2014 Training Programs - ISACA

2014 Training Programs Courses & Workshops Course Title

Dates

Venue

Fees(BHD)

1-

IT Security Workshop

16-18 March

5 Star Hotel

600

2-

IT GRC Workshop

13-14 April

5 Star Hotel

400

3-

COBIT 5 Foundation & Exam

11-13 May

5 Star Hotel

600*

4-

WebApp, Mobile, Email Security

18-19 May

5 Star Hotel

400

5-

Auditing IT Operations Workshop

12-14 October

5 Star Hotel

600

Note: ISACA Members receive 25% discount on listed fees for above courses

Certification Courses Course Title

Dates

Venue

Fees(BHD)

1-

CISA Preparation Course

4 May-3 June

TBA

800**

2-

CISM Preparation Course

4 May- 3 June

TBA

800**

3-

CISA Weekend Crash Course

23-24 May

TBA

120***

4-

CISM Weekend Crash Course

30-31 May

TBA

120***

5-

CGEIT Weekend Crash Course

23-24 May

TBA

120***

6-

CRISC Weekend Crash Course

30-31 May

TBA

120***

*

Option to set for Foundation Certification Exam at a fee

**

Inclusive of Lectures, Membership and Exam Fees, 2014 Review Manual and Q&A Database CD

***

Lectures only and will be held if minimum of 5 candidates registered.

P.O.Box 50933 Kingdom of Bahrain Fax: +973 17 911 477 Phone: +973 3534 2513 PG. 1 1

Page 1

Information Security Workshop 16-18 March 2014, Crowne Plaza Hotel

Key Learning Objectives: 1. Understand Information Security needs and learn about Risk Management Essentials 2. Understand Standards and Best Practices in Information Security Management 3. Policies, Standards, Procedures, Guidelines 4. Understand Business Continuity as essential element of Information Security 5. Understanding Controls to manage Security 6. Measuring Security Management Effectiveness

Target audience:  IT Security Professionals  IT Auditors  IT Professionals

Fees: BD600


Page 2

8:30 -

9:00

Registration

9:00 - 10:30

Session I

10:30 - 11:00

Coffee Break

11:00 - 12:30

Session II

12:30 - 13:30

Lunch Break

13:30 - 15:00

Session III

Day one: 1.Definitions: a. Security b. Information, Data Asset c. Standards, Best Practices 2.Accountability, Responsibility for Security & Risks 3.Information Security Governance 4.Process Approach – SIPOC, ETVX, PDCA8.Compliance Vs Conformity 5.Laws - basic needs – Information Act, Privacy, Intellectual Property 6.Risk Management – Part 1 a. Risk Culture of an Organization b. Asset recognition c. Risk Recognition d. Risk Evaluation – Qualitative and Quantitative e. Risk Response Process – Defining Residual risks f.

Risk Prioritization

g. Essentials of Risk Monitoring 7. Risk Management - Part II a. Risk management Considerations b. Risk Treatment Plans c. Risk response Process d. Risk KRIs e. Information Systems Control Design and Implementation P.O.Box 50933 Kingdom of Bahrain Fax: +973 17 911 477 Phone: +973 3534 2513 PG. 3 3

Page 3

Day two: 1. Risk Management in Information Systems Control – Part 111 a. Determine IT Strategy - Security as part of planning Process not an Add on – Strategic Intent b. Project and Program Management c. Acquisition, Development, Maintenance d. Change Management e. Third Party Service management f.

Information Security Management

g. Data Management 2. Security Policies: a. Essentials b. Controls c. Awareness d. Training 3. Elements of Information Security Controls a. People b. Physical Security c. Environmental Security d. Asset Management e. Access Control f.

Change Control

g. Operations Management h. Availability Planning i.

Capacity Planning

j.

Third Party Service management

4. Recognizing Controls to Manage Security risks – SOA Perspective of ISO 27001 5. Measuring Security Implementation: a. Critical Success factors


Page 4

b. KPIs c. Metrics 6.Technology: a. Perimeter – Firewalls, Proxy, Honey-pots... b. Internal – IPS, IDS, Network Security, Virus Control c. Storage – Encryption d. Communication & Business – PKI Keys, Cryptography, e. Data Loss prevention – Content Management

Day Three: 1.Business Continuity Planning (plan beyond Availability Management) - I: a. Its a business Call b. Business Impact Analysis c. IT Service Continuity Planning – Parameters for consideration d. How Much, How Fast - RTO / RPO1.Business Continuity Planning (plan beyond Availability Management) - II: e. Implementation f.

Testing – Different Types of testing BCP

g. Maintaining BCP Plans 2.Define Security Incident 3.Define Incident Response process 4.Security Incident recognition awareness, Recognizing Security Incident 5.Stakeholders in Security Incidents 6.Incident Response – 3 elements a. Containment b. Eradication c. Recovery 7.Documentation: a. Documents Vs Records b. Document Control, Record Control c. What to maintain and how much is necessary


Page 5

About the Workshop Leader

Rohinton Dumasia Rohinton is a graduate in Mathematics and Physics from Bombay University in 1973 and a PostGraduate in Operations Research and Statistics also from Mumbai University in 1977. He has over 35 years of experience in Information Systems Planning, Design, Operations, Control and Management Domain having tackled various assignments in the areas of Service Support, Service Delivery, Software Development and Implementation, Project Management and Training. His Career ranges from Computer Operations, Software Development, to being a CIO and now an Independent Consultant and Trainer. Also has been associated with implementing ITIL processes since 1999 – 2000. His assignments include COBIT Implementation for a oil refinery, ISO 20000 implementation for Finance company, defining processes for a Software development company, defining Architecture for Shipping company. His current assignment is Planning and Implementation of BCM plan for uqasi-government organization. He is a trainer for ITIL up to Expert level, ISO 27001, COBIT certification Programs. He has also completed certifications in TIPA,TOGAF and KT Foundation. He also conducts training in Essential Project Management, Business Analysis, Requirement Engineering and Information Security Framework. He has been taking ITIL trainings since ITIL V2 and now ITIL V3. He has conducted trainings in India, Philippines, Malaysia, and other countries of Far East. He is a regular speaker at various forums and conferences. He is ex-Chairman and an active member of Computer Society of India and contributes to their activities, seminars and conferences. He has worked in various domains – Manufacturing, FMCG, Shipping, IT Services and consulted for Software Development, Airlines and Oil Refinery.


Page 6

IT Governance, Risk & Compliance Workshop 13-14 April 2014, Crowne Plaza Hotel

Key Learning Objectives: This interactive 2 day workshop provides practical scenarios and discussion of the ICT GRC (Governance, Risk Management, and Compliance) issues facing governments, companies and organizations in today’s age of fast pace social networks and cloud computing. Each topic is presented with practical scenarios that audience will understand and relate to with a full discussion of topics and references needed to make decision on how best to proceed with a solution to the scenario.

Target audience: 1- All Business and Technical managers and staff involved in the IT Governance, Risk Management and Compliance of ICT within their organization. 2- CIOs, CTO, Risk Managers, IT technical staff will all benefit from the interactive and facilitated approach using practical scenarios. Fees: BD400


Page 7

Day one: 1.

Trends in Governance, Risk Management, and Compliance

2.

Risk Management from Business Perspective integrated to ICT

3.

Business Continuity from standards and practical scenarios

4.

ICT Policy and Governance at country and company level

Day two: 1.

The business Case for GRC, with scenarios for cost effective control implementation.

2.

Practical scenarios and solutions in Risk Management of ICT

3.

Compliance In the Cloud: Privacy and legislation scenarios considered for strategic advantage.

4.

An integrated approach to IT Security with GRC in practice.


Page 8


PHILLIP M. SPARKS, MBA CISA CISM Phillip is a Director of Innovation and Technology at the Center for Innovation, Excellence and Leadership (IXL Center), as well as director of the Action Learning Program for HULT’s Innovation Olympics at the Dubai Campus. He has over 20 years in business advisor within the Information, Communication and Technology Industry and is a global instructor and consultant in IT Governance, Risk Management, and Compliance for Financial, Telecom, and Military/Government/NATO organizations in the US, Europe and Middle East. Phillip is an educator with extensive experience in the application of Knowledge Management and founder of a process integrating educational design theory with practical workforce development needs called CertME™: Continuous Education using Role-based Training and Modular Environments. Phillip is an ISACA Certified Information System Auditor and Certified Information Security Manager (CISA, CISM) and uses his Masters of Business Administration, educational development focus, and consulting skills to blend together the Senior Business Management strategy and Information Technology into a common language that achieves sustainable value for organizations. Phillip has spent several years since 2004 between Europe and Middle East (Saudi Arabia, Egypt, Dubai) working with corporate Governance, Risk management and compliance with telecom, financial, and educational development sectors as well as a 1 year project with the Saudi Stock market (Tadawul) where he developed a risk management awareness program during the economic downturn. Phillip built his leadership and organizational experience as both platoon leader and company commander in the US Military during the first Gulf War and as Automation Officer (CIO equivalent) for a 600 personnel unit in the US Army and European Command spanning six countries and recognized for outstanding achievement by several of the General Officers during his service and efforts as advisor and consultant for the European Command in both Army and Air Force. Phillip is a BS Liberal Arts/Physics from Centre College, BS Electrical Engineering, a Masters Certification in Telecommunication from Air Force Institute of Technology, and has a Masters degrees in Business Administration and Public Administrations from University of Maryland European Division.


Page 9

COBIT 5 Foundation Workshop and Exam 11-13 May 2014, Crowne Plaza Hotel Key Learning Objectives: COBIT is the only business framework for the governance and management of enterprise IT. COBIT 5 incorporates the latest thinking in enterprise governance and management techniques and provides globally accepted principles, practices, analytical tools and models to help increase the trust in, and value derived from information systems which have become pervasive in today’s business environment. This workshop provides practical scenarios and discussion of the governance and management of enterprise IT issues facing governments, companies and organizations. Each topic is presented with practical scenarios that audience will understand and relate to with a full discussion of topics and references needed to make decision on how best to proceed with a solution to the scenario.

Target audience: IT Auditors, IT Managers, IT Quality professionals, IT Executive leadership, IT Process Practitioners, Managers in IT service providing firms, IT Consultants, and anyone who wants to gain an insight into the Enterprise Governance of IT and to be certified as a COBIT Implementer or Assessor.

Fees: Workshop

BD600

Exam

BD120

Registration: Kindly indicate " Cobit 5 Foundation Workshop and Exam" or "Cobit 5 Foundation Workshop only" in the Course title field in the Registration form.


Page 10

Day one: Overview/Key Features and Principles of COBIT 5 5. Meeting Stakeholder Needs 6. Covering the Enterprise End-to-end 7. Applying a single Integrated Framework 8. Enabling a Holistic Approach 9. Separating Governance from Management

Day two: The 7 Enablers 1. The Principles, Policies and Frameworks 2. Processes 3. Organizational Structures 4. Culture, Ethics and Behaviour 5. Information 6. Services, Infrastructure and Applications 7. People, Skills and Competencies

Day 3: COBIT 5 Implementation and Process Maturity 1. COBIT 5 Implementation Life cycle and its interrelated components 2. Internal/external environment factors, Pain points, Trigger Events etc. 3. The business case to a programme initiative leveraging COBIT 5. 4. Capability Levels, Attributes and Rating Scale based on ISO 15504 5. Process Capability Assessment and COBIT assessment programme. 6. The differences between a Maturity and a Capability Assessment: 7. The purpose of a Process Reference Model as defined by ISO 15504 8. The benefits of the COBIT Capability Assessment approach


Page 11

Optional COBIT 5 Foundation Exam ISACA offers professionals who have mastered the content in the COBIT 5 Foundation Course an opportunity to demonstrate their knowledge by taking an exam and earning a certificate of completion. These professionals understand the IT management issues organizations face today and know how to use COBIT to respond to these challenges. These professionals have used the elements of COBIT, in practice, and are prepared to recommend applications of COBIT for enterprise-wide projects. The exam consists of 50 multiple-choice questions and requires a score of 50% or higher to pass. The exam is administered at the end of the last day of the course and computer based with initial results provided at the end of the exam. The exam format is as follows:     

Multiple choice 50 questions per paper with 1 mark available per question 25 marks required to pass - 50% 40 minutes duration Closed book.

Requirements for the online based exam 1- Bring laptop 2- The following browsers are supported:  Internet Explorer - All Versions  FireFox - All Versions  Safari - All Versions  Google Chrome - All Versions  Opera - All Versions  Mozilla - All Versions.


Page 12


KESTER E. IRABOR, CISA CISM Kester is a Manager for IT and Telecom Network Audit with Protiviti Middle East and also an APMG Accredited COBIT 5 Foundation Trainer. He has over 12 years’ experience covering Information and Communication Technology Administration, Management, Security, Controls and Audit. Kester has been involved in professional education since 2003. He has trained professionals in Information Systems Audit especially those preparing for the CISA certification exam and has presented papers in many Mandatory Continuing Professional Education (MCPE) Programs on Information Technology for the Institute of Chartered Accountants of Nigeria (ICAN). He has also facilitated in private training programs organized for Banks e.g. the Central Bank of Nigeria, Diamond Bank, Nigeria and Telcos like MTN and Glo Mobile in Nigeria covering technology topics in Fraud, IT Management and Security, Telecommunications Convergence and Network Security. He started his Internal Audit career with CELTEL Nigeria in 2007 after working in IT Services Management departments of then 2 largest Telcos in Nigeria; MTN and Vmobile. Kester managed the IT Audit Operation for PROTIVITI in Zain Nigeria for close to 4 years handling IT Audit Projects lifecycle end to end. He is currently in the PROTIVITI Middle East, planning, managing and conducting Technology audits projects mostly in the Telecommunications sector for clients across the region Kester holds a B.Sc in Applied Mathematics from the University of Lagos, Nigeria and has the following professional certifications; CISA, CISM, ITIL(f).


Page 13

Securing Mobile, Web, Email and System Apps, Security strategies for the workplace 18-19 May 2014, Crowne Plaza Hotel, Bahrain

Key Learning Objectives: 1. To address the most recent attack vectors in the Cyber Eco space and keep pace with developments in the Cyber Space to counter probable attacks 2. To sensitize audiences to latest web application Security threats in the IT Ecosystem and help understand defense mechanism to combat such threats 3. To help understand risks and defenses from Next Generation attacks 4. To understand day-to-day security concerns and make security a ‘way of life’

Target audience:  IT Security Officers and Managers  IT Professionals and practicing developers  CISOs, CIOs, CTOs

Fees:

BD400


Page 14

Workshop Outline Session ID LSCP0481

Module

Introduction to Information Security & IT Acts  Introduction  Importance & Need of Information Security  Cyber Law & IT Acts  Conclusion

0.5 Hour

LSCP0482

Web Application Attacks

9.0 Hours

   





LSCP0483

Duration

Introduction to Web Application Development Basics of SQL MySQL, MS-SQL database Different Types of Attacks o OWASP Top 10 o Insecure Direct Object Reference o SQL Injections  Authentication Bypass Injection  Union Based Injection  Error Based Injection  Blind Injections  Double Query Injection  Time Based Injection  Post Method Injections o Web Application Firewalls o Cross Site Scripting o Session Hijacking o Broken Authentication and Session Management o Security Misconfiguration o Sensitive Data Exposure o Using Components with Known Vulnerabilities o Invalidated Redirects and Forwards o File Inclusion Vulnerabilities o Arbitrary File Upload o View State Vulnerability o Padding Oracle Vulnerability o Source Code Analysis Tools Applications to Perform Security Tests

Google Dorks o Using Google as Hacking Tool o Advanced operators of Google and Google Dorks o Finding Vulnerable websites using Google o Finding Target networks using Google

Mobile Security  SMS and SMSC Introduction  SMS Forgery and Countermeasures  Send &Track Fake SMS  VOIP Introduction  Install VOIP Server

0.5 Hour


Page 15

 

Call Forging Android Exploitation Framework

LSCP0484

System Hacking  Introduction to the Malwares (Virus, Worms & Trojans)  Create your own Trojans  Evade Firewalls & Anti-Virus  Scan System for the Malicious Application  Security Counter Measures

LSCP0485

Security Essentials in Workplace  Email Security  Social Media Security  Credit Card Frauds  Nigerian Frauds  System Attacks & Preventions  Online Privacy

1.0 Hour

1.0

Total Duration


12 Hours

Page 16

About the Workshop Leaders

Saket Modi, CEO & Co-Founder, Lucideus Saket has been awarded the title of Indian Ambassador of Cyber Security in education at National Education Awards 2013 for his contributions to the info-sec community. Over last 5 years, he along with his team has been conducting training and consultancy sessions across the globe. He has been invited to most of the elite Institutions of India including IIT-Bombay, IIT-Delhi& IIT-Guwahati for conducting seminars or workshops on Ethical Hacking. At a young age, he has already trained more than 5000 individuals across 75 plus Colleges, Corporate &Government Departments. Some of the organizations include IBM, Microsoft, TCS, HCL, and Intelligence Agencies& Special Task Forces. Saket is also an advisor to reputed organizations, banks and e-commerce companies on web space penetration testing and in designing safe cyber architecture for their webs servers and networks globally.

Vidit Baxi, Director Lucideus Training Vidit is pioneering in web security analysis and has a vast experience in ethical hacking training, cyber crime investigation and penetration testing. With over 4 years of training experience, he has constantly been engaged in conducting workshops for corporate houses and academic institutions such as IIT's and NIT's and has trained more than 5000 students. Had conducted training for over 4500 hours for officers in security organizations, state police agencies, universities and professionals working with Infosys, TCS, Patni and many more. A Certified Ethical Hacker, he is an ideal to many young students in India who take up security as their career objective and a motivation to those who see and understand IT Security and its needs.He is an MCP and MCTS in web based and client side security. Also, a Microsoft Certified Technology Specialist and a Microsoft Certified Professional and has high level of expertise in handling server side operations based on the windows platform.


Page 17

Workshop on Auditing IT Operations 12-14 October 2014, Crowne Plaza Hotel

This 3 day workshop shall cover the following key topics:

1. Information Risk Management 2. The Hunt for Fraud: Prevention and Detection Techniques 3. Auditing Critical Business System Applications 4. Successful Application Design: Auditing the System Development Life Cycle 5. Business Continuity, Disaster Recovery and Incident Management Planning

Target audience:  IT auditors  Financial and operational auditors who need to understand IT controls  Auditors and assurance professionals who need to understand IT controls  IT professionals

Fees: BD600


Page 18

Day 1

Session I

Information Risk Management Session Description In today’s global economy, every organization has a mission. In this digital era, as organizations critically depend upon information technology (IT) systems to process their information for better support of their missions, risk management plays a critical role in protecting an organization’s information assets, and therefore its mission, from IT-related risk. An effective risk management process is an important component of a successful IT security program. The principal goal of an organization’s risk management process should be to protect the organization and its ability to perform their mission, not just its IT assets. Therefore, the risk management process should not be treated primarily as a technical function carried out by the IT experts who operate and manage the IT system, but as an essential management function of the organization. Risk is the net negative impact of the exercise of vulnerability, considering both the probability and the impact of occurrence. Risk management is the process of identifying risk, assessing risk, and taking steps to reduce risk to an acceptable level. This session provides an overview into the specific criteria, steps and actions necessary to implement, sustain and assess a comprehensive Information Risk Management program.

Day 1

Session II

The Hunt for Fraud: Prevention and Detection Techniques Session Description This session provides attendees with a general overview of basic fraud concepts, as well as a review of specific areas such as procedures related to the recording, reporting, and prosecution of fraudulent activities, internal auditor responsibilities in the audit for fraud, and fraud detection and mitigation techniques. Also addressed during this seminar is the classification of frauds, investigation techniques, and fraud within information technology. This session will incorporate several case analyses of frauds perpetrated by employees and how such frauds were identified and investigated. The session will also introduce and incorporate the basic concepts of forensic analysis as a means of further investigating fraudulent activities by organization personnel, third party providers, and contractors.


Page 19

Day 2 Auditing Critical Business System Applications Session Description An Information Technology (IT) Auditor and Information Security (Info Sec) Professional are really both pursuing the same goals but through different terminology. The IT auditor evaluates for the presence of “controls” whereas Info Sec professional pursues the implementation of “security”. It is essential that both end users and IT professionals understand the process of IT Audit and the concepts of risk and control associated with critical business applications, those applications essential to the daily operational functionality of the enterprise. Applications are often vulnerable to attacks that will not be detected by network and server security controls, and could compromise not only the application and its data, but the network and servers as well. The primary focus of this session is on the process of auditing critical business applications, the associated IT infrastructure that supports these applications and the auditor’s role in assessing the internal control environment in which these applications are designed to function.

Day 3

Session I

Successful Application Design: Auditing the System Development Life Cycle Session Description Managing software projects is difficult under the best circumstances. You can reduce the difficulty and improve your organization’s changes of success by applying known industry smart practices for software project management. The system development life cycle (SDLC) is a common methodology for systems development in many organizations. This methodology features distinctive phases, each of which records the progress of the systems analysis and design project. The potential for abuse, inefficiencies, and the potential to deliver application systems, which do not meet the needs of the end-user, warrants the involvement of IT and user management as well as the audit function in most all software development efforts. This session will examine the basic elements of the SDLC process, and how the process of designing new systems has (and continues to) evolve. Attendees will also discuss strategic system design methodologies, and how the auditor can be an effective change agent within this process.


Page 20

Day 3

Session II

Business Continuity, Disaster Recovery and Incident Management Planning Session Description The continued successful operation of an organization depends on senior management's awareness of potential disasters, their ability to develop a plan to minimize disruptions of critical functions and the capability to recover operations expediently and successfully. This session examines the various causes of computer failure, and presents feasible alternatives for recovery. Session participants will examine the key components of disaster recovery, business continuity and incident management planning, how to measure, assess and audit the effectiveness of their organization's business recovery, continuity and planning program, and what questions they should be asking to determine their organization's overall preparedness to endure a disaster "event".


Page 21


Albert J. Marcella Jr., Ph.D., CISA, CISM Albert J. Marcella Jr., is president of Business Automation Consultants, LLC a global information technology and management-consulting firm providing information technology (IT) management consulting and IT audit and security reviews and training for an international clientele. Dr. Marcella is an internationally recognized public speaker, researcher, workshop and seminar leader with 35 years of experience in IT audit, security and assessing internal controls, and an author of numerous articles and 25 books on various IT, audit and security related subjects. Dr. Marcella’s most recent book, Cyber Forensics: From Data to Digital Evidence, published by John Wiley & Sons, provides the reader with insights into how data are stored, processed, identified, analyzed, and eventually end up as evidential matter…all this leading to a more thorough and detailed understanding of which data are relevant, significant, and most critical in a cyber-forensic investigation, and why, which ultimately is the basis for and foundation of a comprehensive, well executed cyber forensic investigation Dr. Marcella’s articles on cyber extortion, workplace violence, Electronic Stored Information (ESI), privacy risks in multifunctional devices (MFDs), cyber forensics, incident management planning and ethics have appeared in the ISACA Journal, Disaster Recovery Journal, Journal of Forensic & Investigative Accounting, EDPACS, ISSA Journal, Continuity Insights, and the Internal Auditor Magazine. Dr. Marcella is the Institute of Internal Auditors Leon R. Radde Educator of the Year, 2000, Award recipient. Dr. Marcella has taught IT audit seminar courses for the Institute of Internal Auditors (IIA), continues to teach for the Information Systems Audit and Control Association (ISACA), and has been recognized by the IIA as a Distinguished Adjunct Faculty Member.


Page 22

Exam Preparation Course Start date: Sunday, 4 May 2014, for 5 weeks every Sunday & Tuesday from 6pm-9pm Location: Manama, Bahrain Workshop Registration deadline: Thursday, 1st May 2014 (minimum of 5 registrations required to conduct the course) Exam date: Saturday 14th June 2014 Exam Registration Deadline: Friday, 11th April 2014 COURSE DETAILS Objectives: The course reviews the content that is covered in the CISA exam. Attendees will learn: 1. IS Audit principles and practices 2. Skills for improving CISA exam success Course dates and topics Date Sunday 4 & Tuesday 6 May 2014 Sunday 11 & Tuesday 13 May 2014 Sunday 18 & Tuesday 20 May 2014 Sunday 25 & Tuesday 27 May 2014 Sunday 1 & Tuesday 3 June 2014

Tentative topics The process of Auditing Information Systems Governance and management of IT Information Systems Acquisition, Development and Implementation Information Systems Operations, Maintenance and Support Protection of Information Assets

Time 6:00pm – 9:00pm

Revision & Mock Exam

9:00-13:00

6:00pm – 9:00pm 6:00pm – 9:00pm 6:00 – 9:pm

Study Materials included in course fee are CISA 2014 Review manual and CISA Practice Question Database v14. Prerequisites: Read the CISA 2014 Review manual before the course Do the self-assessment at http://www.isaca.org/Certification/CISA-Certified-Information-Systems-Auditor/Prepare-forthe-Exam/Pages/CISA-Self-Assessment.aspx.

Course Fees(BD800) Inclusive of Tuition, Exam Fees, ISACA Membership Fees, Study Manual, Q&A Database CD.


Page 23

Exam Preparation Course Start date: Sunday, 4 May 2014, for 5 weeks every Sunday & Tuesday from 6pm-9pm Location: Manama, Bahrain Workshop Registration deadline: Thursday, 1st May 2014 (minimum 5 registrations required) Exam date: 14th June 2014 Exam Registration Deadline: Friday, 11th April 2014 COURSE DETAILS Objectives: The course reviews the content that is covered in the CISM exam. Attendees will learn: 3. Information security governance principles and practices 4. Skills for improving CISM exam success Course dates and topics Date Sunday 4 & Tuesday 6 May 2014 Sunday 11 & Tuesday 13 May 2014 Sunday 18 & Tuesday 20 May 2014 Sunday 25 & Tuesday 27 May 2014 Sunday 1 & Tuesday 3 June 2014

Tentative topics Information Security Governance Information Risk Management and Compliance Information Systems Program Development and Management Incident Management and Response

Time 6:00pm – 9:00pm 6:00pm – 9:00pm

Revision & Mock Exam

6:00pm - 9:00pm

6:00pm – 9:00pm 6:00pm – 9:00pm

Study Materials included in course fee are CISM 2014 Review manual and CISM Practice Question Database v14. Prerequisites: 1- Read the CISM 2014 Review manual before the course 2- Attempt the self-assessment at http://www.isaca.org/Certification/CISM-Certified-InformationSecurity-Manager/Prepare-for-the-Exam/Pages/CISM-Self-Assessment.aspx.

Course Fees(BD800) Inclusive of Tuition, Exam Fees, ISACA Membership Fees, Study Manual, Q&A Database CD.


Page 24

Registration Form Fill in this Form and send fax to +973-17911477 or e-mail [email protected] Course Title: _____________________________________________________ Date_____/___/______ Company information Person in charge

Contact no.

Company Name

Fax No

Department

Email

Position

Country

Candidate’s information S.No.

Candidate’s Name

Job Title

Contact No.

1. 2. 3. 4.

Terms of Payment Cheque payable to “ISACA Bahrain Chapter” to be sent to P.O. Box 50933, Kingdom of Bahrain By Wire transfer to “ISACA Bahrain Chapter” Account Bank: Ahli United Bank IBAN: BH48 AUBB 0000 1655 2220 02 Account #: 0001-655222-002 Swift Code: AUBBBHBM Registration Approval: I hereby approve the above details for registration

Signature: __________________________

Date

: ____________________

Company Stamp:_____________________________


Page 25