ISACA Certified Training Courses

Prove that you have the skills and knowledge to manage information system risk and governance issues with an ISACA certification. Recognised worldwide, ISACA certification may be the key to unlocking opportunities to advance your career. There is a growing demand for professional information security governance skills across the globe and in South Africa. Turbo-charge your career with an ISACA qualification. Join the ranks of the global security professionals who are members of ISACA and leverage their wealth of knowledge and experience to stand out from the crowd and deliver superior value to global organisations and institutions.


Jumping Bean - Accredited ISACA Training Partner

Get your CISA and CISM training from an accredited training partner. Jumping Bean has been delivering training for over 10 years. Our instructors bring a wealth of knowledge and hands-on experience to the class. Get accredited training and get certified!

ISACA Courses Offered:

We are constantly expanding the range of courses that we offer. If you don't find the ISACA course you are looking for here, please do not hesitate to contact us and we will gladly look at expanding the range of courses offered.

CISM Certification Course

The Certified Information Security Manager (CISM) designation from ISACA is for cybersecurity professionals involved in information security governance, program development and management, incident management and risk management.

The certification proves that you understand how information system security supports business objectives and processes and enables the organisation to achieve its goals whilst understanding and accepting its risk profile. Learn how to develop and implement an information security and governance programme that identifies and manages risks to critical information systems.

Certified Information Security Manager (CISM) Course Outline

Domain 1—Information Security Governance - (24%)

  • Establish and/or maintain an information security strategy in alignment with organizational goals and objectives to guide the establishment and/or ongoing management of the information security program.
  • Establish and/or maintain an information security governance framework to guide activities that support the information security strategy.
  • Integrate information security governance into corporate governance to ensure that organizational goals and objectives are supported by the information security program.
  • Establish and maintain information security policies to guide the development of standards, procedures and guidelines in alignment with enterprise goals and objectives.
  • Develop business cases to support investments in information security.
  • Identify internal and external influences on the organization (e.g., emerging technologies, social media, business environment, risk tolerance, regulatory requirements, third-party considerations, threat landscape) to ensure that these factors are continually addressed by the information security strategy.
  •  Gain ongoing commitment from senior leadership and other stakeholders to support the successful implementation of the information security strategy.
  • Define, communicate, and monitor information security responsibilities throughout the organization (e.g., data owners, data custodians, end-users, privileged or high-risk users) and lines of authority.
  • Establish, monitor, evaluate and report key information security metrics to provide management with accurate and meaningful information regarding the effectiveness of the information security strategy.​​

Domain 2—Information Risk Management - (30%)

  • Establish and/or maintain a process for information asset classification to ensure that measures taken to protect assets are proportional to their business value.
  • Identify legal, regulatory, organizational and other applicable requirements to manage the risk of noncompliance to acceptable levels.
  • Ensure that risk assessments, vulnerability assessments and threat analyses are conducted consistently, at appropriate times, and to identify and assess risk to the organization’s information.
  • Identify, recommend or implement appropriate risk treatment/response options to manage risk to acceptable levels based on organizational risk appetite.
  • Determine whether information security controls are appropriate and effectively manage risk to an acceptable level.
  • Facilitate the integration of information risk management into business and IT processes (e.g., systems development, procurement, project management) to enable a consistent and comprehensive information risk management program across the organization.
  • Monitor for internal and external factors (e.g., key risk indicators [KRIs], threat landscape, geopolitical, regulatory change) that may require a reassessment of risk to ensure that changes to existing, or new, risk scenarios are identified and managed appropriately.
  • Report noncompliance and other changes in information risk to facilitate the risk management decision-making process.
  • Ensure that information security risk is reported to senior management to support an understanding of the potential impact on the organizational goals and objectives.
Domain 3—Information Security Program Development and Management - (27%)
  • Establish and/or maintain the information security program in alignment with the information security strategy.
  • Align the information security program with the operational objectives of other business functions (e.g., human resources [HR], accounting, procurement and IT) to ensure that the information security program adds value to and protects the business.
  • Identify, acquire and manage requirements for internal and external resources to execute the information security program.
  • Establish and maintain information security processes and resources (including people and technologies) to execute the information security program in alignment with the organization’s business goals.
  • Establish, communicate and maintain organizational information security standards, guidelines, procedures and other documentation to guide and enforce compliance with information security policies.
  • Establish, promote and maintain a program for information security awareness and training to foster an effective security culture.
  • Integrate information security requirements into organizational processes (e.g., change control, mergers and acquisitions, system development, business continuity, disaster recovery) to maintain the organization’s security strategy.
  • Integrate information security requirements into contracts and activities of third parties (e.g., joint ventures, outsourced providers, business partners, customers) and monitor adherence to established requirements in order to maintain the organization’s security strategy.
  • Establish, monitor and analyze program management and operational metrics to evaluate the effectiveness and efficiency of the information security program.
  • Compile and present reports to key stakeholders on the activities, trends and overall effectiveness of the IS program and the underlying business processes in order to communicate security performance.

Domain 4— Information Security Incident Management - (19%)

  • Establish and maintain an organizational definition of, and severity hierarchy for, information security incidents to allow accurate classification and categorization of and response to incidents.
  • Establish and maintain an incident response plan to ensure an effective and timely response to information security incidents.
  • Develop and implement processes to ensure the timely identification of information security incidents that could impact the business.
  • Establish and maintain processes to investigate and document information security incidents in order to determine the appropriate response and cause while adhering to legal, regulatory and organizational requirements.
  • Establish and maintain incident notification and escalation processes to ensure that the appropriate stakeholders are involved in incident response management.
  • Organize, train and equip incident response teams to respond to information security incidents in an effective and timely manner.
  • Test, review and revise (as applicable) the incident response plan periodically to ensure an effective response to information security incidents and to improve response capabilities.
  • Establish and maintain communication plans and processes to manage communication with internal and external entities.
  • Conduct post-incident reviews to determine the root cause of information security incidents, develop corrective actions, reassess risk, evaluate response effectiveness and take appropriate remedial actions.
  • Establish and maintain integration among the incident response plan, business continuity plan and disaster recovery plan.

CISA Certification Course

The Certified Information System Auditor (CISA) certification is aimed at auditors and those involved in information system assurance and control. This certification proves you have the knowledge and skill to protect information assets, plan and perform information system audits, assess information system development and acquisition, and evaluate the management and governance of IT. It also reflects you have an understanding of how IT relates to business and business objectives.

Certified Information System Auditor (CISA) Course Outline

Domain 1—Information Systems Auditing Process - (21%)

  •  A.Planning
    • IS Audit Standards, Guidelines, and Codes of Ethics
    • Business Processes
    • Types of Controls
    • Risk-Based Audit Planning
    • Types of Audits and Assessments
  • B.Execution
    • Audit Project Management
    • Sampling Methodology
    • Audit Evidence Collection Techniques
    • Data Analytics
    • Reporting and Communication Techniques

Domain 2—Governance and Management of IT - (17%)

  • A. IT Governance
    • IT Governance and IT Strategy
    • IT-Related Frameworks
    • IT Standards, Policies, and Procedures
    • Organizational Structure
    • Enterprise Architecture
    • Enterprise Risk Management
    • Maturity Models
    • Laws, Regulations, and Industry Standards affecting the Organization
  • B. IT Management
    • IT Resource Management
    • IT Service Provider Acquisition and Management
    • IT Performance Monitoring and Reporting
    • Quality Assurance and Quality Management of IT

Domain 3—Information Systems Acquisition, Development, and Implementation - (12%)

  • A. Information Systems Acquisition and Development
    • Project Governance and Management
    • Business Case and Feasibility Analysis
    • System Development Methodologies
    • Control Identification and Design
  • B. Information Systems Implementation
    • Testing Methodologies
    • Configuration and Release Management
    • System Migration, Infrastructure Deployment, and Data Conversion
    • Post-implementation Review

Domain 4—Information  Systems Operations and Business Resilience - (23%)

  • A. Information Systems Operations
    • Common Technology Components
    • IT Asset Management
    • Job Scheduling and Production Process Automation
    • System Interfaces
    • End-User Computing
    • Data Governance
    • Systems Performance Management
    • Problem and Incident Management
    • Change, Configuration, Release, and Patch Management
    • IT Service Level Management
    • Database Management
  • B. Business Resilience
    • Business Impact Analysis (BIA)
    • System Resiliency
    • Data Backup, Storage, and Restoration
    • Business Continuity Plan (BCP)
    • Disaster Recovery Plans (DRP)

Domain 5—Protection of Information Assets - (27%)

  • A. Information Asset Security and Control
    • Information Asset Security Frameworks, Standards, and Guidelines
    • Privacy Principles
    • Physical Access and Environmental Controls
    • Identity and Access Management
    • Network and End-Point Security
    • Data Classification
    • Data Encryption and Encryption-Related Techniques
    • Public Key Infrastructure (PKI)
    • Web-Based Communication Techniques
    • Virtualised Environments
    • Mobile, Wireless, and Internet-of-Things (IoT) Devices
  • B. Security Event Management
    • Security Awareness Training and Programs
    • Information System Attack Methods and Techniques
    • Security Testing Tools and Techniques
    • Security Monitoring Tools and Techniques
    • Incident Response Management
    • Evidence Collection and Forensics
isaca cisa log

Our Clients

Absa Bank Dimension Data Teraco Discovery Health South African Revenue Service First National Bank Allan Grey multichoice CSIR Standard Bank University of Johannesburg MTN Mr Price

CGEIT Certification Course

The Certified in the Governance of Enterprise IT certification(CGEIT) from ISACA is framework agnostic and aimed at individuals.CGEIT is growing rapidly in popularity in South Africa and the world. The qualification focuses on the governance of IT, optimisation of risk, and benefits realisation. The new versions place greater emphasis on information governance and big data as well as privacy and data management. There is also a greater weight placed on managing emerging technologies.

Certified in the Governance  of Enterprise IT (CGEIT) Course Outline

Domain 1: Governance of Enterprise IT (40%)

  • Governance Framework
    • Components of a Governance Framework
    • Organizational Structures, Roles, and Responsibilities
    • Strategy Development
    • Legal and Regulatory Compliance
    • Organizational Culture
    • Business Ethics
  • Technology Governance
    • Governance Strategy Alignment with Enterprise Objectives
    • Strategic Planning Process
    • Stakeholder Analysis and Engagement
    • Communication and Awareness Strategy
    • Enterprise Architecture
    • Policies and Standards
  • Information Governance
    • Information Architecture
    • Information Asset Lifecycle
    • Information Ownership and Stewardship
    • Information Classification and Handling

Domain 2: IT Resources (15%)

  • IT Resource Planning
    • Sourcing Strategies
    • Resource Capacity Planning
    • Acquisition of Resources
  • IT Resource Optimization
    • IT Resource Lifecycle and Asset Management
    • Human Resource Competency Assessment and Development
    • Management of Contracted Services and Relationships​

Domain 3: Benefits Realization (26%)

  • IT Performance and Oversight
    • Performance Management
    • Change Management
    • Governance Monitoring
    • Governance Reporting
    • Quality Assurance
    • Process Development and Improvement
  • Management of IT-Enabled Investments
    •  Business Case Development and Evaluation
    •  IT Investment Management and Reporting
    •  Performance Metrics
    •  Benefit Evaluation Methods

Domain 4: Risk Optimization (19%)

  •  Risk Strategy
    •  Risk Frameworks and Standards
    •  Enterprise Risk Management
    •  Risk Appetite and Risk Tolerance
  •  Risk Management
    •  IT-Enabled Capabilities, Processes, and Services
    •  Business Risk, Exposures, and Threats
    •  Risk Management Lifecycle
    •  Risk Assessment Methods


Contact Us

Please contact us for any queries via phone or our contact us form. We will be happy to answer your questions!

3 Appian Place,373 Kent Ave

2194 South Africa
Tel: +2711-781 8014

Contact Form

Jumping Bean Contact Form!

Contact Form