Warm Greetings to all of you future Information System Auditors. If you are intending to or decided to opt for CISA, then congratulations.
are on a very exciting and challenging journey ahead. The recent information security incidents have also lead to an increased demand for information security professionals, CISA being one of them. Further, CISA is a well-renowned course for Information Security Audit. It highly sought worldwide. Also, if you look at the current vacancy, regarding Information Security Manager or Information Security Officer, “Preferred Qualification- CISA “, always pops up.
But it is necessary to make one thing clear that CISA qualification will not any chance to make you an expert in the information security field. If you are already from an audit background, it will help you to apply that audit concept in the information security field. But it also does not mean, that you will be able to clear the CISA exam with only Audit knowledge. CISA requires you to have general knowledge about the information security concept but not in detail. However, the broad concept of Audit like planning, risk assessment, report writing still prevails.
Let’s Get Technical:
You can check out the CISA Exam Fees by going through its official site here which is exactly USD 760 till September 2019 that may be subject to change. However, we believe you are really interested in what the CISA exam is all about and how can one clear this exam. So, let’s cut into the meat and look inside what CISA is all about. You need to score 450 out of 800 to pass this exam which roughly comes to about 56%, which is not difficult to score if follow our footsteps to prepare for the CISA exam. But before we share with you our tips and tricks, let us talk about what CISA Exam is really about and what is expected out of any candidate.
If you read for the CISA Review for the first time, some of you may get confused. So following brief introduction will give you a rough idea about what the CISA exam is all about so that you can plan your approach for your study.
CISA exam is divided into 5 domains that carry different weights of marks. We will list the weights in the percentage at the side of the title of the domain:
Domain 1: The Process of Auditing Information System(21%)
If you are involved in the Audit area then you will find this domain very easy, whichever sector you perform audit like IT, financial, regulatory, the basic concepts of Audit will be always the same. You need to Plan the Audit, perform risk assessment, do substantive and analytical testing, write reports. There are other things like the code of ethics, audit risk, internal controls.
Domain 2: Governance and Management of IT(16%)
In the simplest term, this chapter tells you about how IT should be included in the overall organization structure. There should be Board overseeing IT function, Steering committee to make the decision about IT issues. There should be a proper department structure of IT with the clear job responsibilities of Information Security Officer, Chief Technology Officer, and other IT support staff without any overlapping duties and authorities. There should be proper IT plan and policies which should support the overall business objective of the organization.
Domain 3: Information System, Acquisition, Development and Implementation(18%)
This section talks about how any IT Hardware and Software procurement and development should be treated as a project with a detailed explanation of different concepts of project management like planning, budget, time schedule. You also learn about the System Development Lifecycle, different types of testing methods of any Software. Finally, it talks about the concept of electronic commerce like electronic finance, banking, point of sale systems.
Domain 4: Information Systems Operation, Maintenance and Service Management(20%)
This chapter provides you with information about different components of information systems like what is network infrastructure, what are network devices like firewalls, routers, switches. It also gives information about different components that are widely used in IT infrastructure. You can say that this chapter is like a glossary or brochure of the different hardware and software components that anyone who claims to be IT literate should know about.
Domain 5: Protection of Information Assets(25%)
This is a far more interesting and important domain than any other domain. You will learn about different types of information security threats either physical or logical that may occur in Information systems from physical threats like a flood, fire, vandalism to hacking, phishing, and so on. It also teaches you the mechanism to protect from those risks.
So, how about testing yourself, for preparedness for the CISA exam. Download our Mobile App here, it will test you with 51 exam similar questions and provide you with an explanation for the wrong answer. Also, it comes with a lot of other useful features to help you in the journey of acing the CISA exam.
Time to Prepare:
I think two categories of people like to take CISA certification: One who is already in an Audit or risk management career; others who are involved in IT or IT security. I have written this article so that it would be helpful for both.
For IT professionals
CISA is mainly related to Audit rather than IT, I will say it’s about 40% pure Information Technology. So, having good knowledge of the Audit concept and methodology will help you all the long way. There are unlimited sources where you can look into. The other important thing is to understand this concept that how much you understand CISA is based on your IT background. There are two key ideas that are widely accepted in all organizations: Business and Risk. If your IT background is related to developing different types of programs and applications to run the business of the organization, you need to really work on understanding different Risk Concepts. It requires a shift in your perspective. You need to analyze the thing from a Risk point of view. For e.g. let’s say if you are looking at someone written program, now from Risk eye, you need to evaluate, whether there is a backdoor in the program or not and others. Now, let’s say if your background is from IT security, then it will be much easier for you to grasp the concept mentioned in CISA.
For Non- IT guy but with zeal in information security
As as I said earlier CISA required you to have quite a knowledge about Information Security but doesn’t require you to be an expert. For e.g., you may have never seen Firewall but if you have an idea about how a firewall works then it will be sufficient. Another good example is you may never have a written program in your life, that’s ok, you only need to understand whether this program was created as per management approval or whether any changes in this program were properly authorized.
I had taken the CISA exam in December 2014 and my score was in the top 20% of top scorers globally. Since I didn’t have any IT background then, so this scoring meant a lot to me. I like to share my techniques for studying.
- Read the CISA Review Manual(CRM) multiple times. You may want to understand the concept as clearly as possible. Also, you want to give yourself ample time before attempting this exam. I suggest 2 to 3 months of preparation time will be sufficient to clear this certification.
2. If possible take some certification courses like Linux, CompTia A+ if you have never taken any computer courses. Put your focus on the security areas like how the permission is granted, how to change privilege so different users.
3. If you don’t have time to take courses. You may want to online tutorial videos regarding information security like CBT nugget training videos. You can watch them at a convenient time.
4. You need to Practice the CISA question database. You may have gone to give more emphasis on question database rather than CRM. However, I think that if you understand the concept, clearly you can attempt any question, since, these questions are there to examine your understanding. Right. Always read the question twice before answering and if your answer is still wrong, try to understand why your answer was wrong.
5. Before taking your exam, it is generally a good idea to attempt a mock test. It is a simulation for your exam and it gives you a brief idea about time management.
6. I think it is best you take one day off your exam. Put your mind at ease by doing things that you love. This will give you mind you process all the information and make it necessary. You will see what I mean.
Thank you for your time.
Below is the video demonstration of everything said above.