Certified information Systems Auditor (CISA)

Certify to Stay Ahead among Peers

Certified Information Systems Auditor (CISA) is a globally recognized certification issued by the Information Systems Audit and Control Association (ISACA). CISA Certification exam is intended to demonstrate the performance of IT/IS audit professionals to manage, monitor and secure the Information Technology and business systems of the organization.

Certified CISA Certification professionals will earn the salary nearly between $52,459 and $122,326 per year. With its raising demand in global market it’s said nearly more than 27,000 IT professionals are taking the certification every year.

CISA reviews the applicant’s knowledge and skills in assessing vulnerabilities and introducing IT controls into the organization.

The certification is designed focusing the knowledge of candidates in 5 main domains

  • Information System Auditing Process (21%)
  • Governance and Management of IT (17%)
  • Information Systems Acquisition, Development and implementation (12%)
  • Information Systems Operations and Business Resilience (23%)
  • Protection of Information Assets (27%)

These modules include the complete evaluation from information security policies, standards, and processes to designing, implementing, and monitoring various controls like system and logical security controls, data classification processes, and physical access and environmental controls.

Exam Details

Format – 150 Multiple Choice Questions
Pass – 450 marks
Time – 240 Minute
Test Method – Test Center
Language – English, Japanese, Korean, Chinese, German, French, Italian, Spanish, Turkish

Prerequisites

  • Minimum 5 years’ experience in IS/IT Audit, Control, Security and Assurance
  • Minimum 3 years’ substitute Experience is available based on work experience

Target Audience

  • IS/IT Auditors
  • Security Professionals
  • IS/IT Consultants
  • Non-IT Auditors
  • IS/IT Audit Managers

Recertification

CISA Certifications are valid for 3 years and the candidates need to update their CPE hours throughout these 3 years to fit ISACA requirements to maintain CISA.

The candidates must get 20 hours CPE per year and 120 hours CPE for 3 years. Failure to maintain the CPE hours will result in certificate revocation.

Analytic Figures

$ 105k + Avg Salary
20% increase in Potential Boost
150k certification holders every year

Syllabus

Module 01 - The Process of Auditing Information Systems
  • Introduction
  • Audit Process
  • Auditing Standards
  • Auditing Guidelines
  • Cobit Model
  • Audit Management
  • Internal Control Classifications
  • Planning
  • Program
  • Evidence
  • Audit Control Evaluation
  • C S A Control Self- Assessment
Module 2- Governance and Management of IT
  • IT Governance
  • Outsourcing And Governance
  • IT Strategy
  • Governance And Security Policies
  • Organizational Compliance
  • Outsourcing And Globalization
  • Outsourcing
  • IT Performance
Module 03 - Information Systems Acquisition, Development and Implementation
  • System And Infrastructure
  • Requirements
  • Project Management Tools- Part 1
  • Project Management Tools- Part 2
  • Applications
  • Agile Development
  • Monitoring And Controlling
  • Acquisition Process
  • Testing Process
  • Information Systems Maintenance Practices
  • Data Conversion Tools
Module 04 - Information Systems Operations, Maintenance and Support
  • Media Disposal Process
  • Post Implementation Review
  • Periodic Review
  • System Maintenance
Module 05 - Protection of Information Assets
  • IT Service Delivery And Support
  • How To Evalutate Service Level Management Practices
  • Operations Management
  • Databases
  • Structured Query Language
  • Monitoring Performance
  • Source Code And Performance Monitoring
  • Patch Management
  • Incident Management
  • Hardware Component Types
  • Network Component Types
Module 06
  • 1. S Auditor Technical Overview
  • 2. Security Design
  • 3. Monitoring Systems
  • 4. Types Of Attacks
  • 5. Cryptography
  • 6. Encryption
  • 7. Asymmetric Encryption
  • 8. Digital Certificate
  • 9. Different Kinds Of Attacks
  • 10. Access Controls
  • 11. Identification And Authentication
  • 12. Physical Access Exposure
  • 13. Environmental Security
  • 14. Network Security Devices And Network Components
  • 15. Network Address Translation
  • 16. Virtual Private Networks
  • 17. Voice System Risks
  • 18. Intrusion Detection
  • 19. Firewalls
  • 20. Firewall Implementation
  • 21. Network Access Protection
  • 22. Honey Pot
  • 23. Risks To Portable And Wireless Devices
  • 24. Bluetooth
  • 25. OSI Networking
  • 26. Managing Data
Module 07
  • 1. Business Continuity And Disaster Recovery
  • 2. Fault Tolerance
  • 3. Business Continuity And Disaster Recovery Regulations