CISA® Certified Information Security Auditor
The CISA® (Certified Information Security Auditor) certification
The mark of excellence for a professional certification program is the value and recognition it bestows on the individual who achieves it. Since 1978, the Certified Information Systems Auditor (CISA) program, sponsored by ISACA ® , has been the globally accepted standard of achievement among information systems audit, control and security professionals.
The technical skills and practices that CISA promotes and evaluates are the building blocks of success in the field. Possessing the CISA designation demonstrates proficiency and is the basis for measurement in the profession. In addition, it presents a number of professional and personal benefits.
Security Universty Intensive 5-day Certified Information Systems Auditor (CISA) Examination Study Course in preparation for the exams.
For those subject to DoD 8570.01-M "IA Workforce Improvement Program," ISACA's CISA and CISM certifications are among those approved for DoD information assurance (IA) professionals.
To become a Certified Information Systems Auditor (CISA), an applicant must:
- Score a passing grade on the CISA exam. A passing score on the CISA exam, without completing the required work experience as outlined below, will only be valid for five years. If the applicant does not meet the CISA certification requirements within the five year period, the passing score will be voided.
- Submit verified evidence of five years work experience in the fields of Information Systems Auditing, Control, Assurance or Security. Work experience must be gained within the ten year period preceding the application date for certification or within five years from the date of initially passing the exam.
Substitutions and waivers of such experience, to a maximum of 3 years, may be obtained as follows:
- A maximum of one year of information systems OR one year of non-IS auditing experience can be substituted for one year of information systems auditing, control, or security experience;
- 60 to 120 completed university semester credit hours (the equivalent of a two-year or four-year degree), not limited by the ten year preceding restriction, can be substituted for one or two years, respectively, of information systems auditing, control or security experience. Even if multiple degrees have been earned, a maximum of 2 years can be claimed.
- A bachelor's or master's degree from a university that enforces the ISACA sponsored Model Curricula can be substituted for one year of information systems auditing, control or security experience. To view a list of these schools, please visit www.isaca.org/modeluniversities. This option cannot be used if three years of experience substitution and educational waiver have already been claimed; and
- A master's degree in information security or information technology from an accredited university can be substituted for one year of experience.
Exception: Two years as a full-time university instructor in a related field (e.g.; computer science, accounting, information systems auditing) can be substituted for every one year of information systems auditing, control or security experience.
As an example, at a minimum (assuming a two-year waiver of experience by substituting 120 university credits) an applicant must have three years of actual work experience. This experience can be completed by:
- three years information systems audit, control, or security experience; OR
- two years information systems audit, control, or security experience and one full year non-IS audit or information systems experience or two years as a full-time university instructor.
- Agree to abide by the ISACA Code of Professional Ethics.
- Agree to abide with Information Systems Standards as adopted by ISACA, which can be viewed at www.isaca.org/standards .
- Agree to abide by the CISA Continuing Education Policy, which can be viewed at www.isaca.org/cisacpepolicy .
CISA Exam Information
The CISA exam is offered annually during the months of June and December.
Register online »
Register for the CISA Exam
CISA Exam Candidate's Guide
Exam Center Locations
Frequently Asked Questions
|Time:||9am - 5pm|
|Location:||check schedule Herndon VA|
|CPE Credits:||40 CPE's|
|Instructor:||Highly Qualified Information Security Manager instructors|
What You'll LEARN & DO
Upon the completion of our CISA Boot Camp, students will know how to:
- ISACA IS Auditing Standards, Guidelines and Procedures and Code of Professional Ethics
- Control objectives and controls related to IS
- CoBit controls
- Procedures used to store, retrieve, transport, and dispose of confidential information assets
- Control Self-Assessment (CSA)
- IS auditing practices and techniques
- IT governance frameworks
- Quality management strategies and policies
- Risk management methodologies and tools
- Use of control frameworks (e.g., CobiT, COSO, ISO 17799)
- Practices for monitoring and reporting of IT performance
- Benefits management practices for CISA Certification
- Processes for managing emergency changes to the production systems
- Use of maturity and process improvement models (e.g., CMM, CobiT)
- Contracting strategies, processes and contract management practices
- Control objectives and techniques that ensure the completeness, accuracy, validity, and authorization of transactions and data within IT systems applications
- Enterprise architecture design related to data, applications, and technology
- Acquisition and contract management processes
- System development methodologies and tools and an understanding of their strengths and weaknesses
- Data conversion tools, techniques, and procedures
- Business Impact Analysis (BIA)
- CISA question and answer review
- CISA Training
- Capacity planning & monitoring techniques for CISA Certification Training
Some of the content in our CISA training class includes:
A Training Course
- 02/13 Ch. 1: The IS Audit Process
- 02/27 Ch. 2: IT Governance
- 03/13 Ch. 3: Systems and Infrastructure Life Cycle Management – Part I
- 03/27 Ch. 3: Systems and Infrastructure Life Cycle Management – Part II
- 04/10 Ch. 4: IT Service Delivery and Support
- 05/01 Ch. 5: Protection of Information Assets – Part I
- 05/08 Ch. 5: Protection of Information Assets – Part II
- 05/22 Ch. 6: Business Continuity
Module 1—The IS Audit Process
This module provides a review of the knowledge required of an information systems (IS) audit/assurance professional to ensure that an organization's information technology and business systems are protected and controlled. Also included is a review of IS audit standards, guidelines and best practices.
- ISACA IS Auditing Standards and Guidelines
- IS Auditing Practices and Techniques
- Gathering Information and Preserving Evidence
- Control Objectives and IS-Related Controls
- Risk Assessment in an Audit Context
- Audit Planning and Management Techniques
- Reporting and Communication Techniques
- Control Self-Assessment
Module 2—CISA's Role in IT Governance
This module provides a review of the development of sound control practices and mechanisms for management oversight and review required of an information systems (IS) audit/assurance professional who is responsible for providing assurance that an organization has the structure, policies, accountability mechanisms and monitoring practices in place to achieve the requirements of IT governance.
- IT Governance Basics
- IT Governance Frameworks
- Information Security Policies
- Quality Management Strategies and Practices
- The IT Organization's Roles and Responsibilities
- Enterprise Architecture
- Risk Management
- Process Improvement Models
- IT Contracting Strategies
- Monitoring and Reporting IT Performance
- IT Human Resource Management
- IT Resource Investment and Allocations Practices
Module 3—CISA's Role in Systems and Infrastructure Life Cycle Management
This module provides a review of the methodologies and processes organizations employ when they develop and change application systems and infrastructure components. Also included is the role of an information systems (IS) audit/assurance professional in providing assurance that management practices meet the organization's objectives for the development/acquisition, testing, implementation, maintenance and disposal of systems and infrastructure.
- Benefits Management Practices
- Project Governance Mechanisms
- Project Management Practices, Tools and Control Frameworks
- Risk Management Practices
- Project Success Criteria and Risks
- Configuration, Change and Release Management
- Application Controls
- Enterprise Architecture
- Requirements Analysis
- Acquisition and Contract Management
- System Development Methodologies and Tools
- Quality Assurance Methods
- Managing Testing Processes
- Data Conversion Tools, Techniques and Procedures
- System Disposal
- Certification and Accreditation
- Postimplementation Reviews
- System Migration and Deployment
Module 4—CISA's Role in IT Service Delivery and Support
This module provides a review of service level management practices, including incident and problem management, capacity planning and systems performance monitoring. In addition, the module outlines the role of the IS audit/assurance professional in auditing and reviewing the various aspects of service level management.
- Service Level Management Practices
- Operations Management Best Practices
- Systems Performance Monitoring Processes, Tools and Techniques
- Functionality of Hardware and Network Components
- Database Administration Practices
- System Software Functionality
- Capacity Planning and Monitoring Techniques
- Managing Scheduled and Emergency Changes
- Incident and Problem Management Practices
- Software Licensing and Inventory Practices
- System Resiliency Tools and Techniques
Module 5—CISA's Role in Protection of Information Assets
This module provides a review of the key components an IS audit/assurance professional must be aware of to evaluate and ensure an organization's confidentiality, integrity, and availability of information assets including logical and physical access controls, network infrastructure security, environmental controls and other processes and procedures used to maintain security of confidential information assets.
- Information Security Management
- Logical Access Controls
- Network Infrastructure Security
- Attack Methods and Techniques
- Responding to Security Incidents
- Security Systems and Devices
- Encryption and PKI Components
- Virus Detection Tools and Techniques
- Penetration Testing
- Environmental Protection Practices and Devices
- Physical Security Systems
- Data Classification Schemes
- Voice-Over IP
- Transport and Disposal of Information Assets
- Security of Portable and Wireless Devices
Module 6—CISA's Role in Business Continuity and Disaster Recovery
This module provides a review of the practices and knowledge required of an information systems (IS) audit/assurance professional who is responsible for providing assurance that, in the event of a disruption, the business continuity and disaster recovery processes will ensure the timely resumption of information technology (IT) services, while minimizing the business impact.
- Backup Basics
- Legal Elements
- Business Impact Analysis
- Business Continuity and Disaster Recovery Plans Development and Maintenance
- Business Continuity and Disaster Recovery Plan Testing
- Human Resources Management
- Invoking the Business Continuity Plan
- Alternate Processing and Recovery Strategies
- Access to 50+ online modules totaling 54 hours of training.
- Over 1000 CISA Exam practice questions
- Lecture and Text books.
- Workstation running any Operating System with a web browser
- High Speed Internet Connection