CISA Certification Syllabus
CISA stands for Certified Information Systems Auditor, well this is a certification that empowers an individual with scope and skills to audit, design, manage and protect IT system and security.
What is the job of a CISA professional?
A CISA professional can identify risks related to IT Systems of any organization and has the ability to provide solutions for such problems.
Who should get this certification?
This certification is meant for those individuals who want to construct their career in the IT Auditing domain.
How to get the CISA Certification?
This certification is provided by the ISACA organization, which is dedicated to educate individuals and provide them with deep knowledge that is required to tackle issues that may arise in the management of IT Systems.
This certification validates a candidate’s knowledge, aptitude, and skills regarding the IT Systems.
Important things to know about CISA exam
Name of the exam- ISACA Certified Information Systems Auditor (CISA)
Exam fees for ISACA members – $575
Exam fees for ISACA non-members- $760
Duration of the exam- 240 minutes
Number of Questions- 150
Total Marks – 800
Passing Mark- 450/800
Books and training booklets- CISA requirements and CISA review manual.
Sample Booklet- ISACA CISA Sample Papers
Practice Exam- ISACA CISA practice exam
ISACA CISA Syllabus
Unit-1- Information Systems Auditing Process
This unit provides all information about Auditing Services according to the ISACA standards to help organizations in protecting and monitoring information systems. This unit confirms the candidate’s ability to come up with conclusions regarding IS/IT security, risk, and control solutions for an organization.
a. IS Audit Standards, Guidelines, and Code of Ethics
b. Business Processes
c. Types of Controls
d. Risk-based Audit Planning
e. Types of Audits and Assessments
. Audit Project Management
a. Sampling Methodology
b. Audit Evidence Collection Techniques
c. Data Analytics
d. Reporting and Communication Techniques.
Weightage of Unit-1 in the exam- 21%
Unit-2-Governance and Management of IT
This unit affirms the ability of the candidate to the stakeholders to detect critical issues and suggest practices to support and safeguard the governance of information and technologies related to it.
1. IT Governance
a. IT Governance and IT Strategy
b. IT-related Frameworks
c. IT standards, policies and procedures
d. Organizational Structure
e. Enterprise Architecture
f. Enterprise Risk Management
g. Maturity Models
h. Laws, Regulations, and Industry Standards are affecting the organization.
. IT Resource Management
a. IT Service Provider Acquisition and Management
b. IT Performance Monitoring and Reporting
c. Quality Assurance and Quality Management of IT
Weightage of Unit-2 in the exam- 17%
Unit-3- Information Systems Acquisition, Development, and Implementation
This unit educates the individual about business relations with IT systems.
1. Information Systems Acquisition Governance
a. Project Governance and Management
b. Business Case and Feasibility Analysis
c. System Development Methodologies
d. Control Identification and Design
Information Systems Implementation
. Testing Methodologies
a. Configuration and Release Management
b. System Migration, Deployment, and Data Conversion
c. Post Implementation Review
Weightage of unit-3 in the exam- 12%
Unit-4- Information Systems, Operations, and Business Resilience
1. Information Business Operations
a. CommonTechnology Components
b. IT Asset Management
c. Job Scheduling and Production Process Automation
d. System Interfaces
e. End-user Computing
f. Data Governance
g. Systems Performance Management
h. Problem and Incident Management
i. Change, Configuration, Release and Patch Management
j. IT Service Level Management
k. Database Management
. Business Impact Analysis
a. System Resiliency
b. Data Backup, Storage and Restoration
c. Business Community Plan
d. Disaster Recovery Plan
Weightage of Unit-4 in exam-23%
Unit-5- Protection of Information Assets
1. Information Asset Security and Control
a. Information Asset Security Frameworks, Guidelines and Standards
b. Privacy Principles
c. Physical Access and Environmental Control
d. Identity and Access Management
e. Network and End-point Security
f. Data Classification
g. Data Encryption and Encryption related techniques
h. Public Key Infrastructure
i. Web-based Communication Techniques
j. Virtualized Environments
k. Mobile, Wireless and Internet of Things (IoT) devices
Security Event Management
. Security Awareness Training and Programs
a. Information Systems Attack Methods and Technique.
b. Security testing tools and techniques
c. Security Monitoring Tools and Techniques
d. Incident Response Management
e. Evidence Collection and Forensics
Weightage of Unit-5 in the exam- 27%
The whole syllabus is important to be covered, and with the help of trainers, it will be to map and prepare for exams according to ISACA standards. There may be some difficulties in covering such a vast course, yet it is justified considering the responsibilities of a CISA certified auditor.