Certified: The ISACA CISA Audio Course
The Bare Metal Cyber CISA Audio Course is a comprehensive, exam-focused podcast designed to help you master every domain of the Certified Information Systems Auditor (CISA) certification. With over 100 tightly structured episodes, this prepcast walks you through key concepts, audit techniques, IT governance, system acquisition, operations, resilience, and information asset protection—all aligned to ISACA’s exam objectives. Whether you're just beginning your study journey or need a high-impact review before test day, this series delivers in-depth instruction, clear explanations, and strategic insights tailored for exam success
- Update frequency
- every day
- Average duration
- 11 minutes
- Episodes
- 105
- Years Active
- 2025
Episode 85: Conducting Post-Audit Follow-Up
The audit is not complete until findings have been addressed. This episode focuses on follow-up activities, including how to verify remediation, reassess risk, and update stakeholders. You will learn…
Episode 84: Communicating Audit Results and Recommendations
Effective communication is a key skill for audit professionals. This episode covers how to present findings clearly, structure audit reports, and develop actionable recommendations. You will also lea…
Episode 83: Applying Project Management in IS Audits
Auditors often lead projects that require formal planning and control. This episode explains how to apply project management principles within the audit context. Topics include scheduling, resourcing…
Episode 82: Conducting Audits According to IS Audit Standards
This episode focuses on ISACA's audit standards and how to apply them during each phase of the audit process. You will learn how to ensure consistency, quality, and ethical conduct in your audits. Ke…
Episode 81: Planning Effective Information Systems Audits
Audit planning is the foundation of a successful engagement. In this episode, you will learn how to define audit scope, assess risk, allocate resources, and align objectives with organizational prior…
Episode 80: Evidence Collection and Digital Forensics
Auditors may need to evaluate how evidence is preserved and used in investigations. This episode introduces forensic readiness, chain of custody, data integrity controls, and tool validation. You wil…
Episode 79: Security Incident Response Management
Incident response is a structured process that minimizes damage and recovers operations. This episode covers detection, escalation, containment, recovery, and reporting. You will learn how to evaluat…
Episode 78: Security Monitoring Tools and Techniques
Ongoing monitoring is vital for detecting and responding to threats. In this episode, you will explore how to evaluate log management, SIEM systems, network monitoring tools, and intrusion detection.…
Episode 77: Security Testing Tools and Techniques
Security testing reveals weaknesses before attackers can exploit them. This episode explains how to audit vulnerability scanning, penetration testing, static code analysis, and system hardening. You …
Episode 76: Information System Attack Methods and Techniques
To audit effectively, you must understand how systems are attacked. This episode introduces common techniques such as phishing, malware, denial of service, and SQL injection. You will learn how to as…
Episode 75: Security Awareness Training and Programs
Human error is a top cause of security breaches. This episode covers how to evaluate security awareness training programs, including content quality, delivery methods, tracking, and feedback mechanis…
Episode 74: Mobile, Wireless, and IoT Device Security
Endpoint diversity brings complexity to audits. In this episode, you will learn how to evaluate controls for mobile devices, wireless networks, and Internet of Things technologies. Topics include enc…
Episode 73: Cloud and Virtualized Environments
Cloud and virtual systems require unique controls and audit approaches. This episode focuses on how to evaluate cloud security, shared responsibility models, virtual machine management, and container…
Episode 72: Public Key Infrastructure (PKI)
Public Key Infrastructure supports digital trust by enabling secure authentication and communication. In this episode, you will learn how to audit PKI components, such as certificate authorities, dig…
Episode 71: Data Encryption Methods and Controls
Encryption is one of the most powerful tools for protecting sensitive data. This episode explains how to audit encryption in transit and at rest, evaluate key management practices, and assess alignme…
Episode 70: Data Loss Prevention
Data loss prevention (DLP) tools and policies help prevent unauthorized exposure of sensitive information. In this episode, you will learn how to evaluate DLP strategy, endpoint protections, outbound…
Episode 69: Network and Endpoint Security
Network and endpoint security controls are essential for protecting IT infrastructure. This episode explains how to audit firewalls, intrusion detection systems, antivirus software, and patching proc…
Episode 68: Identity and Access Management (IAM)
Access control is a critical concept tested throughout the CISA exam. In this episode, you will learn how to audit identity provisioning, authentication mechanisms, access reviews, and privilege mana…
Episode 67: Physical and Environmental Controls
Physical security is a foundational element of protecting information systems. This episode covers perimeter defenses, badge access, fire suppression, climate control, and secure equipment disposal. …
Episode 66: Information Asset Security Frameworks, Standards, and Guidelines
Security frameworks provide the structure for implementing effective controls. In this episode, you will learn how to evaluate ISO 27001, NIST, COBIT, and organizational guidelines. You will also exp…