The Certified Information Systems Auditor (CISA) Exam Overview
Is your organization's critical information protected? ...Really? Without comprehensive security plans, policies, and procedures, your organization's information security could be missing something. And that's all it takes for the worst to happen. As a Certified Information Systems Auditor (CISA), you'll perform a business-critical function -- assess your organization's IT and business systems to ensure they are monitored, controlled, and protected. These are valuable skills... and CISA is a valuable certification. There is rapidly growing demand for skilled CISAs. CISA is on the level of CISSP and CCIE in prestige and in the way it distinguishes you from your peers. It's globally recognized within the IT industry and beyond. It's used by the US Department of Defense and others as a minimum requirement for many high-end security positions. And studies have found that just having the CISA credential can increase your salary.
The Certified Information Systems Auditor (CISA) Exam is a professional certification exam offered by the ISACA (Information Systems Audit and Control Association) for individuals who want to demonstrate their knowledge and skills in the field of information systems audit, control, and security. The exam is based on the ISACA's CISA Job Practice, which covers five domains:
- The Process of Auditing Information Systems
- Governance and Management of IT
- Information Systems Acquisition, Development, and Implementation
- Information Systems Operations, Maintenance, and Support
- Protection of Information Assets
The CISA exam is a computer-based test consisting of 150 multiple-choice questions. Candidates have four hours to complete the exam. A passing score is 450 out of a possible 800 points. The exam is offered four times a year, in the months of January, April, July, and October.
To be eligible to take the CISA exam, candidates must have at least five years of professional experience in information systems audit, control, or security, of which at least three years must be in a management, professional, or supervisory capacity. Additionally, candidates must agree to adhere to ISACA's Code of Professional Ethics.
The CISA certification is valid for three years and must be renewed every three years by earning continuing professional education (CPE) credits and paying an annual maintenance fee.
Passing the CISA Exam and meeting the experience requirement is a good way to demonstrate to employers and clients that you have a strong understanding of information systems audit, control, and security and that you are committed to maintaining your knowledge and skills in this field.