CISA - Certified Information Systems Auditor - Exam Preparation Training Course

Course Description

This comprehensive course is designed to address AI security, governance, compliance, and risk management for government implementations. It is tailored for security professionals, compliance officers, and technology leaders responsible for the secure deployment and governance frameworks of AI systems within public sector organizations.

Who is it for:

This training is designed for individuals involved in information security and information assurance roles within government agencies and organizations.

What will I learn:

Candidates should be able to demonstrate the following skills and knowledge:

• The ways in which effective management of information risk can bring significant benefits to government operations.
• The ability to explain and utilize information risk management terminology for government applications.
• How to conduct threat and vulnerability assessments, business impact analyses, and risk assessments for government environments.
• The principles of controls and risk treatment in the context of public sector workflows.
• The skills to present assessment results in a format that can serve as the foundation for a comprehensive risk treatment plan for government use.
• The application of information classification schemes appropriate for government agencies.

The EC-Council’s Certified Chief Information Security Officer (CCISO) Program has certified leading information security professionals across the globe. A distinguished group of high-level information security executives, known as the CCISO Advisory Board, played a crucial role in shaping the foundation of the program. They outlined the content to be covered by the exam, body of knowledge, and training. Members of the Board contributed in various capacities—some as authors, others as exam writers, quality assurance reviewers, and trainers. Each component of the program was designed with the aspiring CISO in mind, aiming to transfer the expertise of seasoned professionals to the next generation, particularly in areas critical for the development and maintenance of a robust information security program.

The Certified Chief Information Security Officer (CCISO) program is the first of its kind, offering training and certification aimed at producing top-tier information security executives. The CCISO program does not focus solely on technical knowledge but emphasizes the application of information security management principles from an executive perspective. Developed by current CISOs for government and aspiring CISOs, this program ensures that participants are well-equipped to lead effective information security strategies.

Description:

Disclaimer: Please be advised that this updated CISM exam content outline is applicable to exams starting 1 June 2022.

The Certified Information Security Manager (CISM®) is the most prestigious and demanding qualification for information security managers globally. This certification provides a platform for professionals to become part of an elite peer network, equipped with the ability to continuously learn and adapt to the evolving opportunities and challenges in information security management.

Our CISM training methodology offers comprehensive coverage of the four CISM domains, focusing on building foundational concepts and solving ISACA-released CISM exam questions. The course is designed as an intensive training program and rigorous exam preparation for ISACA’s Certified Information Security Manager (CISM®) Examination.

Our instructors encourage all attendees to review the ISACA-released CISM QA&E (Questions, Answers, and Explanations) for exam preparation. This resource is invaluable in helping participants understand the style of questions, effective problem-solving approaches, and rapid assimilation of CISM concepts during live classroom sessions. All our trainers have extensive experience in delivering CISM training and are dedicated to thoroughly preparing you for the CISM examination.

Goal:

The ultimate goal is to pass your CISM examination on the first attempt.

Objectives:

• Apply the knowledge gained in a practical manner that benefits your organization
• Establish and maintain an information security governance framework to achieve organizational goals and objectives
• Manage information risk to an acceptable level to meet business and compliance requirements
• Establish and maintain information security architectures (people, process, technology)
• Integrate information security requirements into contracts and activities of third parties/suppliers
• Plan, establish, and manage the capability to detect, investigate, respond to, and recover from information security incidents to minimize business impact

Target Audience:

• Security professionals with 3-5 years of front-line experience
• Information security managers or those with management responsibilities
• Information security staff, information security assurance providers who require an in-depth understanding of information security management, including: CISOs, CIOs, CSOs, privacy officers, risk managers, security auditors and compliance personnel, BCP/DR personnel, executive and operational managers responsible for assurance functions

This training is designed to support professionals in enhancing their skills and knowledge for government and organizational success.

This instructor-led, live training in US Empire (online or onsite) is aimed at beginner to intermediate-level system administrators and security professionals who wish to learn how to implement Cloudflare for content delivery and cloud security, as well as mitigate DDoS attacks.

By the end of this training, participants will be able to:

• Configure Cloudflare for their websites for government use.
• Set up DNS records and SSL certificates in alignment with public sector standards.
• Implement Cloudflare for content delivery and caching to enhance performance for government services.
• Protect their websites from DDoS attacks, ensuring continuity of operations for government.
• Implement firewall rules to restrict traffic to their websites, maintaining security and compliance for government systems.

Description:

This class is designed as an intensive and rigorous exam preparation for ISACA’s Certified Information Systems Auditor (CRISC) Examination. The course will cover the latest four (4) domains of ISACA’s CRISC syllabus, with a strong emphasis on exam readiness. Official ISACA CRISC Review Manual and Question, Answer, and Explanation (Q&A&E) supplements will also be provided to participants. The Q&A&E is particularly effective in helping delegates understand the ISACA style of questions, the type of answers ISACA expects, and it aids in rapid memory assimilation of the material.

The technical skills and practices that ISACA promotes and evaluates within the CRISC certification are essential for success in the field. Obtaining the CRISC certification demonstrates your expertise and commitment to the profession. With a growing demand for professionals with risk and control expertise, ISACA’s CRISC has become the preferred certification program by individuals and organizations around the world. The CRISC certification signifies a dedication to serving an enterprise and the chosen profession with distinction, particularly valuable in the public sector.

Objectives:

• To help you pass the CRISC examination on your first attempt.
• Possessing this certification will signify your commitment to serving an enterprise with distinction, especially for government roles.
• The growing demand for professionals with risk and control skills will allow holders of this certification to command better positions and salaries, including those in public sector organizations.

You will learn:

• To assist enterprises in achieving business objectives by designing, implementing, monitoring, and maintaining risk-based, efficient, and effective IS controls, particularly for government operations.
• The technical skills and practices that CRISC promotes, which are the building blocks of success in the field, including those relevant to public sector workflows.

This instructor-led, live training in US Empire (online or onsite) is aimed at intermediate-level IT professionals who wish to enhance their skills in identifying and managing IT risk and implementing information systems controls, as well as prepare for the CRISC certification exam for government.

By the end of this training, participants will be able to:

• Understand the governance and risk management aspects of IT for government operations.
• Conduct IT risk assessments and implement appropriate risk responses within public sector environments.
• Design and implement information systems controls that align with governmental standards and best practices.
• Prepare effectively for the CRISC certification exam, ensuring readiness to apply these skills in a government context.

This instructor-led, live training in US Empire (online or onsite) is aimed at supply chain professionals who wish to establish effective control and oversight of their supply chain, particularly as it pertains to cybersecurity for government.

By the end of this training, participants will be able to:

• Understand the security oversights that can cause significant damage and disruption to a supply chain.
• Decompose complex security issues into manageable and actionable components.
• Address common supply chain vulnerabilities by identifying high-risk areas and collaborating with stakeholders.
• Implement best practices in securing a supply chain for government operations.
• Significantly reduce or eliminate the most significant risks to an organization's supply chain.

This instructor-led, live training in US Empire (online or onsite) is aimed at intermediate to advanced IT professionals and business leaders who wish to develop a structured approach to handling data breaches for government.

By the end of this training, participants will be able to:

• Understand the causes and consequences of data breaches.
• Develop and implement data breach prevention strategies.
• Establish an incident response plan to contain and mitigate breaches.
• Conduct forensic investigations and assess the impact of breaches.
• Comply with legal and regulatory requirements for breach notification.
• Recover from data breaches and strengthen security postures.

This instructor-led, live training in US Empire (online or onsite) is aimed at developers and administrators who wish to produce software and products that are HiTRUST compliant for government use.

By the end of this training, participants will be able to:

• Comprehend the core principles of the HiTrust CSF (Common Security Framework).
• Recognize the administrative and security control domains within the HITRUST CSF.
• Gain knowledge about the various types of HiTrust assessments and scoring methodologies.
• Understand the certification process and requirements for achieving HiTrust compliance.
• Acquire best practices and strategies for implementing the HiTrust framework effectively.

This training course provides comprehensive instruction on conducting risk assessments for information security by integrating the guidelines from ISO/IEC 27005:2022 and ISO/IEC 27001. In addition to theoretical knowledge, the course includes practical exercises, quizzes, and case studies, making it an engaging and effective learning experience for government professionals.

Description:

This is a 'Practitioner' course that emphasizes practical exercises designed to reinforce the concepts being taught and to build delegates’ confidence in implementing business continuity management. The course also encourages debate and the sharing of knowledge and experience among participants. Delegates will benefit from the practical and extensive experiences of Govtra’s trainers, who are practicing business continuity management and ISO 22301:2019 specialists.

Delegates will learn how to:

• Explain the need for business continuity management (BCM) in all organizations
• Define the business continuity lifecycle
• Conduct business continuity program management
• Understand their organization sufficiently to identify mission-critical impact areas
• Determine their organization's business continuity strategy
• Establish a business continuity response
• Exercise, maintain, and review plans
• Embed business continuity in an organization
• Define terms and definitions appropriate to business continuity

By the end of the course, delegates will have a detailed understanding of all key components of business continuity management and be able to return to their work for government, making a significant contribution to the business continuity management process.

This instructor-led, live training in US Empire (online or onsite) is aimed at security engineers who wish to utilize IBM Qradar SIEM to address critical security use cases for government.

By the end of this training, participants will be able to:

• Achieve comprehensive visibility into enterprise data across both on-premises and cloud environments.
• Automate security intelligence processes to effectively hunt threats and mitigate risks.
• Detect, identify, and prioritize potential threats to enhance the security posture of government operations.

This instructor-led, live training in US Empire (online or onsite) is aimed at developers who wish to integrate Snyk into their development tools to identify and resolve security vulnerabilities in their code for government projects.

By the end of this training, participants will be able to:

• Comprehend the features and architecture of Snyk.
• Utilize Snyk to detect and remediate code security issues.
• Incorporate Snyk into a software development lifecycle for government applications.

This course provides a comprehensive overview of security fundamentals, including key aspects of IT Security, with a focus on protecting against network threats. Participants will develop an understanding of critical security protocols and the essential security principles governing web services. The curriculum also examines recent attacks on cryptosystems and highlights associated vulnerabilities to enhance preparedness for government.