CISA

CISA certification requires a minimum of 5 years of professional work experience in information systems auditing, control or security. Substitutes to work experience may be applied for a maximum of 3 of the 5 required years. ISACA allows the following as qualifying substitutes.

•  A maximum of 1 year of information systems experience or 1 year of non-IS auditing experience can be substituted for 1 year of experience.
•  Sixty (60) to 120 completed university semester credit hours (the equivalent of a 2 or 4-year degree) not limited by the 10-year preceding restriction, can be substituted for 1 or 2 years, respectively, of experience.
•  A bachelor’s or master’s degree from a university that enforces the ISACA-sponsored Model Curricula can be substituted for 1 year of experience.
•  A master’s degree in information security or information technology from an accredited university can be substituted for 1 year of experience.
•  Two years as a full-time university instructor in a related field (e.g., computer science, accounting, information systems auditing) can be substituted for 1 year of experience.

• Quick Reference
• Management of the IS Audit Function
• ISACA IS Audit and Assurance Standards and Guidelines
• IS Controls
• Performing An IS Audit
• Communicating Audit Results
• Control Self-assessment
• The Evolving IS Audit Process
• Case Studies
• Answers to Case Study Questions

•  Quick Reference
• Corporate Governance
• Governance of Enterprise IT
• Information Systems Strategy
• Maturity and Process Improvement Models
• IT Investment and Allocation Practices
• Policies and Procedures
• Risk Management
• Information Technology Management Practices
• IT Organization Structure and Responsibilities
• Auditing IT Governance Structure and Implementation
• Business Continuity Planning
• Auditing Business Continuity
• Case Studies
• Answers to Case Study Questions

•  Quick Reference
• Benefits Realization
• Project Management Structure
• Project Management Practices
• Business Application Development
• Virtualization and Cloud Computing Environments
• Business Application Systems
• Development Methods
• Infrastructure Development/Acquisition Practices
• Information Systems Maintenance Practices
• System Development Tools and Productivity Aids
• Process Improvement Practices
• Application Controls
• Auditing Application Controls
• Auditing Systems Development, Acquisition and Maintenance
• Case Studies
• Answers to Case Study Questions

• Quick Reference
• Information Systems Operations
• IT Asset Management
• Information Systems Hardware
• IS Architecture and Software
• IS Network Infrastructure
• Auditing Infrastructure and Operations
• Disaster Recovery Planning
• Case Studies
• Answers to Case Study Questions

• Quick Reference
• Information Security Management
• Logical Access
• Network Infrastructure Security
• Auditing Information Security Management Framework
• Auditing Network Infrastructure Security
• Environmental Exposures and Controls
• Physical Access Exposures and Controls
• Mobile Computing
• Peer-to-peer Computing
• Instant Messaging
• Social Media
• Cloud Computing
• Data Leakage
• End-user Computing Security Risk and Controls
• Case Studies
• Answers to Case Study Questions