CISA Cert Masterclass - Pass the Exam in 2026 (+20 CPE)

Explore how laws, regulations, and industry standards define the external framework of IT governance. Learn how compliance obligations shape policies, processes, and audit responsibilities across global and industry contexts.

Examine how organizations integrate compliance into strategy, ethics, and risk management. Understand the auditor’s role in assessing maturity, accountability, and continuous improvement in regulatory adherence.

Learn how organizational structure, reporting lines, and governance frameworks define accountability for IT performance. This video covers key governance roles, steering committees, and how decision-making aligns IT with business priorities.

Understand how strategic planning connects technology initiatives to organizational objectives. Explore the auditor’s perspective in evaluating governance alignment, oversight mechanisms, and strategic performance measures.

A bonus discussion about the IT Enterprise Architecture and Project Portfolio.

Discover how policies, standards, and procedures translate management intent into operational control. Learn how well-defined documentation ensures compliance, consistency, and accountability across the enterprise.

Examine how organizations communicate, monitor, and enforce policy adherence. Understand how auditors assess policy ownership, awareness, and the integration of controls into daily operations.

Explore how enterprise architecture connects strategy, processes, and technology to achieve business goals. Learn the purpose, structure, and frameworks (like TOGAF and Zachman) that guide architectural governance.

See how auditors evaluate the effectiveness of architecture governance, standardization, and change control. Learn how EA supports innovation, compliance, and enterprise-wide transformation initiatives.

Understand how ERM provides a structured approach to identifying and managing risk across the enterprise. Learn about risk appetite, tolerance, and the governance structures that define ownership and accountability.

Explore how ERM aligns with decision-making and performance management. Auditors learn how to evaluate risk response strategies, monitoring processes, and continuous improvement within IT governance frameworks.

Learn how privacy programs protect personal data through governance, risk assessment, and accountability. This video introduces privacy frameworks, core principles, and regulatory drivers such as GDPR and HIPAA.

Examine how organizations operationalize privacy through data inventories, training, and monitoring. Auditors assess privacy maturity, breach response, and the integration of privacy with security and compliance.

Explore how data governance defines ownership, stewardship, and accountability for information assets. Learn how classification and lifecycle controls ensure accuracy, confidentiality, and compliance.

Understand how auditors evaluate data policies, retention schedules, and automation in governance processes. Learn how metrics, frameworks, and continuous improvement sustain data control and regulatory alignment.

See how organizations plan, acquire, and allocate people, technology, and services for optimal performance. Learn how governance structures balance operational efficiency with accountability.

Discover how performance metrics, asset management, and cost analysis sustain resource efficiency. Auditors learn to evaluate capacity planning, vendor oversight, and lifecycle control maturity.

Understand how vendor management governs outsourcing relationships through contracts, SLAs, and risk assessment. Learn how due diligence, performance reviews, and accountability maintain governance control.

Explore how organizations monitor vendors, manage dependency, and ensure data security. Auditors assess contract compliance, assurance reports, and governance maturity across the vendor lifecycle.

Learn how quality assurance (QA) and quality control (QC) prevent errors and promote consistency. Explore policies, metrics, and governance mechanisms that ensure IT outputs meet standards and expectations.

Understand how frameworks like ISO 9001, COBIT, and ITIL drive continuous improvement. Auditors learn to assess documentation, segregation of duties, and leadership commitment to quality governance.

Examine how laws, frameworks, and standards guide IT compliance across industries. Learn how auditors assess accountability, policy mapping, and risk-based compliance governance.

Explore emerging trends—AI regulation, data sovereignty, and operational resilience. Learn how governance frameworks sustain compliance maturity, transparency, and ethical leadership in an evolving global environment.

Learn how project governance aligns technology initiatives with organizational strategy. We explore accountability structures, stakeholder roles, and governance models that keep IT projects controlled and value-driven.

Explore project management as the operational arm of governance. Learn how objectives, milestones, and controls keep projects on time, on budget, and in scope — and how auditors evaluate these elements.

See how IS auditors assess governance effectiveness. This part focuses on risk identification, escalation, and reporting — linking project performance to organizational assurance objectives.

Learn how organizations justify IT initiatives through strategic alignment and cost-benefit analysis. We outline key elements of a strong business case and management’s approval responsibilities.

Understand how auditors assess whether business cases align with enterprise objectives and risk appetite. We connect feasibility documentation and stakeholder sign-off to governance maturity.

Explore the stages of system development — requirements, design, build, test, and deploy. We introduce traditional and modern approaches to managing IT solutions.

Analyze how different methodologies balance control, flexibility, and documentation. Learn where each model fits, and what governance challenges auditors should expect.

See how auditors test for adequate controls in Agile, DevOps, and continuous-integration environments. We emphasize version control, sprint oversight, and risk monitoring.

Learn how system controls are derived from business risks and regulatory requirements. We discuss preventive, detective, and corrective controls within development processes.

Discover how developers embed security and reliability controls into applications and infrastructure. We cover input validation, transaction logging, and role-based access design.

See how auditors test control completeness and adequacy. This session focuses on walkthroughs, documentation review, and alignment between control objectives and test evidence.

Examine readiness assessments, cutover strategies, and stakeholder sign-offs that confirm a system is deployment-ready. We highlight the importance of test environments and fallback plans.

Learn how organizations execute system, integration, and user acceptance testing. Auditors verify test documentation, defect tracking, and acceptance criteria.

Focus on post-test validation and production transition controls. We discuss go-live approvals, rollback testing, and auditor verification of operational readiness.

Understand configuration control as the backbone of production stability. We define configuration baselines, documentation standards, and environment segregation.

Explore release planning, approval processes, and versioning discipline. We discuss how auditors verify that only approved releases reach production.

See how auditors evaluate change workflows, emergency changes, and access control. This part links release management to risk reduction and audit assurance.

Explore infrastructure buildout, capacity testing, and deployment validation. Auditors assess whether configuration and patch levels meet enterprise standards.

Focus on data completeness and integrity testing after migration. We cover reconciliation, validation reports, and how auditors confirm successful conversion.

Understand why post-implementation evaluations are critical to verifying project outcomes. We discuss cost realization, performance measurement, and stakeholder feedback.

See how organizations use post-implementation results to enhance future projects. We cover lessons-learned processes, root-cause tracking, and audit follow-up responsibilities.

Learn the fundamental components that make up enterprise IT environments — servers, networks, storage, and applications. This video explains how each layer supports system reliability and data flow within the organization.

Explore how auditors evaluate the adequacy, configuration, and control of IT components. Students see how documentation, monitoring, and configuration consistency reduce operational risk.

Understand how organizations track hardware, software, and cloud assets throughout their lifecycle. The session covers acquisition, licensing, retirement, and the importance of accurate inventory data.

Learn how auditors assess performance reports, KPIs, and threshold alerts. Students see how inadequate monitoring or poor forecasting exposes operational risk.

Explore how automated processing ensures consistency and efficiency in IT operations. The lesson explains scheduling tools, dependencies, and exception handling.

Examine how auditors test scheduling integrity, segregation of duties, and recovery from failed jobs. Students learn to evaluate controls that prevent process interruption or data loss.

Learn how system interfaces connect applications and databases across the enterprise. This video explains interface types, data validation, and error handling to ensure reliable data flow.

Understand how auditors verify completeness, accuracy, and authorization of data exchanges. Students explore typical interface testing methods and evidence collection practices.

Discover why employees use unapproved tools and how end-user computing introduces control gaps. This session highlights governance strategies to detect and reduce exposure.

Learn to assess compensating controls, data accuracy, and authorization processes within EUC environments. The video demonstrates how to evaluate risk without hindering productivity.

Examine how organizations plan capacity, monitor utilization, and ensure continuous availability. Students learn key metrics, redundancy techniques, and proactive performance management.

See how auditors review uptime data, capacity forecasts, and preventive maintenance logs. This video connects performance monitoring to operational resilience assurance.

Understand how IT teams identify, classify, and resolve service interruptions. The lesson covers escalation paths, communication flow, and coordination between operations and business users.

Explore how auditors evaluate incident logging, SLA adherence, and problem analysis documentation. Students learn to identify patterns that indicate recurring or unresolved risks.

Learn how controlled change management and patching safeguard system integrity. This session covers request approval, testing, and rollback planning to prevent service disruption.

See how auditors review change logs, emergency fixes, and segregation of duties. Students gain techniques for detecting unauthorized or incomplete changes.

Discover the purpose of operational logs and how they support accountability and security. The session explains log types, retention, and centralized monitoring.

Learn how auditors assess log completeness, frequency of review, and tamper-prevention controls. Students see how proper logging strengthens both security and compliance assurance.

Understand how SLAs define performance expectations between IT and business units. The video covers KPI selection, reporting cadence, and performance transparency.

Examine how auditors verify SLA metrics, escalation mechanisms, and vendor adherence. Students learn how weak SLA governance can conceal operational or contractual risk.

Learn how databases store, secure, and maintain data consistency through normalization, ACID principles, and constraints. This session establishes the foundation of reliable data management.

Explore how auditors assess privileged access, configuration management, and backup testing. Students gain insight into evaluating both logical and physical database controls.

Discover how a BIA identifies essential business functions, dependencies, and acceptable downtime. This video explains how RTOs and RPOs shape continuity strategies.

Learn how auditors evaluate the methodology, stakeholder input, and accuracy of BIA results. Students understand how to confirm that recovery priorities align with enterprise risk tolerance.

Understand the technical and procedural foundations of resilience — redundancy, monitoring, and failover. The session highlights proactive maintenance and continuous availability.

Examine how auditors test resilience controls, review performance metrics, and assess maturity. Students learn how feedback loops and governance drive continual improvement.

Learn how auditors verify backup completeness, test restoration procedures, and evaluate storage security. The focus is on ensuring recovery reliability and compliance.

Understand how a BCP integrates people, processes, and technology to sustain operations during disruption. Students learn the structure, activation criteria, and communication protocols of a strong continuity plan.

Examine how auditors review plan documentation, testing, and maintenance. This video demonstrates how to measure readiness and identify gaps in continuity governance.

Understand how auditors evaluate DRP testing, vendor dependencies, and alignment with business continuity. Students gain insight into assessing technical recoverability and organizational preparedness.

Learn how policies, frameworks, and standards form the backbone of information asset protection. This session explains how governance structures define accountability, align with business objectives, and ensure consistent application of security practices.

Explore how frameworks like ISO 27001, NIST, and COBIT integrate into enterprise security programs. You’ll learn how IS auditors evaluate the design, approval, and enforcement of policies, ensuring alignment with regulatory and operational requirements.

Understand the controls that protect servers, data centers, and equipment from physical threats. This session covers facility access control, environmental safeguards, and physical audit procedures.

Learn how auditors assess physical protections, verify environmental monitoring, and test resilience against fire, water, power, and unauthorized entry. You’ll see how physical control failures can directly compromise data security.

Examine how identification, authentication, and authorization work together to protect systems and data. This video explains user provisioning, least privilege, and segregation of duties.

Discover how IS auditors test access management effectiveness through reviews of logs, privilege changes, and recertifications. You’ll learn how to spot weaknesses in both technical and procedural access control systems.

Explore the architecture of secure networks, including firewalls, routers, and intrusion prevention systems. This session explains how perimeter controls protect information flow between trusted and untrusted zones.

Learn about network architectures from an audit perspective. You’ll see how each layer — from transmission media to DMZ design — contributes to confidentiality, integrity, and availability.

A deep dive into firewall and cabling types, as well as expanding on the network architectures.

Learn how DLP technologies detect and block unauthorized data transfers across endpoints, networks, and cloud channels. This session explains how organizations classify data and apply policy-based protection.

Explore how IS auditors review DLP configurations, incident logs, and response workflows. You’ll understand how to test whether sensitive data is monitored, controlled, and reported consistently across the enterprise.

Understand how encryption protects confidentiality and integrity across storage, transmission, and authentication processes. This session introduces symmetric, asymmetric, and hashing algorithms.

Learn how auditors verify encryption controls, key management, and compliance with data protection standards. The video explains common audit challenges, including algorithm selection and lifecycle governance.

Explore the components of PKI — certificates, keys, and authorities — and how they secure communications. This session covers certificate issuance, validation, and revocation.

Learn how auditors assess PKI governance, key escrow, and certificate lifecycle management. You’ll see how weak PKI practices can undermine enterprise authentication and encryption systems.

Review how IaaS, PaaS, and SaaS architectures redefine infrastructure and control responsibility. This session covers hypervisors, virtual machines, and shared-responsibility models.

Discover how auditors evaluate virtualization risks, cloud governance, and third-party compliance. Learn how to verify that data integrity, access, and monitoring controls operate effectively in distributed environments.

Understand how mobility and IoT expand the enterprise perimeter. This session explains wireless protocols, mobile device management, and the unique risks of connected devices.

Learn how IS auditors assess mobile device policies, IoT inventory management, and encryption of wireless data. You’ll see how to identify weaknesses in authentication, configuration, and data transmission.

Explore how awareness programs reduce human error by promoting secure behavior. This session introduces training objectives, delivery methods, and key behavioral risks.

Learn how to evaluate awareness programs using metrics, testing, and feedback loops. You’ll understand how to assess leadership support and continuous improvement practices.

Review common cyberattack categories, from phishing and malware to APTs and insider threats. This session explains how attacks unfold through reconnaissance, exploitation, and persistence.

Discover how organizations use layered defenses, monitoring, and testing to identify and mitigate attacks. Auditors learn how to evaluate detection tools, response readiness, and incident reporting.

Understand how vulnerability scanning, penetration testing, and code review identify system weaknesses. This session covers testing types, tools, and objectives.

Learn how auditors review testing schedules, findings, and remediation tracking. You’ll see how test evidence supports assurance over control effectiveness and compliance.

Explore how logging and monitoring provide real-time visibility into security events. This session covers SIEM systems, log retention, and correlation techniques.

Learn about SOC operations, threat intelligence, and behavioral analytics. The video explains how auditors assess monitoring coverage, alert management, and integration with incident response.