Certified Information System Auditor (CISA) Domain(s) Overview & Exam Material


Earning a Certified Information System Auditor (CISA) certification is a sound career advancement strategy for those who perform (or wish to perform) audits, control activities, monitoring and assessing information technology and business systems.

Regarded as the preferred information systems (IS) audit certification program by individuals and organizations around the world, the CISA, as with any meaningful achievement, requires a great deal of commitment, dedication and resilience.

AWS Builder Community Hub

During the exam, candidates must answer 150 questions from job practice areas, organized into five domains, within four hours or less. The whole idea behind the CISA certification is making sure professionals, such as IT auditors, are ready to deal with real-world situations and this rationale is especially true for the job practice areas, each consisting of tasks and knowledge statements that try to represent the work performed in information systems audit, assurance and control.

CISA Certification Job Practice Areas by Domain, Source: ISACA®

According to ISACA, the international association responsible for the CISA, “These statements and domains are the result of extensive research, feedback and validation from subject matter experts and prominent industry leaders from around the globe.”

The five domains are the basis for the exam questions and the requirements to earn the certification. So, if your goal is to become a part of this exclusive group of certified and in-demand professionals, one of the first steps is getting to know each domain/job practice area.

Here is a quick review of each job practice domain and the task and knowledge statements for the CISA certification.

Domain 1 —The Process of Auditing Information Systems (21%)

The first domain is all about how to provide audit services, in accordance with ISACA’s view on IS audit standards, with the objective of assisting organizations in protecting and controlling information systems.

The main tasks include (Read more...)

*** This is a Security Bloggers Network syndicated blog from InfoSec Resources authored by Claudio Dodt. Read the original post at: