Center for Qualified CyberSecurity Excellence & Mastery

Get Q/ualified!

CISA® Certified Information Security Auditor

The CISA® (Certified Information Security Auditor) certification

The mark of excellence for a professional certification program is the value and recognition it bestows on the individual who achieves it. Since 1978, the Certified Information Systems Auditor (CISA) program, sponsored by ISACA ® , has been the globally accepted standard of achievement among information systems audit, control and security professionals.

The technical skills and practices that CISA promotes and evaluates are the building blocks of success in the field. Possessing the CISA designation demonstrates proficiency and is the basis for measurement in the profession. In addition, it presents a number of professional and personal benefits.

Security Universty Intensive 5-day Certified Information Systems Auditor (CISA) Examination Study Course in preparation for the exams.

For those subject to DoD 8570.01-M "IA Workforce Improvement Program," ISACA's CISA and CISM certifications are among those approved for DoD information assurance (IA) professionals.

To become a Certified Information Systems Auditor (CISA), an applicant must:

  1. Score a passing grade on the CISA exam. A passing score on the CISA exam, without completing the required work experience as outlined below, will only be valid for five years. If the applicant does not meet the CISA certification requirements within the five year period, the passing score will be voided.
  2. Submit verified evidence of five years work experience in the fields of Information Systems Auditing, Control, Assurance or Security. Work experience must be gained within the ten year period preceding the application date for certification or within five years from the date of initially passing the exam.

    Substitutions and waivers of such experience, to a maximum of 3 years, may be obtained as follows:
    • A maximum of one year of information systems OR one year of non-IS auditing experience can be substituted for one year of information systems auditing, control, or security experience;
    • 60 to 120 completed university semester credit hours (the equivalent of a two-year or four-year degree), not limited by the ten year preceding restriction, can be substituted for one or two years, respectively, of information systems auditing, control or security experience. Even if multiple degrees have been earned, a maximum of 2 years can be claimed.
    • A bachelor's or master's degree from a university that enforces the ISACA sponsored Model Curricula can be substituted for one year of information systems auditing, control or security experience. To view a list of these schools, please visit www.isaca.org/modeluniversities. This option cannot be used if three years of experience substitution and educational waiver have already been claimed; and
    • A master's degree in information security or information technology from an accredited university can be substituted for one year of experience.
      Exception: Two years as a full-time university instructor in a related field (e.g.; computer science, accounting, information systems auditing) can be substituted for every one year of information systems auditing, control or security experience.

      As an example, at a minimum (assuming a two-year waiver of experience by substituting 120 university credits) an applicant must have three years of actual work experience. This experience can be completed by:
      • three years information systems audit, control, or security experience; OR
      • two years information systems audit, control, or security experience and one full year non-IS audit or information systems experience or two years as a full-time university instructor.
  3. Agree to abide by the ISACA Code of Professional Ethics.
  4. Agree to abide with Information Systems Standards as adopted by ISACA, which can be viewed at www.isaca.org/standards .
  5. Agree to abide by the CISA Continuing Education Policy, which can be viewed at www.isaca.org/cisacpepolicy .

Instructions for Completion of the Application (Sections A1-A4)

CISA Certification—Code of Professional Ethics

 

CISA Exam Information

The CISA exam is offered annually during the months of June and December.
Register online »

Register for the CISA Exam
CISA Exam Candidate's Guide
Exam Center Locations
Exam Preparation
Self-Assessment
Glossary
Terminology Lists
Frequently Asked Questions

Class Price: $1,995
Time: 9am - 5pm
Location: check schedule Herndon VA
Prerequisites: none
CPE Credits: 40 CPE's
Instructor: Highly Qualified Information Security Manager instructors

What You'll LEARN & DO

 Upon the completion of our CISA Boot Camp, students will know how to:

Some of the content in our CISA training class includes:

A Training Course

Module 1—The IS Audit Process

This module provides a review of the knowledge required of an information systems (IS) audit/assurance professional to ensure that an organization's information technology and business systems are protected and controlled. Also included is a review of IS audit standards, guidelines and best practices.

Topics include:

Module 2—CISA's Role in IT Governance

This module provides a review of the development of sound control practices and mechanisms for management oversight and review required of an information systems (IS) audit/assurance professional who is responsible for providing assurance that an organization has the structure, policies, accountability mechanisms and monitoring practices in place to achieve the requirements of IT governance.

Topics include:

Module 3—CISA's Role in Systems and Infrastructure Life Cycle Management

This module provides a review of the methodologies and processes organizations employ when they develop and change application systems and infrastructure components. Also included is the role of an information systems (IS) audit/assurance professional in providing assurance that management practices meet the organization's objectives for the development/acquisition, testing, implementation, maintenance and disposal of systems and infrastructure.

Topics include:

Module 4—CISA's Role in IT Service Delivery and Support

This module provides a review of service level management practices, including incident and problem management, capacity planning and systems performance monitoring. In addition, the module outlines the role of the IS audit/assurance professional in auditing and reviewing the various aspects of service level management.

Topics include:

Module 5—CISA's Role in Protection of Information Assets

This module provides a review of the key components an IS audit/assurance professional must be aware of to evaluate and ensure an organization's confidentiality, integrity, and availability of information assets including logical and physical access controls, network infrastructure security, environmental controls and other processes and procedures used to maintain security of confidential information assets.

Topics include:

Module 6—CISA's Role in Business Continuity and Disaster Recovery

This module provides a review of the practices and knowledge required of an information systems (IS) audit/assurance professional who is responsible for providing assurance that, in the event of a disruption, the business continuity and disaster recovery processes will ensure the timely resumption of information technology (IT) services, while minimizing the business impact.

Topics include:

What's Included:

Required Prerequisites: