Get expert guidance, research policies and procedures to stay ahead of the curve in your IT audit and assurance career.
Zero Trust Audit Program
Zero Trust is a security model that requires all users of an organization's network to be authenticated, authorized, reviewed, and validated periodically to ensure appropriate access privileges are granted and maintained and more importantly rights are deactivated when they are no longer needed to perform work duties.
Google Cloud Platform Audit Program
With the continued growth and adoption of Google® Cloud Platform (GCP®) now representing the third largest provider of cloud services, ISACA has developed an audit program that helps auditors assess and test control coverage adequacy and effectiveness of GCP® services.
Identity and Access Management Audit Program
The ISACA Identity and Access Management Audit Program provides specific testing and evaluation criteria to assist auditors in assessing the adequacy of safeguards in place to mitigate IAM risks.
Audit Practitioner’s Guide to Machine Learning, Part 1: Technology
Machine learning (ML), a subset of artificial intelligence (AI), has been rapidly adopted by enterprises and governments around the world.
Audit Practitioner’s Guide to Machine Learning, Part 2: Compliance Risk
Machine learning (ML), a subset of artificial intelligence (AI), has been rapidly adopted by enterprises and governments around the world.
Physical and Environmental Security Audit Program
Cybersecurity and audit practitioners may talk in terms of physical security being a part of cybersecurity or physical security being a subset of cybersecurity. While there may be differences of opinion in how physical security is defined in terms of cybersecurity, there is agreement that physical security may be overlooked while digital threats are considered from many perspectives.
Database Audit Program
Databases, comprised of data and database management systems, store data so that they can be used by different programs without concern for the data structure or organization. The ability of databases to accommodate large volumes of data, has led databases to be widely adopted.
COBIT for DevOps Audit Program
ISACA developed this audit program as a companion to COBIT Focus Area: DevOps, Using COBIT® 2019. The focus area publication describes how COBIT framework concepts apply to DevOps and is intended to help enterprises evaluate management practices important to the development of an effective governance system over DevOps.
VPN Security Audit Program
Virtual Private Networks (VPNs) are relied on to give remote workers access to the corporate network securely. As the number of remote workers and the duration of remote work have increased (from remote working being temporary to potentially permanent), awareness of VPNs has grown. Now, enterprises are questioning how secure VPNs are.
Destination: Agile Auditing
In Destination: Agile Auditing, you will find a history lesson on Agile—from its beginning to more recent adoption approaches—as well as insight into the benefits of incorporating Agile into enterprise audit practices. Get previews of Agile audit toolset usage, learn about approaches for enhancing professional Agile competency, and see how Agile auditing practices successfully integrate into traditional planning, fieldwork, and reporting phases of audit projects.
IT Audit Framework, 4th Edition
Get the guidance and techniques that will lend consistency and effectiveness to your audits. The new 4th edition of ITAF outlines standards and best practices aligned with the sequence of the audit process (risk assessment, planning and field work) to guide you in assessing the operational effectiveness of an enterprise and in
Information Technology Audit Sampling Guidelines (Guidelines 2208)
ISACA created the Information Technology Audit Sampling guidelines (Guidelines 2208) as a companion to its Information Technology Audit Framework (ITAF™). The purpose of these guidelines is to provide guidance to IT audit and assurance practitioners in designing and selecting an audit sample and evaluating sample results. Appropriate sampling and evaluation help to achieve the requirements of sufficient and appropriate evidence.
IT audit and assurance practitioners should consider these guidelines when reaching a conclusion about a total population when audit procedures are applied to less than 100 percent of that population.
Advance your expertise and add to your career potential or enterprise skillset with training developed and delivered by the experts in IT audit.
Certified Information Systems Auditor (CISA)
The CISA certification is world-renowned as the standard of achievement for those who audit, control, monitor and assess an organization’s information technology and business systems. This certification is a must have for entry to mid-career IT professionals looking for leverage in career growth. The CISA exam is now available via remote proctoring!
CISA Exam Prep from ISACA
Whether you prefer to prep on your own time or with the additional guidance and interaction that comes with live, expert instruction, ISACA has the right test prep solutions for every professional. Choose what works for your schedule and your studying needs.
Zero Trust Audit Program
Zero Trust is a security model that requires all users of an organization's network to be authenticated, authorized, reviewed, and validated periodically to ensure appropriate access privileges are granted and maintained and more importantly rights are deactivated when they are no longer needed to perform work duties.
View IT Audit Publications and Resources
Gain additional insight and guidance on leveraging the IT Audit framework to create and maintain the most effective techniques and understanding to manage IT Audit.
