Certified Information Systems Auditor (CISA) 2019 Job Practice Changes

The ISACA (Information Systems Audit and Control Association) updates the Certified Information Systems Auditor (CISA) job
practice every three years to reflect changes in the field of information systems audit, control, and security. The latest job practice update was in 2019.

The 2019 CISA Job Practice update included several changes to the content and structure of the exam. The update included changes to the domains and task statements of the Job Practice, and also incorporated the new technologies and industry trends that have emerged in the past three years.

The main changes in the 2019 CISA Job Practice update include:

• The addition of a new domain called "Security and Risk Management" which covers the management of security risks and the implementation of security controls to mitigate those risks.
• A greater emphasis on cloud computing and its impact on the security and risk management of information systems
• The addition of new task statements related to security and risk management in the domains of "Governance and Management of IT" and "Information Systems Acquisition, Development, and Implementation"
• The revision of existing task statements to reflect the changing nature of the information systems audit, control, and security field

The 2019 job practice update also included a new format for the exam, which is now based on a new structure of questions, that are more task-based rather than knowledge-based, to better assess the candidate's ability to apply the knowledge in real-world scenarios.

This job practice update is intended to ensure that the CISA certification continues to be a valid and relevant measure of an individual's knowledge and skills in the field of information systems audit, control, and security.