Certified Information Systems Auditor (CISA)

What is the process to become CISA certified?

There are 4 steps to get ISACA  CISA certified. They are:

• Pass the CISA exam.
• Pay an application processing fee of 50 USD.
• Submit an application and demonstrate that you fulfill the experience requirements.
• Adhere to the code of professional ethics and continuing professional education policy.

What skills will be measured in the Certified Information Systems Auditor certification exam?

You will be tested in the following domains during the exam. The areas follow here along with their weightages:

Information Systems Auditing Process: This section covers 21% of the exam objectives. This includes planning and execution such as risk-based audit planning, types of controls, audits and assessments, business processes, IS audit guidelines, code of ethics, and standards, audit project management, data analytics, communication and reporting techniques, sampling methodology, audit evidence collection, quality assurance and audit process improvement.

IT Management and Governance: This domain covers around 17 % of the exam objectives. IT Governance includes enterprise architecture and risk management, IT standards, procedures, policies, governance, strategy, and related frameworks, maturity models, organizational structure, laws and regulations, and Industry standard impacting the organization whereas IT management carries IT performance monitoring and reporting, resource management, management and service provider acquisition, quality assurance, quality management, and resource management.

Information Systems Operations and Business Resilience: This section will cover 23% of the exam. Information Systems Operations carry systems performance management, database management, problem and incident management, IT service level and asset management, change, release, configuration, and patch management.

Also in Common technology components, system interfaces, end user computing and data governance, job scheduling and production process automation, while business resilience contains business impact analysis, business continuity plan, disaster recovery plans, system resiliency, data backup, storage, and restoration.

Acquisition, Development and Implementation of Information Systems: This covers 12% of the exam questions. Information Systems Development and Acquisition contains project management and governance, system development methodologies, control design and identification, business case and feasibility analysis, while information system implementation carries configuration and release management, infrastructure deployment, data conversion, system migration, testing methodologies, and post-implementation reviews.

Protection of Information Assets: This will cover 27% of the exam objectives. This includes information asset security and control, and security event management. It carries privacy principles, identity and access management, virtualized environments, information asset security frameworks, guidelines, and standards.

And also in Environmental controls, physical access, network and endpoint security, data classification, data encryption and encryption related techniques, Web-based communication techniques, wireless, mobile, IoT devices, and public key infrastructure, while security event management contains security awareness programs and trainings, security testing and monitoring tools and techniques, forensics and evidence collection, incident response management, and information system attack techniques.