• No products in the basket.

Information Systems Auditor

0( 0 REVIEWS )


As one of the most high-demand and popular IT certifications, the Information Systems Auditor course offers learners hands-on training with relevant, up to date and concise knowledge and skills on IT auditing, control and security.  It is a comprehensive course with learners gaining knowledge in IT governance to pass the CISA exam. Enhance your career as the CISA is of a world renowned standard in auditing and control of information technology and business systems. Data has been getting compromised for years. What you need to do is to be careful with sensitive data and learn how to protect it. The course will teach you just that.

The Information Systems Auditor course will enable learners to showcase their audit experience, knowledge and skills and demonstrate that they are competent to assess vulnerabilities, report on institute controls and compliance within an organisation.

The Information Systems Auditor course will help learners advance in their career and gain employment opportunities in mid-level managerial positions. The course is internationally recognised and accredited to a training organisation and you will be issued an internationally recognised qualification following full completion of Information Systems Auditor course.

Why consider 1Training?

As improvements and advancements are made in technology, online courses are no longer just conventional means of studying at affordable costs. In many aspects online training offers superiority to traditional learning. There is an effectiveness and convenience that traditional learning cannot provide. The overall convenience and flexibility makes it a superior learning method.

1Training offers the most convenient path to gain an internationally recognised qualification that will give you the opportunity to put into practice your skill and expertise in an enterprise or corporate environment. You can study at your own pace at 1Training and you will be provided with all the necessary material, tutorials, qualified course instructor and multiple free resources which include Free CV writing pack, Nus Discounted Card, Free career support and course demo to make your learning experience enriching and more rewarding.

Learning Outcomes

  • Learn about the IT audit process.
  • Understand infrastructure lifecycle management.
  • Learn about IT service delivery and support.
  • Learn about IT governance.
  • Understand business continuity and disaster recovery.

Course Titles

  • Module 01: The Process of Auditing Information Systems
  • Module 02: Governance and Management of IT
  • Module 03: Information Systems Acquisition, Development and Implementation
  • Module 04: Information Systems Operations, Maintenance and Support
  • Module 05: Protection of Information Assets

Access Duration

The course will be directly delivered to you, and you have 12 months access to the online learning platform from the date you joined the course.  The course is self-paced and you can complete it in stages, revisiting the lectures at anytime.

Who is this Course aimed at?

  • The course is aimed at IT Security Managers and IT Consultants
  • Network Administrators.
  • Systems Administrators.
  • Network Security Engineers.
  • IT Audit and IT Security professionals.

Entry Requirements

  • This is an advanced course which requires learners to have 3-5 years of practical experience and an understanding of concepts and knowledge of IT security.
  • An understanding of network fundamentals.
  • Systems administration experience.
  • Understanding of Linux, Unix and Windows operating system.

Method of Assessment

At the end of the Information Systems Auditor course you will be required to take a multiple choice question assessment test. The multiple choice question assessment will be automatically marked with learners receiving an instant grade.

If it is an official exam you will have to purchase it separately on the relevant website.


Those who successfully complete the exam will be awarded the certificate in Information Systems Auditor Training.

Awarding Body

The certificate will be awarded by National Initiative for Cybersecurity Careers and Studies (NICCS). This internationally recognised qualification will make your CV standout and encourage employers to see your motivation at expanding your skills and knowledge in the IT enterprise.

Progression and Career Path

Once you successfully complete Information Systems Auditor course you will be qualified to work in the following positions. The Information Systems Auditor qualification will also put you in line to demand a higher salary or job promotion. The average UK salary per annum according to is given below.

  • IT Consultant – £38,976 per annum
  • Information Security Manager – £51,234 per annum
  • Information Security Analyst – £34,906 per annum
  • IT Security Officer £37,738 – per annum
  • Network Administrator £25,250 – per annum
  • Systems Administrator £25,422 – per annum

Other Benefits

  • Written and designed by the industry’s finest expert instructors with over 15 years of experience
  • Repeat and rewind all your lectures and enjoy a personalised learning experience
  • Gain access to quality video tutorials
  • Unlimited 12 months access from anywhere, anytime
  • Save time and money on travel
  • Learn at your convenience and leisure
  • Quizzes, tests mock exams, practice exams to ensure you are 100% ready
  • Eligible for a NUS discount card
  • Free Career Support Service
  • 25% Discount on personal Statement and covering letter writing service
  • Free Access to Over 150 courses for 2 days (48 hours)

Key Features

Gain an accredited UK qualification

Access to excellent quality study materials

Learners will be eligible for TOTUM Discount Card

Personalized learning experience

One year’s access to the course

Support by phone, live chat, and email

Course Curriculum Total Units : 392
➤ Module 01 - The Process of Auditing Information Systems
Course Introduction
1.0 Lesson 1: Management of the Audit Function
1.1 Organization of the IS Audit Function
1.2 IS Audit Resource Management
1.3 Audit Planning
1.4 Effect of Laws and Regulations on IS Audit Planning
2.0 Lesson 2: ISACA IT Audit and Assurance Standards and Guidelines
2.1 ISACA IT Audit and Assurance Standards and Guidelines
2.2 ISACA IT Audit and Assurance Standards Framework
2.3 Auditing Standards
2.4 Audit Guidelines
2.5 Audit and Assurance Tools and Techniques
2.6 Relationship Among Standards, Guidelines, and Tools and Techniques
2.7 Information Technology Assurance Framework
2.8 Information Technology Assurance Framework Components
2.9 ITAF General Standards (Section 2200)
2.10 ITAF Performance Standards (Section 2400)
2.11 Reporting Standards (Section 2600)
2.12 IT Assurance Guidelines (Section 3000)
3.0 Lesson 3: Risk Analysis
3.1 Risk Analysis
4.0 Lesson 4: Internal Controls
4.1 Internal Control Objectives
4.2 IS Control Objectives
4.4 General Controls
4.5 IS Controls
5.0 Lesson 5: Performing an IS Audit
5.1 Performing an IS Audit
5.2 Classification of Audits
5.3 Audit Programs
5.4 Audit Methodology
5.5 Fraud Detection
5.6 Risk-Based Auditing
5.7 Audit Risk and Materiality
5.8 Risk Assessment and Treatment
5.9 Risk Assessment Techniques
5.10 Audit Objectives
5.11 Compliance Versus Substantive Testing
5.12 Evidence
5.13 Interviewing and Observing Personnel in the Performance of Their Duties
5.14 Sampling
5.15 Using the Services of Other Auditors and Experts
5.16 Computer-Assisted Audit Techniques (CAAT)
5.17 Evaluation of Audit Strengths and Weaknesses
5.18 Communicating Audit Results
5.19 Management Implementation of Recommendations
5.20 Audit Documentation
6.0 Lesson 6: Control Self-Assessment
6.1 Objectives of CSA
6.2 Benefits of CSA
6.3 Disadvantages of CSA
6.4 Auditor Role in CSA
6.5 Technology Drivers for CSA
6.6 Traditional Versus CSA Approach
7.0 Lesson 7: The Evolving IS Audit Process
7.1 Automated Work Papers
7.2 Integrated Auditing
7.3 Continuous Auditing
7.4 Module 01 Review
➤ Module 02 - Governance and Management of IT
1.0 Lesson 1: Corporate Governance
1.1 Corporate Governance
2.0 Lesson 2: IT Governance
2.1 IT Governance
3.0 Lesson 3: IT Monitoring and Assurance Practices for Board and Senior Management
3.1 IT Monitoring and Assurance Practices for Board and Senior Management
3.2 Best Practices for IT Governance
3.3 IT Governance Frameworks
3.4 Audit Role in IT Governance
3.5 IT Strategy Committee
3.6 IT Balanced Scorecard
3.7 Information Security Governance
3.8 Importance of Information Security Governance
3.9 Outcomes of Security Governance
3.10 Effective Information Security Governance
3.11 Roles and Responsibilities of Senior Management and Board of Directors
3.12 Enterprise Architecture
4.0 Lesson 4: Information Systems Strategy
4.1 Strategic Planning
4.2 Steering Committee
5.0 Lesson 5: Maturity and Process Improvement Models
5.1 Maturity and Process Improvement Models
6.0 Lesson 6: IT Investment and Allocation Practices
6.1 IT Investment and Allocation Practices
6.2 Implement IT Portfolio Management
6.3 IT Portfolio Management Versus Balanced Scorecard
7.0 Lesson 7: Policies and Procedures
7.1 Policies
7.2 Information Security Policy
7.3 Procedures
8.0 Lesson 8: Risk Management
8.1 Risk Management
8.2 Developing a Risk Management Program
8.3 Risk Management Process
8.4 Risk Analysis Methods
9.0 Lesson 9: IS Management Practices
9.1 Human Resource Management
9.2 Organizational Change Management
9.3 Financial Management Practices
9.4 Quality Management
9.5 Information Security Management
9.6 Performance Optimization
10.0 Lesson 10: IS Organizational Structure and Responsibilities
10.1 IS Roles and Responsibilities
10.2 Segregation of Duties
10.3 Segregation of Duties Controls
10.4 Compensating Controls for Lack of Segregation
11.0 Lesson 11: Auditing IT Governance Structure and Implementation
11.1 Reviewing Documentation
11.2 Reviewing Contractual Commitments
12.0 Lesson 12: Business Continuity Planning
12.1 IS Business Continuity Planning
12.2 Disasters and Other Disruptive Events
12.3 Business Continuity Planning Process
12.4 Business Continuity Policy
12.5 Business Impact Analysis
12.6 Classification of Operations and Criticality Analysis
12.7 Development of Business Continuity Plans
12.8 Other Issues and Plan Development
12.9 Components of a BCP
12.10 BCP Testing
12.11 BCP Maintenance
12.12 Summary of BCP
12.13 Module 02 Review
➤ Module 03 - Information Systems Acquisition, Development and Implementation
1.0 Lesson 1: Business Realization
1.1 Portfolio/Program Management
1.2 Business Case Development and Approval
1.3 Benefits Realization Techniques
2.0 Lesson 2: Project Management Structure
2.1 Project Context and Environment
2.2 Project Organizational Forms
2.3 Project Communication and Culture
2.4 Project Objectives
2.5 Roles and Responsibilities of Groups and Individuals
3.0 Lesson 3: Project Management Practices
3.1 Initiation of a Project
3.2 Project Planning
3.3 Example of Project Management for New Software
3.4 Software Size Estimation
3.5 Lines of Source Code
3.6 Function Point Analysis (FPA)
3.7 Function Points
3.8 Cost Budgets
3.9 Software Cost Estimation
3.10 Scheduling and Establishing the Timeframe
3.11 Critical Path Methodology
3.12 Gantt Charts
3.13 Program Evaluation Review Technique (PERT)
3.14 Time Box Management
3.15 General Project Management
3.16 Project Controlling
3.17 Management of Resource Usage
3.18 Management of Risk
3.19 Closing a Project
4.0 Lesson 4: Business Application Development
4.1 Traditional SDLC Approach
4.2 SDLC Phases
4.3 SDLC
4.4 Integrated Resource Management Systems
4.5 Description of SDLC Phases
4.6 Risks Associated with Software Development
5.0 Lesson 5: Business Application Systems
5.1 Electronic Commerce
5.2 E-Commerce Models
5.3 E-Commerce Architectures
5.4 E-Commerce Risks
5.5 E-Commerce Requirements
5.6 E-Commerce Audit and Control Issues or Best Practices
5.7 Components of PKI
5.8 Electronic Data Interchange
5.9 General Requirements of EDI
5.10 Traditional EDI
5.11 Web Based EDI
5.12 EDI Risks and Controls
5.13 Controls in EDI Environment
5.14 E-Mail
5.15 E-Mail Security Issues
5.16 Standards for E-Mail Security
5.17 Point-Of-Sale Systems (POS)
5.18 Electronic Banking
5.19 Risk Management Challenges in E-Banking
5.20 Risk Management Controls for E-Banking
5.21 Electronic Finance
5.22 Payment Systems
5.23 Electronic Money Model
5.24 Electronic Checks Model
5.25 Electronic Transfer Model
5.26 Electronic Funds Transfer
5.27 Controls in an EFT Environment
5.28 Automated Teller Machines
5.29 Image Processing
5.30 Business Intelligence
5.31 Decision Support System (DSS)
5.32 DSS Frameworks
5.33 Customer Relation Management (CRM)
5.34 Supply Chain Management (SCM)
6.0 Lesson 6: Alternative Forms of Software Project Organization
6.1 Agile Development
6.2 Prototyping
6.3 Rapid Application Development (RAD)
7.0 Lesson 7: Alternative Development Methods
7.1 Data Oriented System Development
7.2 Object Oriented System Development
7.3 Component-Based Development
7.4 Web-Based Application Development
7.5 Software Reengineering
7.6 Reverse Engineering
8.0 Lesson 8: Infrastructure Development/Acquisition Practices
8.1 Project Phases of Physical Architecture Analysis
8.2 Planning Implementation of Infrastructure
8.3 Critical Success Factors
8.4 Hardware Acquisition
8.5 Acquisition Steps
8.6 System Software Acquisition
8.7 System Software Implementation
8.8 System Software Change Control Procedures
9.0 Lesson 9: Information Systems Maintenance Practices
9.1 Change Management Process Overview
9.2 Deploying Changes
9.3 Documentation
9.4 Testing Changed Programs
9.5 Auditing Program Changes
9.6 Emergency Changes
9.7 Change Exposures (Unauthorized Changes)
9.8 Configuration Management
10.0 Lesson 10: System Development Tools and Productivity Aids
10.1 Code Generators
10.2 Computer Aided Software Engineering
10.3 Fourth-Generation Languages (4GL)
11.0 Lesson 11: Business Process Reengineering and Process Change Projects
11.1 Business Process Reengineering and Process Change Projects Continued
11.2 Benchmarking Process
11.3 The Benchmarking Process
11.4 ISO 9126
11.5 Software Capability Maturity Model
11.6 ISO 15504
12.0 Lesson 12: Application Controls
12.1 Inputs Controls
12.2 Processing Procedures and Controls
12.3 Processing Controls
12.4 Data File Control Procedures
12.5 Output Controls
12.6 Business Process Control Assurance
13.0 Lesson 13: Auditing Application Controls
13.1 Risk Assessment Model to Analyze Application Controls
13.2 Observing and Testing User Performing Procedures
13.3 Data Integrity Testing
13.4 Example of Referential and Relational Integrity
13.5 Data Integrity in Online Transaction Processing Systems
13.6 Test Application Systems
13.7 Continuous Online Auditing
13.8 Online Auditing Techniques
14.0 Lesson 14: Auditing Systems Development, Acquisition and Maintenance
14.1 Project Management
14.2 Feasibility Study
14.3 Requirements Definition
14.4 Software Acquisition Process
14.5 Detailed Design and Development
14.6 Testing
14.7 Implementation Phase
14.8 Post Implementation Review
14.9 System Change Procedures and The Program Migration Process
14.10 Module 03 Review
➤ Module 04 - Information Systems Operations, Maintenance and Support
1.0 Lesson 1: Information Systems Operations
1.1 Management of IS Operations
1.2 Service Management
1.3 Service Level
1.4 Infrastructure Operations
1.5 Scheduling
1.6 Monitoring Use of Resources
1.7 Process of Incident Handling
1.8 Problem Management
1.9 Detection, Documentation, Control, Resolution and Reporting of Abnormal Conditions
1.10 Support/Helpdesk
1.11 Change Management Process
1.12 Release Management
1.13 Information Security Management
1.14 Media Sanitization
2.0 Lesson 2: Information Systems Hardware
2.1 Computer Hardware Components and Architecture
2.2 Common Enterprise Backend Devices
2.3 Specialized Devices
2.4 Risks
2.5 Security Control
2.6 Radiofrequency Identification
2.7 RFID Applications
2.8 RFID Risks
2.9 RFID Security Control
2.10 Hardware Maintenance Program
2.11 Hardware Monitoring Procedures
2.12 Capacity Management
3.0 Lesson 3: IS Architecture and Software
3.1 Operating Systems
3.2 Software Integrity Issues
3.3 Activity Logging and Reporting Options
3.4 Data Communication Software
3.5 Data Management
3.6 File Organization
3.7 Database Management Systems
3.8 Example of Data in DBMS
3.9 DBMS Architecture
3.10 DBMS Metadata Architecture
3.11 Database Structure
3.12 Relational Database
3.13 Database Models
3.14 Relational Database Model
3.15 Database Controls
3.16 Tape and Disk Management Systems
3.17 Utility Programs
3.18 Software Licensing Issues
3.19 Digital Rights Management
4.0 Lesson 4: Network Infrastructure
4.1 Enterprise Network Architecture
4.2 Types of Networks
4.3 Network Services
4.4 Network Standards and Protocols
4.5 OSI Architecture
4.6 OSI Layers
4.7 Application of the OSI Model in Network Architectures
4.8 Local Area Network
4.9 Network Physical Media Specifications
4.10 Implementation of WANs
4.11 LAN Media Access Technologies
4.12 LAN Components
4.13 OSI Layer Diagram
4.14 LAN Technology Selection Criteria
4.15 Wide Area Networks
4.16 WAN Message Transmission Techniques
4.17 WAN Devices
4.18 WAN Technologies
4.19 Wireless Networks
4.20 Wireless Wide Area Networks
4.21 Wireless Local Area Networks
4.22 Wireless Security
4.23 Wireless Application Protocol
4.24 Risks of Wireless Communications
4.25 World Wide Web Services
4.26 General Internet Terminology
4.27 Network Administration and Control
4.28 Network Performance Metrics
4.29 Network Management Issues
4.30 Network Management Tools
4.31 Client/Server Technology
5.0 Lesson 5: Disaster Recovery Planning
5.1 Recovery Point Objective and Recovery Time Objective
5.2 Recovery Strategies
5.3 Application Disaster Recovery Methods
5.4 Data Storage Disaster Recovery Methods
5.5 Telecommunication Networks Disaster Recovery Methods
5.6 Methods for Network Protection
5.7 Development of Disaster Recovery Plans
5.8 Organization and Assignment of Responsibilities
5.9 Backup and Restoration
5.10 Off-Site Library Controls
5.11 Types of Backup Devices and Media
5.12 Periodic Backup Procedures
5.13 Frequency of Rotation
5.14 Backup Schemes
5.15 Module 04 Review
➤ Module 05 - Protection of Information Assets
1.0 Lesson 1: Importance of Information Security
1.1 Key Elements of Information Security Management
1.2 Information Security Management Roles and Responsibilities
1.3 Inventory and Classification of Information Assets
1.4 System Access Permission
1.5 Mandatory and Discretionary Access Controls
1.6 Privacy Management Issue and the Role of IS Auditors
1.7 Critical Success Factors to Information Security Management
1.8 Information Security and External Parties
1.9 Identification of Risks Related to External Parties
1.10 Addressing Security When Dealing with Customers
1.11 Addressing Security and Third-Party Agreements
1.12 Human Resources Security and Third Parties
1.13 Computer Crime Issues and Exposures
1.14 Types of Computer Crimes
1.15 Peer to Peer, Instant Messaging, Data Leakage and Web-Based Technologies
1.16 Security Incident Handling and Response
2.0 Lesson 2: Logical Access
2.1 Logical Access Exposures
2.2 Familiarization with the Enterprise IT Environment
2.3 Paths of Logical Access
2.4 General Points of Entry
2.5 Logical Access Control Software
2.6 Identification and Authentication
2.7 Features of Passwords
2.8 Identification and Authentication Best Practices
2.9 Token Devices, One-Time Passwords
2.10 Management of Biometrics
2.11 Single Sign-On
2.12 Authorization Issues
2.13 Access Control Lists
2.14 Logical Access Security Administration
2.15 Remote Access Security
2.16 Common Connectivity Methods
2.17 Remote Access Using PDAs
2.18 Access Issues with Mobile Technology
2.19 Access Rights to System Logs
2.20 Tools for Audit Trail Analysis
2.21 Use of Intrusion Detection
2.22 Storing, Retrieving, Transporting and Disposing of Confidential Information
3.0 Lesson 3: Network Infrastructure Security
3.1 LAN Security
3.2 Virtualization
3.3 Client/Server Security
3.4 Wireless Security Threats and Risks Mitigation
3.5 Internet Threats and Security
3.6 Network Security Threats
3.7 Internet Security Control Audits
3.8 Firewall Security Systems
3.9 Common Attacks Against a Firewall
3.10 Examples of Firewall Implementation
3.11 Intrusion Detection
3.12 Describing IDS and IPS Deployment
3.13 Encryption
3.14 Uses of Encryption
3.15 Viruses
3.16 Technical Controls Against Viruses
3.17 AV Software
3.18 Voice Over IP
3.19 Private Branch Exchange
4.0 Lesson 4: Auditing Information Security Management Framework
4.1 Auditing Logical Access
4.2 Techniques for Testing Security
5.0 Lesson 5: Auditing Network Infrastructure Security
5.1 Auditing Remote Access
5.2 Network Penetration Test
5.3 Types of Penetration Tests
5.4 Full Network Assessment Reviews
5.5 Development and Authorization of Network Changes
5.6 Unauthorized Changes
5.7 Computer Forensics
5.8 Chain of Evidence
6.0 Lesson 6: Environmental Exposures and Controls
7.0 Lesson 7: Physical Access Exposures and Controls
7.1 Physical Access Exposures
7.2 Physical Access Controls
7.3 Auditing Physical Access
8.0 Lesson 8: Mobile Computing
8.1 Module 05 Review
8.2 Course Closure
WhatsApp chat