https://speakerdeck.com/alisecure 2026-04-26 08:40:03 -0400 Part 2B of the CISA Audit Process series explores the governance and foundational concepts that support effective information systems auditing and risk-based assurance activities. This presentation covers: • Governance structures and oversight responsibilities • The role of the Board, Audit Committee, and Chief Audit Executive • The Three Lines Model and assurance responsibilities • Audit authority, independence, and objectivity • The purpose and importance of the Audit Charter • Attribute vs Performance Standards • Audit ethics and professional conduct • Understanding the organisation and business environment • How business understanding supports enterprise risk assessment, audit universe development, and strategic audit planning Part 2B of the CISA Audit Process series explores the governance and foundational concepts that support effective information systems auditing and risk-based assurance activities. This presentation covers: • Governance structures and oversight responsibilities • The role of the Board, Audit Committee, and Chief Audit Executive • The Three Lines Model and assurance responsibilities • Audit authority, independence, and objectivity • The purpose and importance of the Audit Charter • Attribute vs Performance Standards • Audit ethics and professional conduct • Understanding the organisation and business environment • How business understanding supports enterprise risk assessment, audit universe development, and strategic audit planning Wed, 13 May 2026 00:00:00 -0400 https://speakerdeck.com/alisecure/cisa-series-audit-process-part-2b https://speakerdeck.com/alisecure/cisa-series-audit-process-part-2b Welcome to Part 1 of the CISA Series — Introduction and the Information Systems Audit Process. The presentation slides where we explore the foundations of Information Systems auditing and walk through the complete IS audit lifecycle from governance and planning through to fieldwork, reporting, follow-up, and continuous improvement. This session covers: • Audit standards and guidelines • Common audit frameworks and professional practices • Professional ethics and auditor responsibilities • Types of audits and audit approaches • Audit roles and responsibilities • Governance and audit independence • Attribute vs Performance Standards • The complete IS audit lifecycle overview Welcome to Part 1 of the CISA Series — Introduction and the Information Systems Audit Process. The presentation slides where we explore the foundations of Information Systems auditing and walk through the complete IS audit lifecycle from governance and planning through to fieldwork, reporting, follow-up, and continuous improvement. This session covers: • Audit standards and guidelines • Common audit frameworks and professional practices • Professional ethics and auditor responsibilities • Types of audits and audit approaches • Audit roles and responsibilities • Governance and audit independence • Attribute vs Performance Standards • The complete IS audit lifecycle overview Tue, 12 May 2026 00:00:00 -0400 https://speakerdeck.com/alisecure/cisa-series-introduction-is-audit-process https://speakerdeck.com/alisecure/cisa-series-introduction-is-audit-process Master the mindset behind the CISA exam in Part 7 of the CISA Series — Exam Preparation & Strategy: How to Think Like the Exam. This session brings together all five CISA domains into a practical exam-focused review designed to help candidates understand how ISACA structures questions, tests judgement, and evaluates risk-based thinking. Master the mindset behind the CISA exam in Part 7 of the CISA Series — Exam Preparation & Strategy: How to Think Like the Exam. This session brings together all five CISA domains into a practical exam-focused review designed to help candidates understand how ISACA structures questions, tests judgement, and evaluates risk-based thinking. Fri, 08 May 2026 00:00:00 -0400 https://speakerdeck.com/alisecure/cisa-series-part-7-exam-preparation https://speakerdeck.com/alisecure/cisa-series-part-7-exam-preparation These slides ares part of my CISA Exam Preparation Series, where I work through all five domains in a structured and practical way. The focus is not just on theory, but on building real understanding of IT audit, governance, risk, and controls, and how these concepts apply in practice. In this series, I break down complex topics into manageable sections, link them to real-world scenarios, and reinforce the auditor mindset needed for the exam. The goal is to move beyond memorisation and develop the ability to interpret scenarios and select the best answer — which is critical for CISA success. This is part of my personal learning journey, and I’m sharing it in case it helps others preparing for the exam. These slides ares part of my CISA Exam Preparation Series, where I work through all five domains in a structured and practical way. The focus is not just on theory, but on building real understanding of IT audit, governance, risk, and controls, and how these concepts apply in practice. In this series, I break down complex topics into manageable sections, link them to real-world scenarios, and reinforce the auditor mindset needed for the exam. The goal is to move beyond memorisation and develop the ability to interpret scenarios and select the best answer — which is critical for CISA success. This is part of my personal learning journey, and I’m sharing it in case it helps others preparing for the exam. Wed, 06 May 2026 00:00:00 -0400 https://speakerdeck.com/alisecure/cisa-series-introduction-preparing-for-the-exam https://speakerdeck.com/alisecure/cisa-series-introduction-preparing-for-the-exam CISA Made Easy – Mind Maps | Domain 5: Protection of Information Assets In this presentation, I walk through a visual mind map of CISA Domain 5, focusing on one of the most important areas in the exam — protecting information assets. This domain brings everything together — from access control and encryption through to incident response and forensics. If Domain 4 is about keeping systems running, Domain 5 is about protecting what really matters: the data. CISA Made Easy – Mind Maps | Domain 5: Protection of Information Assets In this presentation, I walk through a visual mind map of CISA Domain 5, focusing on one of the most important areas in the exam — protecting information assets. This domain brings everything together — from access control and encryption through to incident response and forensics. If Domain 4 is about keeping systems running, Domain 5 is about protecting what really matters: the data. Mon, 04 May 2026 00:00:00 -0400 https://speakerdeck.com/alisecure/cisa-mind-maps-domain-5 https://speakerdeck.com/alisecure/cisa-mind-maps-domain-5 omain 4: Operations & Business Resilience A quick visual breakdown of Domain 4 — showing how IT operations and resilience come together. This mind map connects the full lifecycle of running and supporting IT environments, including: IT operations and service delivery Data management and governance Change, configuration, and release management Incident and problem management Business continuity and disaster recovery omain 4: Operations & Business Resilience A quick visual breakdown of Domain 4 — showing how IT operations and resilience come together. This mind map connects the full lifecycle of running and supporting IT environments, including: IT operations and service delivery Data management and governance Change, configuration, and release management Incident and problem management Business continuity and disaster recovery Mon, 04 May 2026 00:00:00 -0400 https://speakerdeck.com/alisecure/cisa-mind-maps-domain-4 https://speakerdeck.com/alisecure/cisa-mind-maps-domain-4 CISA Series Part 6: Protection of Information Assets Welcome to Part 6 of the CISA Made Easy Series, where we take a deep dive into one of the most important domains in the exam: Domain 5 – Protection of Information Assets This part brings everything together — moving from governance and design… into how organisations actually protect, detect, and respond to threats in real-world environments. CISA Series Part 6: Protection of Information Assets Welcome to Part 6 of the CISA Made Easy Series, where we take a deep dive into one of the most important domains in the exam: Domain 5 – Protection of Information Assets This part brings everything together — moving from governance and design… into how organisations actually protect, detect, and respond to threats in real-world environments. Mon, 04 May 2026 00:00:00 -0400 https://speakerdeck.com/alisecure/cisa-series-part-6-domain-5 https://speakerdeck.com/alisecure/cisa-series-part-6-domain-5 Struggling to connect all the topics in CISA Domain 3? This deck breaks it down using a clear, visual mind map—helping you see how everything fits together in Information Systems Acquisition, Development, and Implementation. This visual walkthrough simplifies Domain 3 into one connected view: ✔ Project Governance & Management – how initiatives are structured and controlled ✔ Business Case & Feasibility – why systems are built in the first place ✔ System Development Methodologies (SDLC) – how systems are designed and developed ✔ Acquisition & Development – how solutions are sourced or built ✔ Control Design – ensuring systems are secure and reliable ✔ Testing Methodologies – validating quality and integrity ✔ Implementation & Deployment – moving systems into production ✔ Post-Implementation Review – ensuring value and identifying improvements Struggling to connect all the topics in CISA Domain 3? This deck breaks it down using a clear, visual mind map—helping you see how everything fits together in Information Systems Acquisition, Development, and Implementation. This visual walkthrough simplifies Domain 3 into one connected view: ✔ Project Governance & Management – how initiatives are structured and controlled ✔ Business Case & Feasibility – why systems are built in the first place ✔ System Development Methodologies (SDLC) – how systems are designed and developed ✔ Acquisition & Development – how solutions are sourced or built ✔ Control Design – ensuring systems are secure and reliable ✔ Testing Methodologies – validating quality and integrity ✔ Implementation & Deployment – moving systems into production ✔ Post-Implementation Review – ensuring value and identifying improvements Mon, 04 May 2026 00:00:00 -0400 https://speakerdeck.com/alisecure/cisa-made-easy-domain-3 https://speakerdeck.com/alisecure/cisa-made-easy-domain-3 CISA Domain 2 can feel like a lot to take in. Governance. Risk. Resources. Performance. And a long list of concepts that don’t always feel connected. What helped me was stepping back and looking at it as a mind map— not as separate topics, but as a system. In this video, I walk through Domain 2 using a visual mind map, showing how everything fits together—from governance and strategy through to monitoring and improvement. Then I take it a step further and map it to COBIT. Because once you see how Domain 2 aligns to: EDM, APO, BAI, DSS, and MEA… it becomes much easier to understand how IT is actually governed and managed in practice. For me, this isn’t about simplifying the content— it’s about making it easier to see, connect, and remember. This is part of my CISA Made Easy series— a personal learning journey, and a way of sharing what I’ve learned along the way. Key takeaway: CISA tells you what needs to be done. COBIT shows you how it’s structured and managed. Disclaimer: This is based on my current understanding and experience. I don’t represent any organisation, and I’m always open to different perspectives. #CISA #COBIT #ITAudit #Governance #Risk #Learning #MindMap #ISACA CISA Domain 2 can feel like a lot to take in. Governance. Risk. Resources. Performance. And a long list of concepts that don’t always feel connected. What helped me was stepping back and looking at it as a mind map— not as separate topics, but as a system. In this video, I walk through Domain 2 using a visual mind map, showing how everything fits together—from governance and strategy through to monitoring and improvement. Then I take it a step further and map it to COBIT. Because once you see how Domain 2 aligns to: EDM, APO, BAI, DSS, and MEA… it becomes much easier to understand how IT is actually governed and managed in practice. For me, this isn’t about simplifying the content— it’s about making it easier to see, connect, and remember. This is part of my CISA Made Easy series— a personal learning journey, and a way of sharing what I’ve learned along the way. Key takeaway: CISA tells you what needs to be done. COBIT shows you how it’s structured and managed. Disclaimer: This is based on my current understanding and experience. I don’t represent any organisation, and I’m always open to different perspectives. #CISA #COBIT #ITAudit #Governance #Risk #Learning #MindMap #ISACA Sat, 02 May 2026 00:00:00 -0400 https://speakerdeck.com/alisecure/cisa-series-mind-maps-domain-2 https://speakerdeck.com/alisecure/cisa-series-mind-maps-domain-2 CISA Domain one isn’t about memorising disconnected pieces. It’s about seeing how the audit process fits together. Planning. Execution. Evidence. Reporting. Follow-up. The challenge is remembering it all—and understanding how each part connects. That’s why I use a mind map approach. In this video, I walk through the Information Systems Auditing Process as a structured flow— so you can visualise it, connect it, and actually remember it. Because once you see the whole picture, it becomes much easier to work through the detail. I also touch on how this links to COBIT— bringing it back to the bigger picture of governance and management. This is part of my CISA Made Easy series— sharing what I’ve learned over the years, while continuing to learn myself. CISA Domain one isn’t about memorising disconnected pieces. It’s about seeing how the audit process fits together. Planning. Execution. Evidence. Reporting. Follow-up. The challenge is remembering it all—and understanding how each part connects. That’s why I use a mind map approach. In this video, I walk through the Information Systems Auditing Process as a structured flow— so you can visualise it, connect it, and actually remember it. Because once you see the whole picture, it becomes much easier to work through the detail. I also touch on how this links to COBIT— bringing it back to the bigger picture of governance and management. This is part of my CISA Made Easy series— sharing what I’ve learned over the years, while continuing to learn myself. Fri, 01 May 2026 00:00:00 -0400 https://speakerdeck.com/alisecure/cisa-domain-1-mindmap https://speakerdeck.com/alisecure/cisa-domain-1-mindmap Domain 4: Information Systems Operations & Business Resilience In this part of the series, we move into one of the most practical and heavily tested areas of the CISA exam — day-to-day IT operations and resilience. This domain brings everything together. It’s not just about controls on paper — it’s about how systems actually run, how they are monitored, how failures are handled, and how organisations recover when things go wrong. 🔍 What this video covers: We break Domain 4 into two key areas: Part A – Information Systems Operations IT Asset Management (foundation control) Job Scheduling & Process Automation System Interfaces & Data Integrity End-User Computing (EUC risks & controls) Data Governance & Data Quality Systems Performance Management Incident vs Problem Management Change, Configuration, Release & Patch Management Service Level Management (SLAs) Focus: Keeping systems stable, controlled, and performing Part B – Business Resilience Business Impact Analysis (BIA) Backup, Storage & Restoration Business Continuity Planning (BCP) Disaster Recovery Planning (DRP) System Resiliency (hot, warm, cold sites) Testing & Continuous Assurance Focus: Ensuring systems are recoverable and aligned to business priorities This is one of the most scenario-driven domains in the CISA exam — mastering it will significantly improve your ability to answer real-world questions. Disclaimer: This content is based on my interpretation and experience in IT governance, risk, and assurance, and is intended to support learning and exam preparation. Domain 4: Information Systems Operations & Business Resilience In this part of the series, we move into one of the most practical and heavily tested areas of the CISA exam — day-to-day IT operations and resilience. This domain brings everything together. It’s not just about controls on paper — it’s about how systems actually run, how they are monitored, how failures are handled, and how organisations recover when things go wrong. 🔍 What this video covers: We break Domain 4 into two key areas: Part A – Information Systems Operations IT Asset Management (foundation control) Job Scheduling & Process Automation System Interfaces & Data Integrity End-User Computing (EUC risks & controls) Data Governance & Data Quality Systems Performance Management Incident vs Problem Management Change, Configuration, Release & Patch Management Service Level Management (SLAs) Focus: Keeping systems stable, controlled, and performing Part B – Business Resilience Business Impact Analysis (BIA) Backup, Storage & Restoration Business Continuity Planning (BCP) Disaster Recovery Planning (DRP) System Resiliency (hot, warm, cold sites) Testing & Continuous Assurance Focus: Ensuring systems are recoverable and aligned to business priorities This is one of the most scenario-driven domains in the CISA exam — mastering it will significantly improve your ability to answer real-world questions. Disclaimer: This content is based on my interpretation and experience in IT governance, risk, and assurance, and is intended to support learning and exam preparation. Wed, 29 Apr 2026 00:00:00 -0400 https://speakerdeck.com/alisecure/cisa-series-part-5-domain-4 https://speakerdeck.com/alisecure/cisa-series-part-5-domain-4 Preparing for the Certified Information Systems Auditor (CISA) exam can feel overwhelming — especially if you approach it like a traditional technical exam. In this presentation, I break down a practical, real-world CISA study strategy based on how the exam is actually structured and how successful candidates prepare. This is not about memorising definitions — it’s about understanding risk, control, governance, and audit thinking. How to answer questions using the BEST vs CORRECT technique Common exam traps and how to avoid them Key focus areas across all 5 CISA domains Preparing for the Certified Information Systems Auditor (CISA) exam can feel overwhelming — especially if you approach it like a traditional technical exam. In this presentation, I break down a practical, real-world CISA study strategy based on how the exam is actually structured and how successful candidates prepare. This is not about memorising definitions — it’s about understanding risk, control, governance, and audit thinking. How to answer questions using the BEST vs CORRECT technique Common exam traps and how to avoid them Key focus areas across all 5 CISA domains Tue, 28 Apr 2026 00:00:00 -0400 https://speakerdeck.com/alisecure/cisa-study-strategy https://speakerdeck.com/alisecure/cisa-study-strategy CISA Exam Preparation – Domain 3 Part 4 Information Systems Acquisition, Development & Implementation (Deep Dive) Based on this slide deck: This presentation continues my CISA Exam Preparation Series, focusing on Domain 3 — where we move from governance into how systems are actually built, controlled, and implemented in practice. This is one of the most important domains for the exam, because failures in systems almost always originate early in the lifecycle — especially at the requirements stage. 🔍 What you’ll learn in this video: 📌 System Development Lifecycle (SDLC) Full lifecycle: Feasibility → Requirements → Design → Build → Test → Implement → Review Why requirements definition is the most critical phase (exam favourite) How poor early decisions lead to later failures Business Case & Feasibility Cost vs benefit, alignment to business objectives Technical, financial, and operational feasibility Auditor focus: decision quality and risk awareness before approval ⚙️ Development Approaches Agile, Waterfall, DevOps, RAD Key insight: Methodology does NOT remove control requirements Risks: weak documentation, poor change control, inadequate testing 🔐 Control Design & Effectiveness Input, processing, and output controls Ensuring accuracy, completeness, and authorisation across data flows Why controls must be built in early — not added later 🧪 Testing & Implementation Unit, integration, system, and UAT testing Configuration and release management Data migration and cutover strategies (parallel, phased, big bang) Key risk: uncontrolled changes and data integrity failures 🔄 Post-Implementation Review (PIR) Validate benefits, performance, and control effectiveness Capture lessons learned and update risk register Auditor focus: effectiveness, not just completion 🧠 CISA Exam Insights: Failures usually start in requirements, not testing Controls added late = design failure Skipping review = no improvement Always trace issues back to the lifecycle stage Why this matters: From an audit perspective, this domain is about ensuring that: Systems meet business objectives Risks are identified before implementation Controls are designed and embedded, not retrofitted Projects deliver real value, not just technical completion CISA Exam Preparation – Domain 3 Part 4 Information Systems Acquisition, Development & Implementation (Deep Dive) Based on this slide deck: This presentation continues my CISA Exam Preparation Series, focusing on Domain 3 — where we move from governance into how systems are actually built, controlled, and implemented in practice. This is one of the most important domains for the exam, because failures in systems almost always originate early in the lifecycle — especially at the requirements stage. 🔍 What you’ll learn in this video: 📌 System Development Lifecycle (SDLC) Full lifecycle: Feasibility → Requirements → Design → Build → Test → Implement → Review Why requirements definition is the most critical phase (exam favourite) How poor early decisions lead to later failures Business Case & Feasibility Cost vs benefit, alignment to business objectives Technical, financial, and operational feasibility Auditor focus: decision quality and risk awareness before approval ⚙️ Development Approaches Agile, Waterfall, DevOps, RAD Key insight: Methodology does NOT remove control requirements Risks: weak documentation, poor change control, inadequate testing 🔐 Control Design & Effectiveness Input, processing, and output controls Ensuring accuracy, completeness, and authorisation across data flows Why controls must be built in early — not added later 🧪 Testing & Implementation Unit, integration, system, and UAT testing Configuration and release management Data migration and cutover strategies (parallel, phased, big bang) Key risk: uncontrolled changes and data integrity failures 🔄 Post-Implementation Review (PIR) Validate benefits, performance, and control effectiveness Capture lessons learned and update risk register Auditor focus: effectiveness, not just completion 🧠 CISA Exam Insights: Failures usually start in requirements, not testing Controls added late = design failure Skipping review = no improvement Always trace issues back to the lifecycle stage Why this matters: From an audit perspective, this domain is about ensuring that: Systems meet business objectives Risks are identified before implementation Controls are designed and embedded, not retrofitted Projects deliver real value, not just technical completion Sun, 26 Apr 2026 00:00:00 -0400 https://speakerdeck.com/alisecure/cisa-exam-preparation-domain-3-part-4 https://speakerdeck.com/alisecure/cisa-exam-preparation-domain-3-part-4 This Presentation is part of my CISA Exam Preparation Series, and in this section we continue with Domain 2: Governance and Management of IT, focusing on governance implementation and the control environment. We explore how governance is translated into practical structures, controls, and accountability mechanisms within an organisation — bridging the gap between strategy and execution. Key topics covered include: IT governance structures and roles (board, committees, management) COBIT governance and management domains in practice Policies, standards, and procedures hierarchy Enterprise Architecture and alignment with business strategy Enterprise Risk Management (ERM) and risk lifecycle Data governance, privacy, and regulatory compliance (including POPIA/GDPR context) Vendor management and third-party risk Performance monitoring, KPIs, KRIs, and reporting Quality assurance and continuous improvement We also walk through real-world examples, including a cloud CRM scenario, to demonstrate how governance, risk, and control concepts are applied in practice. From an audit perspective, the focus is on evaluating whether: IT is aligned to business objectives Controls are effective and operating as intended Governance and management decisions are risk-based and properly evidenced This is part of my personal learning journey, and I’m sharing it in case it helps others preparing for the CISA exam. This Presentation is part of my CISA Exam Preparation Series, and in this section we continue with Domain 2: Governance and Management of IT, focusing on governance implementation and the control environment. We explore how governance is translated into practical structures, controls, and accountability mechanisms within an organisation — bridging the gap between strategy and execution. Key topics covered include: IT governance structures and roles (board, committees, management) COBIT governance and management domains in practice Policies, standards, and procedures hierarchy Enterprise Architecture and alignment with business strategy Enterprise Risk Management (ERM) and risk lifecycle Data governance, privacy, and regulatory compliance (including POPIA/GDPR context) Vendor management and third-party risk Performance monitoring, KPIs, KRIs, and reporting Quality assurance and continuous improvement We also walk through real-world examples, including a cloud CRM scenario, to demonstrate how governance, risk, and control concepts are applied in practice. From an audit perspective, the focus is on evaluating whether: IT is aligned to business objectives Controls are effective and operating as intended Governance and management decisions are risk-based and properly evidenced This is part of my personal learning journey, and I’m sharing it in case it helps others preparing for the CISA exam. Sun, 26 Apr 2026 00:00:00 -0400 https://speakerdeck.com/alisecure/cisa-preparing-for-the-exam-domain-2-part-3 https://speakerdeck.com/alisecure/cisa-preparing-for-the-exam-domain-2-part-3 This This presentation is part of my CISA Exam Preparation Series, and in this section we take a deeper dive into Domain 1: Information System Auditing Process — focusing on how audits are actually planned, executed, and evaluated in practice. We move beyond theory and break down key areas such as the audit lifecycle, risk-based planning, audit risk components, evidence collection, sampling techniques, and reporting. The aim is to build a clear understanding of how an auditor thinks — from identifying risk, to testing controls, to forming defensible conclusions. This part also emphasises the auditor mindset, including independence, professional scepticism, and the importance of selecting the best answer in exam scenarios — not just a technically correct one. Throughout the video, I link concepts to practical examples and include CISA-style questions to reinforce how these topics are tested in the exam. This is part of my personal learning journey, and I’m sharing it in case it helps others preparing for the CISA exam. This This presentation is part of my CISA Exam Preparation Series, and in this section we take a deeper dive into Domain 1: Information System Auditing Process — focusing on how audits are actually planned, executed, and evaluated in practice. We move beyond theory and break down key areas such as the audit lifecycle, risk-based planning, audit risk components, evidence collection, sampling techniques, and reporting. The aim is to build a clear understanding of how an auditor thinks — from identifying risk, to testing controls, to forming defensible conclusions. This part also emphasises the auditor mindset, including independence, professional scepticism, and the importance of selecting the best answer in exam scenarios — not just a technically correct one. Throughout the video, I link concepts to practical examples and include CISA-style questions to reinforce how these topics are tested in the exam. This is part of my personal learning journey, and I’m sharing it in case it helps others preparing for the CISA exam. Sun, 26 Apr 2026 00:00:00 -0400 https://speakerdeck.com/alisecure/cisa-preparing-for-the-exam-domain1-part-2 https://speakerdeck.com/alisecure/cisa-preparing-for-the-exam-domain1-part-2