Certified: The ISACA CISA Audio Course

Episode 1: Welcome to the CISA Certification

Dr Jason Edwards — Sun, 06 Jul 2025 11:21:08 -0500

Start your CISA journey with a clear understanding of what the certification is, why it matters, and how it can transform your career in IT audit. This episode introduces the exam's structure, the benefits of certification, and what you can expect from the Prepcast series to help you succeed. Ready to start your journey with confidence? Learn more at BareMetalCyber.com.

Episode 2: Understanding ISACA and Key Resources

Dr Jason Edwards — Sun, 06 Jul 2025 11:22:21 -0500

In this episode, we explore ISACA—the organization behind the CISA—and the essential study tools it provides. You'll learn how to use the official review manual, question database, and support resources to build a winning study strategy aligned with the exam objectives. Ready to start your journey with confidence? Learn more at BareMetalCyber.com.

Episode 3: Proven Strategies for Passing the CISA Exam

Dr Jason Edwards — Sun, 06 Jul 2025 11:23:34 -0500

Get equipped with practical, actionable study strategies to tackle the CISA exam with confidence. This episode covers planning, retention techniques, practice question usage, and how to identify your weak spots before test day. It’s focused entirely on building the habits that lead to success. Ready to start your journey with confidence? Learn more at BareMetalCyber.com.

Episode 4: Critical Exam Tips, Test-taking Strategies, and Common Pitfalls

Dr Jason Edwards — Sun, 06 Jul 2025 11:24:29 -0500

Learn how to avoid the most common CISA exam mistakes and apply time-tested test-taking strategies. From managing time to breaking down tricky questions, this episode is designed to help you stay sharp, focused, and in control during the exam. Ready to start your journey with confidence? Learn more at BareMetalCyber.com.

Episode 5: Final Review – Summary of Key Concepts Across All Domains

Dr Jason Edwards — Sun, 06 Jul 2025 11:26:05 -0500

This episode gives you a high-level review of the most tested concepts across all five CISA domains. If you need a solid refresh or want to verify that your prep is on track, this targeted summary reinforces what you need to know most. Ready to start your journey with confidence? Learn more at BareMetalCyber.com.

Episode 6: Exam-Day Preparation – What to Expect and How to Prepare Mentally

Dr Jason Edwards — Sun, 06 Jul 2025 11:27:37 -0500

Exam day can be stressful, but it doesn’t have to be. This episode walks you through everything from logistics and ID requirements to mental strategies and pacing, so you're ready to perform at your best. Ready to start your journey with confidence? Learn more at BareMetalCyber.com.

Episode 7: Overview of Domain 1 – Information Systems Auditing Process

Dr Jason Edwards — Sun, 06 Jul 2025 11:28:58 -0500

Domain 1 is the foundation of the CISA exam. In this episode, we break down what IS auditing means, how it fits into the bigger picture of IT governance, and what the exam expects you to understand about audit roles, risk, and controls. Ready to start your journey with confidence? Learn more at BareMetalCyber.com.

Episode 8: IS Audit Standards, Guidelines, and Codes of Ethics

Dr Jason Edwards — Sun, 06 Jul 2025 11:30:13 -0500

Know the rules before you’re tested on them. This episode covers the ISACA audit standards and ethics you’ll need to master for Domain 1. You’ll learn what to memorize, how these principles shape audits, and why they matter for exam questions. Ready to start your journey with confidence? Learn more at BareMetalCyber.com.

Episode 9: Types of Audits, Assessments, and Reviews

Dr Jason Edwards — Sun, 06 Jul 2025 11:41:36 -0500

Not all audits are the same. This episode teaches you how to distinguish between audit types—compliance, financial, operational, and more—so you can answer CISA questions with clarity. Learn the nuances that the exam loves to test. Ready to start your journey with confidence? Learn more at BareMetalCyber.com.

Episode 10: Fundamentals of Risk-Based Audit Planning

Dr Jason Edwards — Sun, 06 Jul 2025 11:42:23 -0500

Risk-based planning is at the core of IT auditing and a major theme on the CISA exam. This episode covers how to prioritize audits, identify risks, and design audit scopes that align with business impact—all framed for what you need to know to pass. Ready to start your journey with confidence? Learn more at BareMetalCyber.com.

Episode 11: Advanced Risk Assessment Methods and Practical Examples

Dr Jason Edwards — Sun, 06 Jul 2025 11:43:18 -0500

Understanding risk is a cornerstone of the CISA exam, and this episode takes you beyond the basics. You’ll explore advanced techniques such as scenario-based analysis, quantitative vs. qualitative risk scoring, and how to apply them in real audit environments. Through practical examples, we connect these methods to the types of audit planning decisions you’ll be tested on. This deep dive gives you the context and nuance needed to master complex risk questions on exam day. Ready to start your journey with confidence? Learn more at BareMetalCyber.com.

Episode 12: Types of Controls and Audit Considerations

Dr Jason Edwards — Sun, 06 Jul 2025 11:44:26 -0500

The CISA exam tests your ability to evaluate and differentiate between control types—preventive, detective, corrective, and compensating. This episode breaks down each control category, explains when and how they’re used, and ties them to audit objectives. We also explore the difference between design and operational effectiveness, a key area where exam questions often challenge candidates. If you need to build control fluency, this episode will help you get there. Ready to start your journey with confidence? Learn more at BareMetalCyber.com.

Episode 13: Audit Project Management

Dr Jason Edwards — Sun, 06 Jul 2025 11:45:13 -0500

CISA candidates must not only understand audits—they must also understand how to manage them. This episode outlines the core principles of audit project management, including setting timelines, assigning resources, monitoring progress, and addressing unexpected changes. You’ll learn how to apply project management techniques to real audit environments and understand how these tasks align with ISACA’s exam objectives. It’s a vital listen for mastering Domain 1. Ready to start your journey with confidence? Learn more at BareMetalCyber.com.

Episode 14: Audit Testing and Sampling Methodology

Dr Jason Edwards — Sun, 06 Jul 2025 11:46:04 -0500

Sampling is a heavily tested concept, and many CISA candidates struggle to distinguish between statistical and judgmental sampling. This episode demystifies sampling strategy, explains how to choose the right sample size, and shows you how to interpret sample-based results accurately. You'll also learn how testing ties directly into audit objectives. If you're unsure how to approach audit evidence and sample reliability, this episode is a must. Ready to start your journey with confidence? Learn more at BareMetalCyber.com.

Episode 15: Audit Evidence Collection Techniques

Dr Jason Edwards — Sun, 06 Jul 2025 11:47:22 -0500

Effective audits rely on strong, defensible evidence. In this episode, we explore how to gather evidence using inquiry, observation, inspection, and re-performance. You'll learn how to assess evidence sufficiency, reliability, and relevance—three key terms you’ll see on the exam. We also discuss the auditor’s professional judgment in deciding which method to use and when. These foundational skills are directly mapped to Domain 1 questions. Ready to start your journey with confidence? Learn more at BareMetalCyber.com.

Episode 16: Introduction to Audit Data Analytics Tools and Techniques

Dr Jason Edwards — Sun, 06 Jul 2025 11:48:16 -0500

Modern audits demand more than checklists—they require smart use of data. This episode introduces audit data analytics, explains the types of analytics (descriptive, diagnostic, predictive), and outlines how tools like ACL and IDEA support audit objectives. You’ll also learn how data analytics supports risk-based auditing, improves coverage, and enhances evidence quality—core areas for CISA Domain 1. Ready to start your journey with confidence? Learn more at BareMetalCyber.com.

Episode 17: Practical Applications and Case Studies of Audit Data Analytics

Dr Jason Edwards — Sun, 06 Jul 2025 11:48:50 -0500

To truly master data analytics, you need to see it in action. This episode presents real-world examples and case studies showing how data analytics is used in fraud detection, operational audits, and compliance testing. You’ll understand the workflow from data extraction to final analysis and learn how CISA exam questions might present similar scenarios. It’s a high-value session that connects theory to practice and brings audit data to life. Ready to start your journey with confidence? Learn more at BareMetalCyber.com.

Episode 18: Audit Reporting and Communication Techniques

Dr Jason Edwards — Sun, 06 Jul 2025 11:49:46 -0500

Communicating audit results effectively is critical for both real-world auditors and CISA exam success. This episode teaches you how to write clear findings, structure reports logically, and deliver recommendations that management can act on. We’ll also explore techniques for presenting sensitive results diplomatically—a key soft skill that shows up in audit reporting scenarios on the test. Ready to start your journey with confidence? Learn more at BareMetalCyber.com.

Episode 19: Quality Assurance and Improvement of Audit Processes

Dr Jason Edwards — Sun, 06 Jul 2025 11:50:31 -0500

ISACA expects CISA-certified professionals to uphold audit quality through structured QA practices. In this episode, we explore internal reviews, peer assessments, and continuous improvement models that strengthen the audit function. You'll learn how quality metrics are defined, how findings are tracked, and how QA fits into the professional standards you’ll be tested on. This is a vital component of Domain 1 that every candidate should understand. Ready to start your journey with confidence? Learn more at BareMetalCyber.com.

Episode 20: Overview of Domain 2 – Governance of IT

Dr Jason Edwards — Sun, 06 Jul 2025 11:51:11 -0500

Domain 2 shifts your focus from audit execution to how IT supports business objectives. This episode provides a strategic overview of IT governance principles, roles and responsibilities, and how auditors assess the effectiveness of governance frameworks. You'll gain a preview of the domain’s major topics—including risk management, IT strategy, and compliance—so you can prepare to master this high-impact section of the CISA exam. Ready to start your journey with confidence? Learn more at BareMetalCyber.com.

Episode 21: Overview of Domain 2 – Management of IT

Dr Jason Edwards — Sun, 06 Jul 2025 11:51:54 -0500

Domain 2 doesn’t stop at governance—it also expects you to understand IT management practices. This episode introduces the key responsibilities of IT leaders, including resource allocation, vendor oversight, performance monitoring, and quality assurance. You’ll gain clarity on how management supports governance goals and what you’ll need to know for CISA exam questions on IT operations. Ready to start your journey with confidence? Learn more at BareMetalCyber.com.

Episode 22: Laws, Regulations, and Industry Standards

Dr Jason Edwards — Sun, 06 Jul 2025 11:54:53 -0500

The CISA exam expects you to recognize and apply legal, regulatory, and industry-specific requirements to audit scenarios. This episode explores major compliance drivers like GDPR, HIPAA, and SOX, and explains how auditors assess adherence to these standards. You’ll also learn how to distinguish between laws, regulations, and frameworks—a critical distinction for exam success. Ready to start your journey with confidence? Learn more at BareMetalCyber.com.

Episode 23: Organizational Structure, IT Governance, and IT Strategy

Dr Jason Edwards — Sun, 06 Jul 2025 11:55:54 -0500

A solid grasp of organizational structure is key to evaluating IT governance. This episode walks you through reporting lines, governance committees, roles like CIO and CISO, and how strategy aligns with structure. You’ll also learn what the CISA exam expects you to know about evaluating the effectiveness of governance models. Ready to start your journey with confidence? Learn more at BareMetalCyber.com.

Episode 24: IT Policies, Standards, Procedures, and Practices

Dr Jason Edwards — Sun, 06 Jul 2025 11:56:39 -0500

Policies and standards form the backbone of IT governance, and this episode helps you understand how auditors evaluate their design, communication, and enforcement. You’ll explore the differences between policies, procedures, and guidelines, and how each supports control objectives—critical distinctions the CISA exam frequently tests. Ready to start your journey with confidence? Learn more at BareMetalCyber.com.

Episode 25: Enterprise Architecture and Considerations

Dr Jason Edwards — Sun, 06 Jul 2025 11:57:43 -0500

Enterprise Architecture (EA) connects IT design to business strategy, and the CISA exam wants you to evaluate how well it supports organizational goals. In this episode, you’ll learn the components of EA, including frameworks like TOGAF, and how auditors assess EA governance, integration, and documentation across the enterprise. Ready to start your journey with confidence? Learn more at BareMetalCyber.com.

Episode 26: ERM Frameworks and Principles

Dr Jason Edwards — Sun, 06 Jul 2025 11:58:10 -0500

Enterprise Risk Management (ERM) is a key pillar of IT governance. This episode explains risk frameworks like COSO ERM and ISO 31000 and shows how auditors evaluate the structure, roles, and processes of ERM programs. You’ll gain a clear understanding of how strategic risk management connects with audit objectives on the CISA exam. Ready to start your journey with confidence? Learn more at BareMetalCyber.com.

Episode 27: ERM Implementation and Evaluation Examples

Dr Jason Edwards — Sun, 06 Jul 2025 11:59:03 -0500

Building on the last episode, we now focus on how ERM is implemented and assessed. Through audit-relevant examples, you’ll learn how to evaluate risk ownership, review program maturity, and assess documentation quality. This practical insight will prepare you for case-based questions that test your understanding of ERM in action. Ready to start your journey with confidence? Learn more at BareMetalCyber.com.

Episode 28: Privacy Program and Principles

Dr Jason Edwards — Sun, 06 Jul 2025 11:59:48 -0500

Data privacy is no longer optional—it’s a regulatory and reputational imperative. This episode covers privacy frameworks, laws, and controls auditors must assess during evaluations. You'll also learn how to audit privacy program design, policy enforcement, and data protection measures, all aligned with CISA Domain 2 objectives. Ready to start your journey with confidence? Learn more at BareMetalCyber.com.

Episode 29: Data Governance Program Fundamentals

Dr Jason Edwards — Sun, 06 Jul 2025 12:00:37 -0500

Governance doesn’t stop at systems—it includes data. This episode explores how data is owned, classified, and controlled across the enterprise. You’ll learn how to evaluate governance roles, policies, and procedures related to data quality, security, and accountability, which are all highly relevant to CISA exam questions. Ready to start your journey with confidence? Learn more at BareMetalCyber.com.

Episode 30: Practical Data Classification Techniques and Compliance

Dr Jason Edwards — Sun, 06 Jul 2025 12:01:22 -0500

Data classification is a key input to effective security and compliance auditing. In this episode, you’ll learn how to evaluate classification policies, review labeling and access controls, and understand how classification ties into privacy, retention, and audit scope. It’s a critical concept for mastering both Domains 2 and 5. Ready to start your journey with confidence? Learn more at BareMetalCyber.com.

Episode 31: IT Resource Management

Dr Jason Edwards — Sun, 06 Jul 2025 12:02:07 -0500

Resource management is foundational to IT governance, and the CISA exam tests your ability to evaluate how organizations allocate, monitor, and optimize people, hardware, software, and funding. This episode walks you through how auditors assess resource alignment with business objectives, identify misallocations, and verify that capacity planning is realistic and well-documented. Ready to start your journey with confidence? Learn more at BareMetalCyber.com.

Episode 32: IT Vendor Management

Dr Jason Edwards — Sun, 06 Jul 2025 12:02:39 -0500

Managing third-party risk is a key topic on the CISA exam, and this episode dives into how to audit vendor selection, onboarding, performance evaluation, and contract compliance. You'll learn how to assess risk from service providers, examine contract clarity, and ensure that controls are in place to manage vendor performance effectively across the lifecycle. Ready to start your journey with confidence? Learn more at BareMetalCyber.com.

Episode 33: IT Performance Monitoring and Reporting

Dr Jason Edwards — Sun, 06 Jul 2025 12:03:27 -0500

Audit success depends on knowing how to evaluate IT performance. This episode explains how key performance indicators (KPIs) and reports are used to measure service delivery, support governance goals, and drive corrective action. You’ll learn how to assess the accuracy, relevance, and alignment of performance data with business strategy—just like the CISA exam will test. Ready to start your journey with confidence? Learn more at BareMetalCyber.com.

Episode 34: Quality Assurance and Quality Management of IT

Dr Jason Edwards — Sun, 06 Jul 2025 12:04:12 -0500

The CISA exam expects candidates to understand how IT quality is planned, implemented, and improved over time. This episode covers quality assurance policies, continuous improvement practices, metrics, and reviews. You’ll learn how to audit the effectiveness of IT quality management frameworks and ensure they support reliable and consistent service delivery. Ready to start your journey with confidence? Learn more at BareMetalCyber.com.

Episode 35: Overview of Domain 3 – Information Systems Acquisition, Development & Implementation

Dr Jason Edwards — Sun, 06 Jul 2025 12:04:53 -0500

Domain 3 focuses on the controls and governance involved in acquiring and implementing IT solutions. This episode provides a strategic overview of project governance, system development methodologies, and how these elements align with audit objectives. If you're looking to understand what ISACA expects from auditors in development environments, this is your starting point. Ready to start your journey with confidence? Learn more at BareMetalCyber.com.

Episode 36: Project Governance and Management

Dr Jason Edwards — Sun, 06 Jul 2025 12:05:51 -0500

Project governance ensures IT initiatives deliver value and align with business goals. This episode covers how auditors evaluate project oversight, milestone tracking, risk management, and stakeholder involvement. You'll also learn how to audit project management methodologies like PMBOK and Agile, which the CISA exam often references in Domain 3 scenarios. Ready to start your journey with confidence? Learn more at BareMetalCyber.com.

Episode 37: Business Case and Feasibility Analysis

Dr Jason Edwards — Sun, 06 Jul 2025 12:06:32 -0500

Before a project begins, auditors must evaluate whether it’s justified. This episode focuses on auditing business case development, feasibility assessments, and benefit realization. You'll learn how to assess whether proposed IT investments align with strategic goals and whether cost, risk, and return have been properly considered—core concepts in Domain 3. Ready to start your journey with confidence? Learn more at BareMetalCyber.com.

Episode 38: Waterfall and Traditional SDLC

Dr Jason Edwards — Sun, 06 Jul 2025 12:07:06 -0500

Understanding the traditional software development lifecycle is essential for CISA candidates. This episode explains each phase of the waterfall model and the corresponding audit controls. You'll learn how to evaluate documentation, testing, change controls, and stakeholder approvals, all of which are commonly tested under Domain 3 of the CISA exam. Ready to start your journey with confidence? Learn more at BareMetalCyber.com.

Episode 39: Agile, DevOps, and Modern SDLC Approaches

Dr Jason Edwards — Sun, 06 Jul 2025 12:07:47 -0500

Agile and DevOps are increasingly popular in IT development, and the CISA exam expects you to understand how to audit these environments. This episode explains how control requirements shift in iterative, fast-paced delivery models. You'll learn how to audit sprints, CI/CD pipelines, backlog grooming, and quality gates in flexible but compliant ways. Ready to start your journey with confidence? Learn more at BareMetalCyber.com.

Episode 40: Control Identification and Design

Dr Jason Edwards — Sun, 06 Jul 2025 12:08:15 -0500

Strong control design starts early in the system lifecycle. In this episode, you'll learn how auditors assess whether appropriate controls have been identified and designed during planning, development, and implementation. From input validation to segregation of duties, this session aligns closely with Domain 3 control objectives and audit best practices. Ready to start your journey with confidence? Learn more at BareMetalCyber.com.

Episode 41: System Readiness and Implementation Testing

Dr Jason Edwards — Sun, 06 Jul 2025 12:09:06 -0500

Before a new system goes live, auditors must confirm that it’s ready for production. This episode explains how to evaluate readiness through testing, validation, and stakeholder approvals. You’ll learn how to assess user acceptance testing (UAT), implementation criteria, and go/no-go decisions—all key exam topics in Domain 3. Ready to start your journey with confidence? Learn more at BareMetalCyber.com.

Episode 42: Implementation Configuration and Release Management

Dr Jason Edwards — Sun, 06 Jul 2025 12:09:36 -0500

Poor configuration control can lead to outages, vulnerabilities, and audit findings. In this episode, we cover how to evaluate release planning, version control, rollback procedures, and configuration documentation. You’ll understand how to audit change approvals and production readiness, giving you the tools to answer configuration-related questions with confidence. Ready to start your journey with confidence? Learn more at BareMetalCyber.com.

Episode 43: System Migration, Infrastructure Deployment, and Data Conversion

Dr Jason Edwards — Sun, 06 Jul 2025 12:10:38 -0500

CISA candidates must understand the risks and controls involved in moving systems and data. This episode explains how to audit system migrations, infrastructure rollouts, and data conversion processes. You’ll learn how to identify red flags during transitions and verify that testing, backups, and validation controls are in place. Ready to start your journey with confidence? Learn more at BareMetalCyber.com.

Episode 44: Post-Implementation Review

Dr Jason Edwards — Sun, 06 Jul 2025 12:11:10 -0500

Once a system is deployed, the work isn’t over—auditors still need to assess whether objectives were achieved. This episode teaches you how to conduct a post-implementation review, evaluate project outcomes, assess stakeholder satisfaction, and document lessons learned. It’s a must-know process for Domain 3 exam questions. Ready to start your journey with confidence? Learn more at BareMetalCyber.com.

Episode 45: Overview of Domain 4 – Information Systems Operations & Business Resilience

Dr Jason Edwards — Sun, 06 Jul 2025 12:11:47 -0500

Domain 4 shifts focus to the reliability and sustainability of IT operations. In this episode, you’ll gain an overview of operational controls, availability, service delivery, incident response, and business continuity. We highlight what ISACA wants you to know about managing daily operations and preparing for disruptions. Ready to start your journey with confidence? Learn more at BareMetalCyber.com.

Episode 46: IT Components

Dr Jason Edwards — Sun, 06 Jul 2025 12:12:25 -0500

Understanding the elements that make up the IT environment is essential for audit readiness. This episode breaks down how to evaluate the hardware, software, network, and data assets that support critical business processes. You’ll also learn how to audit system dependencies and asset configuration controls, all mapped to Domain 4 objectives. Ready to start your journey with confidence? Learn more at BareMetalCyber.com.

Episode 47: IT Asset Management

Dr Jason Edwards — Sun, 06 Jul 2025 12:12:58 -0500

IT asset management is more than keeping an inventory—it’s about control, accountability, and lifecycle oversight. In this episode, you’ll learn how to audit asset acquisition, tagging, usage, and disposal. We also explore how asset management intersects with compliance and risk, making it a key topic for your CISA exam prep. Ready to start your journey with confidence? Learn more at BareMetalCyber.com.

Episode 48: Job Scheduling and Production Process Automation

Dr Jason Edwards — Sun, 06 Jul 2025 12:13:29 -0500

This episode covers how auditors evaluate job scheduling systems, batch processing, and automated task workflows. You’ll learn how to assess controls for error handling, reprocessing, and change approval—all of which are frequently tested in Domain 4 scenarios involving IT operations and reliability. Ready to start your journey with confidence? Learn more at BareMetalCyber.com.

Episode 49: System Interfaces

Dr Jason Edwards — Sun, 06 Jul 2025 12:14:06 -0500

When systems talk to each other, auditors must ensure that the communication is controlled and secure. This episode explores interface types (manual and automated), error checking, data reconciliation, and exception handling. You’ll gain clarity on how to audit inter-system interactions—knowledge that’s essential for Domain 4. Ready to start your journey with confidence? Learn more at BareMetalCyber.com.

Episode 50: Shadow IT and End-User Computing

Dr Jason Edwards — Sun, 06 Jul 2025 12:15:00 -0500

Shadow IT introduces risk outside the view of central IT. In this episode, you will learn how to identify and audit unauthorized tools, spreadsheets, applications, and systems created by business units. We also cover end-user computing controls, policies, and monitoring, which are increasingly tested in Domain 4 scenarios. Ready to start your journey with confidence? Learn more at BareMetalCyber.com.

Episode 51: Systems Availability and Capacity Management

Dr Jason Edwards — Sun, 06 Jul 2025 12:15:34 -0500

Auditors must verify that IT systems are designed and managed to meet performance demands. This episode explores how to evaluate availability strategies, capacity planning, monitoring tools, and escalation processes. Learn how these elements support operational resilience and how they appear in Domain 4 exam questions. Ready to start your journey with confidence? Learn more at BareMetalCyber.com.

Episode 52: Incident Management Best Practices

Dr Jason Edwards — Sun, 06 Jul 2025 12:15:59 -0500

When things go wrong, incident management ensures that services are restored quickly and effectively. This episode explains how to audit detection procedures, escalation paths, incident logs, and resolution workflows. You will learn how incident response aligns with audit standards and how these topics are framed in the CISA exam. Ready to start your journey with confidence? Learn more at BareMetalCyber.com.

Episode 53: Problem Management and Root Cause Analysis

Dr Jason Edwards — Sun, 06 Jul 2025 12:16:37 -0500

Problem management focuses on eliminating the underlying causes of incidents. In this episode, you will learn how to audit problem detection, investigation, root cause analysis, and resolution tracking. We also cover the importance of documentation and trend analysis, which are key areas for Domain 4 exam preparation. Ready to start your journey with confidence? Learn more at BareMetalCyber.com.

Episode 54: Change Management Processes

Dr Jason Edwards — Sun, 06 Jul 2025 12:17:00 -0500

Effective change management minimizes disruption and maintains control over the IT environment. This episode walks you through change request procedures, approval workflows, emergency change handling, and audit trail verification. Mastering these elements is essential for answering CISA questions on change governance. Ready to start your journey with confidence? Learn more at BareMetalCyber.com.

Episode 55: Configuration and Patch Management Processes

Dr Jason Edwards — Sun, 06 Jul 2025 12:17:45 -0500

Configuration and patch controls are essential for system stability and security. In this episode, you will learn how to audit configuration baselines, patch deployment processes, exception handling, and rollback procedures. These controls are highly relevant for questions involving system hardening and change assurance. Ready to start your journey with confidence? Learn more at BareMetalCyber.com.

Episode 56: Operational Log Management

Dr Jason Edwards — Sun, 06 Jul 2025 12:18:14 -0500

Logs provide critical evidence for detecting incidents and monitoring system health. This episode explains how to audit log collection, retention, analysis, and alerting mechanisms. You will also learn how auditors evaluate whether logs support accountability, forensics, and compliance with organizational policies. Ready to start your journey with confidence? Learn more at BareMetalCyber.com.

Episode 57: IT Service Level Management

Dr Jason Edwards — Sun, 06 Jul 2025 12:18:44 -0500

Service level agreements define performance expectations between IT and the business. In this episode, you will learn how to audit SLA creation, monitoring, breach handling, and vendor service reporting. These concepts are tested frequently in Domain 4, especially in questions that examine governance and performance alignment. Ready to start your journey with confidence? Learn more at BareMetalCyber.com.

Episode 58: Database Management Practices

Dr Jason Edwards — Sun, 06 Jul 2025 12:19:15 -0500

Databases are central to most IT operations, and auditors must ensure they are managed securely and efficiently. This episode covers access controls, backup procedures, configuration changes, and performance optimization. You will gain insight into how to audit database environments using the lens of confidentiality, integrity, and availability. Ready to start your journey with confidence? Learn more at BareMetalCyber.com.

Episode 59: Overview of Business Resilience

Dr Jason Edwards — Sun, 06 Jul 2025 12:20:05 -0500

Business resilience ensures that critical operations can continue through disruption. This episode introduces the core concepts of business continuity, disaster recovery, redundancy, and failover. You will learn how to evaluate resilience strategies and how they relate to the audit objectives covered in Domain 4 and beyond. Ready to start your journey with confidence? Learn more at BareMetalCyber.com.

Episode 60: Conducting a Business Impact Analysis (BIA)

Dr Jason Edwards — Sun, 06 Jul 2025 12:20:51 -0500

The business impact analysis is a foundational activity in resilience planning. In this episode, you will learn how to audit BIA processes, assess documentation of critical functions, and evaluate recovery time and recovery point objectives. CISA candidates must understand how to validate BIA results and tie them to continuity plans. Ready to start your journey with confidence? Learn more at BareMetalCyber.com.

Episode 61: System and Operational Resilience

Dr Jason Edwards — Sun, 06 Jul 2025 12:21:29 -0500

Operational resilience is about sustaining essential services under stress. This episode explains how auditors evaluate systems for fault tolerance, high availability, and continuous operation. You will learn how to assess risk mitigation strategies, redundancy planning, and the effectiveness of proactive monitoring. These areas are core to Domain 4 exam questions. Ready to start your journey with confidence? Learn more at BareMetalCyber.com.

Episode 62: Data Backup, Storage, and Restoration Practices

Dr Jason Edwards — Sun, 06 Jul 2025 12:21:56 -0500

Backup and restoration processes are critical for protecting data integrity and ensuring continuity. In this episode, you will learn how to evaluate backup frequency, storage media security, offsite storage protocols, and restoration testing. Understanding these controls is essential for CISA exam topics related to recovery readiness and operational risk. Ready to start your journey with confidence? Learn more at BareMetalCyber.com.

Episode 63: Developing and Maintaining a Business Continuity Plan

Dr Jason Edwards — Sun, 06 Jul 2025 12:22:47 -0500

Business continuity planning ensures the organization can operate during and after disruptions. This episode explains how auditors evaluate continuity plan development, critical process identification, training, and documentation. You will also learn how plans are tested and updated to remain effective under real-world conditions. Ready to start your journey with confidence? Learn more at BareMetalCyber.com.

Episode 64: Disaster Recovery Planning Fundamentals

Dr Jason Edwards — Sun, 06 Jul 2025 12:23:27 -0500

Disaster recovery focuses on restoring IT systems after an outage or catastrophic event. In this episode, you will learn how to audit DR plans, assess backup infrastructure, evaluate recovery site readiness, and verify testing procedures. DR planning is a key area of the CISA exam, especially for questions on system availability and continuity. Ready to start your journey with confidence? Learn more at BareMetalCyber.com.

Episode 65: Overview of Domain 5 – Protection of Information Assets

Dr Jason Edwards — Sun, 06 Jul 2025 12:23:59 -0500

Domain 5 is all about securing information against unauthorized access, alteration, or loss. This episode provides a strategic overview of confidentiality, integrity, and availability principles and introduces the areas covered by this domain. You will see how security audits connect with governance, operations, and compliance. Ready to start your journey with confidence? Learn more at BareMetalCyber.com.

Episode 66: Information Asset Security Frameworks, Standards, and Guidelines

Dr Jason Edwards — Sun, 06 Jul 2025 12:30:15 -0500

Security frameworks provide the structure for implementing effective controls. In this episode, you will learn how to evaluate ISO 27001, NIST, COBIT, and organizational guidelines. You will also explore how auditors assess alignment with policies and determine whether information protection is governed effectively. Ready to start your journey with confidence? Learn more at BareMetalCyber.com.

Episode 67: Physical and Environmental Controls

Dr Jason Edwards — Sun, 06 Jul 2025 12:30:45 -0500

Physical security is a foundational element of protecting information systems. This episode covers perimeter defenses, badge access, fire suppression, climate control, and secure equipment disposal. You will learn how to evaluate the effectiveness of these controls and how questions about physical risks show up on the CISA exam. Ready to start your journey with confidence? Learn more at BareMetalCyber.com.

Episode 68: Identity and Access Management (IAM)

Dr Jason Edwards — Sun, 06 Jul 2025 12:31:44 -0500

Access control is a critical concept tested throughout the CISA exam. In this episode, you will learn how to audit identity provisioning, authentication mechanisms, access reviews, and privilege management. Understanding IAM controls will help you confidently address scenarios involving security, compliance, and fraud prevention. Ready to start your journey with confidence? Learn more at BareMetalCyber.com.

Episode 69: Network and Endpoint Security

Dr Jason Edwards — Sun, 06 Jul 2025 12:32:23 -0500

Network and endpoint security controls are essential for protecting IT infrastructure. This episode explains how to audit firewalls, intrusion detection systems, antivirus software, and patching procedures. You will also learn how to assess monitoring practices and system hardening strategies for Domain 5. Ready to start your journey with confidence? Learn more at BareMetalCyber.com.

Episode 70: Data Loss Prevention

Dr Jason Edwards — Sun, 06 Jul 2025 12:32:55 -0500

Data loss prevention (DLP) tools and policies help prevent unauthorized exposure of sensitive information. In this episode, you will learn how to evaluate DLP strategy, endpoint protections, outbound filtering, and audit logging. This is a highly tested topic that connects information protection with compliance and incident response. Ready to start your journey with confidence? Learn more at BareMetalCyber.com.

Episode 71: Data Encryption Methods and Controls

Dr Jason Edwards — Sun, 06 Jul 2025 12:33:31 -0500

Encryption is one of the most powerful tools for protecting sensitive data. This episode explains how to audit encryption in transit and at rest, evaluate key management practices, and assess alignment with organizational policies and legal requirements. These concepts are essential for Domain 5 and appear frequently in security-related CISA exam questions. Ready to start your journey with confidence? Learn more at BareMetalCyber.com.

Episode 72: Public Key Infrastructure (PKI)

Dr Jason Edwards — Sun, 06 Jul 2025 12:34:12 -0500

Public Key Infrastructure supports digital trust by enabling secure authentication and communication. In this episode, you will learn how to audit PKI components, such as certificate authorities, digital signatures, and key lifecycles. Understanding how PKI works and how to evaluate its controls is vital for passing Domain 5. Ready to start your journey with confidence? Learn more at BareMetalCyber.com.

Episode 73: Cloud and Virtualized Environments

Dr Jason Edwards — Sun, 06 Jul 2025 12:34:50 -0500

Cloud and virtual systems require unique controls and audit approaches. This episode focuses on how to evaluate cloud security, shared responsibility models, virtual machine management, and containerization. You will also explore how to assess compliance and data protection within cloud-based infrastructures. Ready to start your journey with confidence? Learn more at BareMetalCyber.com.

Episode 74: Mobile, Wireless, and IoT Device Security

Dr Jason Edwards — Sun, 06 Jul 2025 12:35:25 -0500

Endpoint diversity brings complexity to audits. In this episode, you will learn how to evaluate controls for mobile devices, wireless networks, and Internet of Things technologies. Topics include encryption, mobile device management, authentication, and endpoint hardening, all of which are relevant to CISA Domain 5. Ready to start your journey with confidence? Learn more at BareMetalCyber.com.

Episode 75: Security Awareness Training and Programs

Dr Jason Edwards — Sun, 06 Jul 2025 12:36:12 -0500

Human error is a top cause of security breaches. This episode covers how to evaluate security awareness training programs, including content quality, delivery methods, tracking, and feedback mechanisms. You will also learn how to link training effectiveness with audit findings and policy compliance. Ready to start your journey with confidence? Learn more at BareMetalCyber.com.

Episode 76: Information System Attack Methods and Techniques

Dr Jason Edwards — Sun, 06 Jul 2025 12:39:31 -0500

To audit effectively, you must understand how systems are attacked. This episode introduces common techniques such as phishing, malware, denial of service, and SQL injection. You will learn how to assess organizational preparedness and how this knowledge applies to audit procedures and CISA scenario questions. Ready to start your journey with confidence? Learn more at BareMetalCyber.com.

Episode 77: Security Testing Tools and Techniques

Dr Jason Edwards — Sun, 06 Jul 2025 12:40:10 -0500

Security testing reveals weaknesses before attackers can exploit them. This episode explains how to audit vulnerability scanning, penetration testing, static code analysis, and system hardening. You will also learn how to interpret test results and validate remediation, which are common elements in Domain 5 questions. Ready to start your journey with confidence? Learn more at BareMetalCyber.com.

Episode 78: Security Monitoring Tools and Techniques

Dr Jason Edwards — Sun, 06 Jul 2025 12:41:05 -0500

Ongoing monitoring is vital for detecting and responding to threats. In this episode, you will explore how to evaluate log management, SIEM systems, network monitoring tools, and intrusion detection. Auditors must assess coverage, alerting capabilities, and response documentation to support Domain 5 objectives. Ready to start your journey with confidence? Learn more at BareMetalCyber.com.

Episode 79: Security Incident Response Management

Dr Jason Edwards — Sun, 06 Jul 2025 12:45:36 -0500

Incident response is a structured process that minimizes damage and recovers operations. This episode covers detection, escalation, containment, recovery, and reporting. You will learn how to evaluate incident handling procedures, assess team readiness, and align response plans with audit requirements. Ready to start your journey with confidence? Learn more at BareMetalCyber.com.

Episode 80: Evidence Collection and Digital Forensics

Dr Jason Edwards — Sun, 06 Jul 2025 12:46:16 -0500

Auditors may need to evaluate how evidence is preserved and used in investigations. This episode introduces forensic readiness, chain of custody, data integrity controls, and tool validation. You will also explore how forensic practices align with legal requirements and audit objectives in Domain 5. Ready to start your journey with confidence? Learn more at BareMetalCyber.com.

Episode 81: Planning Effective Information Systems Audits

Dr Jason Edwards — Sun, 06 Jul 2025 12:46:46 -0500

Audit planning is the foundation of a successful engagement. In this episode, you will learn how to define audit scope, assess risk, allocate resources, and align objectives with organizational priorities. The CISA exam emphasizes your ability to create structured, risk-based audit plans that support clear execution. Ready to start your journey with confidence? Learn more at BareMetalCyber.com.

Episode 82: Conducting Audits According to IS Audit Standards

Dr Jason Edwards — Sun, 06 Jul 2025 12:47:45 -0500

This episode focuses on ISACA's audit standards and how to apply them during each phase of the audit process. You will learn how to ensure consistency, quality, and ethical conduct in your audits. Key topics include evidence collection, documentation, communication, and stakeholder engagement, all of which are tested on the CISA exam. Ready to start your journey with confidence? Learn more at BareMetalCyber.com.

Episode 83: Applying Project Management in IS Audits

Dr Jason Edwards — Sun, 06 Jul 2025 12:48:24 -0500

Auditors often lead projects that require formal planning and control. This episode explains how to apply project management principles within the audit context. Topics include scheduling, resourcing, risk management, and change tracking, all of which help auditors deliver results efficiently and are emphasized in the CISA exam. Ready to start your journey with confidence? Learn more at BareMetalCyber.com.

Episode 84: Communicating Audit Results and Recommendations

Dr Jason Edwards — Sun, 06 Jul 2025 12:49:21 -0500

Effective communication is a key skill for audit professionals. This episode covers how to present findings clearly, structure audit reports, and develop actionable recommendations. You will also learn how to handle disagreements with stakeholders and follow up on implementation, all of which are part of ISACA’s expectations. Ready to start your journey with confidence? Learn more at BareMetalCyber.com.

Episode 85: Conducting Post-Audit Follow-Up

Dr Jason Edwards — Sun, 06 Jul 2025 12:49:55 -0500

The audit is not complete until findings have been addressed. This episode focuses on follow-up activities, including how to verify remediation, reassess risk, and update stakeholders. You will learn how to document follow-up results and integrate them into future audit planning, a key topic for CISA candidates. Ready to start your journey with confidence? Learn more at BareMetalCyber.com.

Episode 86: Utilizing Data Analytics in Auditing

Dr Jason Edwards — Sun, 06 Jul 2025 12:50:28 -0500

Data analytics is transforming how audits are conducted. In this episode, you will explore how to apply analytic tools for risk assessment, control testing, and anomaly detection. You will also learn how to evaluate data quality and integrate analytics into audit workflows, aligning with CISA’s emphasis on technology-enabled audits. Ready to start your journey with confidence? Learn more at BareMetalCyber.com.

Episode 87: Evaluating Automation and Decision-Making Systems

Dr Jason Edwards — Sun, 06 Jul 2025 12:51:08 -0500

Automated systems introduce unique risks and controls. This episode teaches you how to audit robotic process automation, decision engines, AI tools, and algorithmic logic. You will learn how to assess governance, bias, and control design in technology-driven environments, which are increasingly tested on the CISA exam. Ready to start your journey with confidence? Learn more at BareMetalCyber.com.

Episode 88: Quality Assurance and Improvement of Audit Processes

Dr Jason Edwards — Sun, 06 Jul 2025 12:51:58 -0500

Audit functions must be continuously evaluated and improved. This episode covers quality assurance techniques including internal assessments, external reviews, performance metrics, and lessons learned. You will learn how to audit the audit function itself and ensure compliance with professional standards. Ready to start your journey with confidence? Learn more at BareMetalCyber.com.

Episode 89: Evaluating IT Strategy Alignment

Dr Jason Edwards — Sun, 06 Jul 2025 12:52:22 -0500

IT strategy must support business goals and risk tolerance. In this episode, you will learn how to assess whether IT initiatives are aligned with enterprise objectives, supported by governance, and tracked with appropriate metrics. Strategic alignment is a frequent theme in Domain 2 and appears in exam scenarios involving IT oversight. Ready to start your journey with confidence? Learn more at BareMetalCyber.com.

Episode 90: Evaluating IT Governance Effectiveness

Dr Jason Edwards — Sun, 06 Jul 2025 12:53:09 -0500

Strong governance ensures that IT delivers value and manages risk. This episode explains how to evaluate governance frameworks, board oversight, decision-making processes, and policy enforcement. You will also explore the relationship between governance maturity and audit planning as emphasized in the CISA exam. Ready to start your journey with confidence? Learn more at BareMetalCyber.com.

Episode 91: Evaluating IT Resource and Project Management Alignment

Dr Jason Edwards — Sun, 06 Jul 2025 12:56:20 -0500

To succeed on the CISA exam, you must be able to assess whether IT resources and project management practices support enterprise objectives. This episode walks through how to evaluate resource allocation, project portfolio oversight, scheduling practices, and strategic alignment. You will also learn how to identify gaps in resource governance that auditors are expected to flag. Ready to start your journey with confidence? Learn more at BareMetalCyber.com.

Episode 92: Evaluating Ownership of IT Risks, Controls, and Standards

Dr Jason Edwards — Sun, 06 Jul 2025 12:56:53 -0500

Effective risk management requires clearly assigned ownership. In this episode, you will learn how to evaluate whether an organization has defined responsibility for IT risks, control implementation, and compliance with internal standards. Understanding ownership structure is a critical aspect of governance and frequently appears in CISA scenarios that test accountability. Ready to start your journey with confidence? Learn more at BareMetalCyber.com.

Episode 93: Evaluating IT Key Performance and Risk Indicators

Dr Jason Edwards — Sun, 06 Jul 2025 12:57:32 -0500

Key performance and risk indicators provide insight into IT effectiveness and exposure. This episode teaches you how to evaluate how KPIs and KRIs are selected, monitored, and used to guide decision-making. You will learn how auditors validate metric accuracy, relevance, and consistency with business goals, all of which are crucial for mastering Domain 2. Ready to start your journey with confidence? Learn more at BareMetalCyber.com.

Episode 94: Evaluating IT Vendor Selection and Contract Management

Dr Jason Edwards — Sun, 06 Jul 2025 12:58:14 -0500

Auditors play an essential role in verifying that vendor selection and contract oversight meet organizational, legal, and regulatory expectations. In this episode, you will learn how to evaluate procurement criteria, due diligence processes, contract terms, and ongoing monitoring practices. These concepts are frequently tested on the CISA exam in questions involving third-party risk. Ready to start your journey with confidence? Learn more at BareMetalCyber.com.

Episode 95: Evaluating Supply Chain Risk and Integrity Issues

Dr Jason Edwards — Sun, 06 Jul 2025 12:58:46 -0500

Modern IT environments rely on complex supply chains that must be evaluated for risk. This episode explores how to assess supplier integrity, dependency risk, cybersecurity posture, and fraud potential. You will also learn how to verify controls over third-party access and subcontractors, all of which are relevant for audit scenarios on the CISA exam. Ready to start your journey with confidence? Learn more at BareMetalCyber.com.

Episode 96: Evaluating End-User Support Processes

Dr Jason Edwards — Sun, 06 Jul 2025 12:59:21 -0500

Supporting end users requires processes that are responsive, secure, and well-documented. This episode focuses on how to audit help desk operations, ticket resolution, escalation paths, and training services. You will also learn how to evaluate whether support metrics align with service level expectations and risk management goals. Ready to start your journey with confidence? Learn more at BareMetalCyber.com.

Episode 97: Evaluating Enterprise Architecture Alignment

Dr Jason Edwards — Sun, 06 Jul 2025 12:59:59 -0500

Enterprise architecture must align with organizational strategy to ensure long-term IT value. This episode teaches you how to assess architectural documentation, governance processes, technology standards, and decision-making roles. You will also explore how to audit EA for strategic alignment and integration with enterprise risk management. Ready to start your journey with confidence? Learn more at BareMetalCyber.com.

Episode 98: Evaluating IT Operations and Maintenance Practices

Dr Jason Edwards — Sun, 06 Jul 2025 13:00:45 -0500

Operations and maintenance are critical to IT service delivery and risk control. In this episode, you will learn how to audit operational support, preventive maintenance routines, service management processes, and monitoring controls. The CISA exam frequently tests your ability to identify deficiencies in daily IT operations. Ready to start your journey with confidence? Learn more at BareMetalCyber.com.

Episode 99: Evaluating Data Governance Program

Dr Jason Edwards — Sun, 06 Jul 2025 13:01:16 -0500

Data governance defines how information is managed, secured, and used. This episode covers how to evaluate data ownership, stewardship, classification, and lifecycle controls. You will learn how auditors assess alignment with policies and regulatory requirements, making this a key episode for Domain 2 and Domain 5 exam success. Ready to start your journey with confidence? Learn more at BareMetalCyber.com.

Episode 100: Evaluating Privacy and Data Classification Programs

Dr Jason Edwards — Sun, 06 Jul 2025 13:01:54 -0500

Privacy and data classification are integral to protecting information assets. This episode explains how to audit privacy frameworks, policy enforcement, classification schemes, and data-handling procedures. You will also learn how to assess program maturity and legal compliance, which are critical for high-scoring performance on the CISA exam. Ready to start your journey with confidence? Learn more at BareMetalCyber.com.

Episode 101: Evaluating Policies Related to IT Asset Lifecycle Management

Dr Jason Edwards — Sun, 06 Jul 2025 13:02:19 -0500

IT assets require controls from acquisition through disposal. In this episode, you will learn how to evaluate lifecycle policies, including procurement, tagging, usage, reassignment, retirement, and data sanitization. These areas are tested in Domain 4 and require auditors to verify asset traceability, accountability, and risk mitigation. Ready to start your journey with confidence? Learn more at BareMetalCyber.com.

Episode 102: Evaluating Shadow IT Risks and Controls

Dr Jason Edwards — Sun, 06 Jul 2025 13:03:13 -0500

Shadow IT introduces risk outside of sanctioned governance. This episode teaches you how to audit unsanctioned applications, unauthorized system use, and spreadsheet-based end-user tools. You will also learn how to identify detection methods, review compensating controls, and evaluate policies to reduce shadow IT exposure—skills that frequently appear on the CISA exam. Ready to start your journey with confidence? Learn more at BareMetalCyber.com.

Episode 103: Evaluating Threat and Vulnerability Management

Dr Jason Edwards — Sun, 06 Jul 2025 13:03:46 -0500

Organizations must proactively manage threats and vulnerabilities to remain secure. This episode covers how to audit threat intelligence collection, vulnerability assessments, scanning schedules, remediation timelines, and patch prioritization. You will also learn how to tie findings to control effectiveness and audit risk—core tasks for CISA candidates in Domain 5. Ready to start your journey with confidence? Learn more at BareMetalCyber.com.

Episode 104: Providing Guidance on Information Systems Quality Improvement

Dr Jason Edwards — Sun, 06 Jul 2025 13:04:28 -0500

Auditors are expected to identify improvement opportunities and support quality initiatives. In this episode, you will learn how to evaluate continuous improvement programs, recommend control enhancements, and review post-audit actions. You will also explore how these contributions strengthen governance and demonstrate audit value on the CISA exam. Ready to start your journey with confidence? Learn more at BareMetalCyber.com.

Episode 105: Evaluating Risks of Emerging Technologies and Practices

Dr Jason Edwards — Sun, 06 Jul 2025 13:04:54 -0500

Staying ahead of risk means understanding new technologies and trends. This episode focuses on how to evaluate emerging threats related to artificial intelligence, blockchain, edge computing, and evolving regulatory landscapes. You will learn how to audit control readiness, policy alignment, and adoption strategies—essential knowledge for CISA questions on innovation risk. Ready to start your journey with confidence? Learn more at BareMetalCyber.com.

Welcome to the ISACA CISA Certification

Dr Jason Edwards — Mon, 13 Oct 2025 22:42:32 -0500

Dive into a fast, no-fluff overview of what this podcast delivers, who it’s for, and how each episode helps you level up with practical, real-world takeaways. In this trailer, you’ll hear the show’s promise, the format you can expect, and a sneak peek at the kinds of stories, tips, and expert insights coming your way. Hit follow to get new episodes as they drop and start listening smarter from day one.