable a consistent and comprehensive information risk management program across the organization.
- Monitor for internal and external factors (e.g., key risk indicators [KRIs], threat landscape, geopolitical, regulatory change) that may require reassessment of risk to ensure that changes to existing, or new, risk scenarios are identified and managed appropriately.
- Report noncompliance and other changes in information risk to facilitate the risk management decision-making process.
- Ensure that information security risk is reported to senior management to support an understanding of potential impact on the organizational goals and objectives.
- Establish and/or maintain the information security program in alignment with the information security strategy.
- Align the information security program with the operational objectives of other business functions (e.g., human resources [HR], accounting, procurement and IT) to ensure that the information security program adds value to and protects the business.
- Identify, acquire and manage requirements for internal and external resources to execute the information security program.
- Establish and maintain information security processes and resources (including people and technologies) to execute the information security program in alignment with the organization’s business goals.
- Establish, communicate and maintain organizational information security standards, guidelines, procedures and other documentation to guide and enforce compliance with information security policies.
- Establish, promote and maintain a program for information security awareness and training to foster an effective security culture.
- Integrate information security requirements into organizational processes (e.g., change control, mergers and acquisitions, system development, business continuity, disaster recovery) to maintain the organization’s security strategy.
- Integrate information security requirements into contracts and activities of third parties (e.g., joint ventures, outsourced providers, business partners, customers) and monitor adherence to established requirements in order to maintain the organization’s security strategy.
- Establish, monitor and analyze program management and operational metrics to evaluate the effectiveness and efficiency of the information security program.
- Compile and present reports to key stakeholders on the activities, trends and overall effectiveness of the IS program and the underlying business processes in order to communicate security performance.
Domain 4— Information Security Incident Management - (19%)
- Establish and maintain an organizational definition of, and severity hierarchy for, information security incidents to allow accurate classification and categorization of and response to incidents.
- Establish and maintain an incident response plan to ensure an effective and timely response to information security incidents.
- Develop and implement processes to ensure the timely identification of information security incidents that could impact the business.
- Establish and maintain processes to investigate and document information security incidents in order to determine the appropriate response and cause while adhering to legal, regulatory and organizational requirements.
- Establish and maintain incident notification and escalation processes to ensure that the appropriate stakeholders are involved in incident response management.
- Organize, train and equip incident response teams to respond to information security incidents in an effective and timely manner.
- Test, review and revise (as applicable) the incident response plan periodically to ensure an effective response to information security incidents and to improve response capabilities.
- Establish and maintain communication plans and processes to manage communication with internal and external entities.
- Conduct post-incident reviews to determine the root cause of information security incidents, develop corrective actions, reassess risk, evaluate response effectiveness and take appropriate remedial actions.
- Establish and maintain integration among the incident response plan, business continuity plan and disaster recovery plan.
CS-XP & CG-EIT Certification
Cybersecurity Practitioner Certification (CSX-P) demonstrates one’s ability to perform cybersecurity techniques and tactics spanning five security functions based on the NIST Cybersecurity Framework. These 5 security functions are:
- Respond and
Cybersecurity Practitioner Certification (CSXP) Course Objectives
- Business and Security Environment
- Business Environment
- Digital Infrastructure
- Enterprise Architecture
- Data and Digital Communication
- Security Environment
- Operating Systems
- Virtualization and Cloud
- Business Environment
- Operational Security Readiness (PR)
- Digital and Data Assets
- Ports and Protocols
- Protection Technologies
- Identity and Access Management
- Configuration Management
- Threat Modeling
- Contingency Planning
- Security Procedures
- Threat Detection and Evaluation (DE)
- Vulnerability Management
- Security Logs and Alerts
- Monitoring Tools and Appliances
- Use Cases
- Penetration Testing
- Network Traffic Analysis
- Packet Capture and Analysis
- Data Analysis
- Research and Correlation
- Incident Response and Recovery (RS&RC)
- Incident Handling
- Notifications and Escalation
- Digital Forensics
- Attack Countermeasures
- Corrective Actions
- Security Functions Validation
- Incident Analysis and Reporting
- Lessons Learned and Process Improvement
- Incident Handling
The Certified in the Governance of Enterprise IT certification(CG-EIT) from ISACA is framework agnostic and aimed at individuals.
It focuses on governance of IT, optimisation of risk, and benefits realisation. The new versions places greater emphasis on information governance and big data as well as privacy and data management. There is also a greater weight place on managing emerging technologies.
Certified in the Governance of Enterprise IT (CG-EIT) Course Outline
Domain 1: Governance of Enterprise IT (40%)
- Governance Framework
- Components of a Governance Framework
- Organizational Structures, Roles, and Responsibilities
- Strategy Development
- Legal and Regulatory Compliance
- Organizational Culture
- Business Ethics
- Technology Governance
- Governance Strategy Alignment with Enterprise Objectives
- Strategic Planning Process
- Stakeholder Analysis and Engagement
- Communication and Awareness Strategy
- Enterprise Architecture
- Policies and Standards
- Information Governance
- Information Architecture
- Information Asset Lifecycle
- Information Ownership and Stewardship
- Information Classification and Handling
Domain 2: IT Resources (15%)
- IT Resource Planning
- Sourcing Strategies
- Resource Capacity Planning
- Acquisition of Resources
- IT Resource Optimization
- IT Resource Lifecycle and Asset Management
- Human Resource Competency Assessment and Development
- Management of Contracted Services and Relationships
Domain 3: Benefits Realization (26%)
- IT Performance and Oversight
- Performance Management
- Change Management
- Governance Monitoring
- Governance Reporting
- Quality Assurance
- Process Development and Improvement
- Management of IT-Enabled Investments
- Business Case Development and Evaluation
- IT Investment Management and Reporting
- Performance Metrics
- Benefit Evaluation Methods
Domain 4: Risk Optimization (19%)
- Risk Strategy
- Risk Frameworks and Standards
- Enterprise Risk Management
- Risk Appetite and Risk Tolerance
- Risk Management
- IT-Enabled Capabilities, Processes, and Services
- Business Risk, Exposures, and Threats
- Risk Management Lifecycle
- Risk Assessment Methods
Jumping Bean Contact Form!