CISA® (Certified Information System Auditor) is a global recognized certification for audits, controls and guarantees. The certification was issued by Isaac which was previously called an information system audit and the control association but was only used as an acronym now because the scope of the domain and broader certification currently included. Isaca releases CISA, CISM, Crisc, CGGIIT and CSX certification. CSX is the latest addition to cyber security domains.
CISA is the oldest of Isaca certification, since the beginning of 1978. More than 1.25 lakh people have obtained the appointment of CISA from the start (according to the Isaca website). It is valued throughout the industry and even mandated to choose a job profile. This is one of the highest paying certifications according to the report carried out by global knowledge.
To become a CISA certified professional, there are 3 main steps.
Pass the CISA exam
Having relevant work experience of 5 years. (There are certain exceptions for this. For details, visit Isaca).
Stay with a code of ethics and professional standards set by Isaca. This blog post will cover the first part of 3, namely through the CISA exam.
From 2017, the CISA exam will be carried out via CBT (computer-based testing). For more information about this, visit the post titled Change in the CISA Exam Structure from 2017
Tips for Passing CISA
Use CRM (CISA review manual) wisely. The latest is the CRM 26 edition available at the Isaca bookstore for purchases. It must be owned. This is considered a Bible for CISA and while it is very verbose, it is well organized with detailed sentences and built well with the right examples. However, CRM is not a foundation, which means you will not find questions in CISA directly from CRM. CISA is a professional certification and more dependent on the application of knowledge rather than Rote learning. Therefore, CRM will be used wisely in the sense that you do not cram various topics but you even understand the use or application. For example, BCP or business continuity planning must be understood since the way or when the BCP starts, which starts the BCP, what are the BCP components and how the difference is from DRP (disaster recovery planning). If you even want to play skim for who found a BCP or organization which uses or doesn’t use BCP, you really waste your preparation time.
CISA review QAE manual or question, answer and manual explanation is what must be owned. You can choose the 11th edition or subscribe to subscribe to 12 months to the QAE database. Both are complete and give you many domain-wise practice tests with detailed explanations. They also have a full length imitation test in the end. This is a very good resource and a good belief amplifier for your preparation. However, note that CISA’s question will not come directly from Qae for clear reasons. In fact, the majority of CISA questions may be seen out of the syllabus to you in the actual test. The reason, while Qae focuses more on direct questions, CISA examination tests the understanding of candidates for these concepts. Even so, getting 80-90% consistently on the QAE has helped many participants feel a little more ready and mentally strong while appearing for CISA.
Plans, plans and plans: There are no better tools or easy guidelines for CISA rather than the right planning. The ideal preparation time is 4 months for those who have a background in the audit or security and around 6-8 months for those who are new to these areas (assuming you spend around 7-8 hours a week). Determine your exam date well in advance and detail your studies plan thoroughly. Good for preparing graphics of your learning plan with a week’s milestone. Buy CRM, QAE relevant and register to training training or online instructors before. The plan must be until the exam date so make sure you have significant control of it including supply for every possibility such as unplanned holidays etc. It might hamper your study plan.
Avoid free online tests: simple Google search will throw a lot of free online tests for CISA. Please avoid taking a test like that. Most have been outdated or have the wrong solution that will confuse the test taker. CISA is more application based and therefore it is important to understand the concept thoroughly than to take a test score. The reference mentioned in the above points amounted to 1-3 enough for preparation. If you have done a full Qae, it should be enough.
Make Mock a week before the exam date. As mentioned earlier, QAE provides 1 full length imitation test. Do it on weekends exactly 5-7 days before the actual test date. Create a test atmosphere and avoid family disturbances. It is important to recreat the test situation because CISA course future is a tiring 4-hour test. Most candidates tend to take all 4 hours of being given difficulties. Therefore, it is very important to sit through a copy or test simulator of similar structures.