Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.


Certified Information Systems Auditor (CISA)

via Cybrary


For cyber security professionals who are interested in the field of auditing, the Certified Information Systems Auditor (CISA) certification by ISACA is the leading credential to achieve. In order to face the dynamic requirements of meeting enterprise vulnerability management challenges, this course covers the information systems auditing control processes to ensure that you have the ability to analyze the state of your organization and make changes where needed.

Prior to taking this CISA course online, it is recommended that candidates have a minimum of five years of work experience in information security audit, control, assurance, or security.

What is CISA?

CISA stands for Certified Information Systems Auditor and is a certification that is granted by the Information Systems Audit and Control Association (ISACA). It is the most recognized credential for IS audit control, assurance, and security professionals. It is designed for audit managers, IT auditors, security professionals, and consultants.

What is Involved in this online CISA training?

Our CISA training provides you with all the knowledge you need to be eligible to work in a professional information systems auditing role and pass the CISA certification exam. The course is a comprehensive study of the auditing process, including:

  • Information Systems Auditing Standards and Processes
  • Acquisition, Development, and Implementation
  • Operations, Maintenance, and Support
  • Code of Professional Ethics

Completion of the course demonstrates your overall competencies in auditing, controlling, monitoring, and assessing information security and business systems.

While there are no prerequisites for this CISA course, it is suggested that you have previous work experience in information security audit, control, assurance, or security, as previous professional work experience is required to become certified.

Why Get CISA Certification?

Employees who are CISA certified are seen as knowledgeable, with skills including auditing information systems, ensuring compliance, managing vulnerabilities, and instituting control. Additionally, the benefits of achieving CISA certification include:

  • Automatic marketing of your expertise
  • Globally recognized as an IS audit professional
  • Increases value to the organization
  • Provides a competitive advantage over peers in the industry
  • Shows that candidates possess a high professional standard through ISACA's requirements for continuing education
  • Demonstrates the tactical skill required to successfully complete the exam
  • Credibility in the industry
  • Well-above average salary

What Jobs Are CISA Certified Professionals Qualified to Do?

The primary role of the information technology auditor is to ensure that there are no situations of unnecessary spending, fraud, or noncompliance with federal regulations and governmental laws.

CISA certification holders may be hired for the following positions:

  • IT Audit Manager
  • Internal Auditor
  • Cybersecurity professional
  • IT Consulting
  • Privacy Officer
  • IT Risk and Assurance Manager
  • PCI Security Specialist

What Are the Requirements for CISA Certification?

To earn a CISA certification, candidates must pass the CISA test with a score of at least 450 (out of a possible 800) and have at least five years of professional experience in information systems auditing, assurance, control, or security. The previous experience requirement must have been within the last ten years preceding the application date for certification.

The CISA exam consists of 150 multiple choice questions, for which you have four hours (240 minutes) to complete. The exam questions cover five domains:

  • Information System Auditing Process (21%)
  • Governance and Management of IT (17%)
  • Information Systems Acquisition, Development, and implementation (12%)
  • Information Systems Operation and Business Resilience (23%)
  • Protection of Information Assets (27%)

Once successfully passed, your certification will be valid for five years, and then must be reestablished by meeting certain requirements.

You can find more information about the exam, scheduling the exam, and maintaining certification on the ISACA website.


  • Introducing the Certified Information Systems Auditor
    • Introduction and Overview of the Certification
  • The Process of Auditing Information Systems (Domain 1)
    • The Process of Auditing Information Systems
    • ISACA IS Audit and Assurance Standards and Guidance
    • IS Controls
    • Performing an IS Audit
    • Communicating Audit Results
    • Control Self-Assessment
    • The Evolving IS Audit Process
    • Domain 1: Putting It All Together And Review
  • Governance and Management of IT (Domain 2)
    • CISA Module 3 Introduction
    • Corporate Governance
    • Information Security Governance
    • Information Systems Strategy
    • Maturity and Process Improvement Models
    • Risk Management
    • Information Technology Management Practices
    • IT Organization Structure and Responsibilities
    • Auditing IT Governance Structure and Implementation
    • Domain 2: Putting It All Together and Review
  • Information Systems Acquisition, Development, and Implementation (Domain 3)
    • Project Governance and Management
    • Project Management Practices
    • Business Case and Feasibility Analysis
    • System Development Tools and Productivity Aids
    • Infrastructure Development and Acquisition Practices
    • Hardware and Software Acquisition
    • Control Identification and Design
    • Testing Methodologies
    • Configuration and Release Management
    • Data Migration
    • System Implementation
    • Domain 3: Putting it All Together and Review
  • Information Systems Operations, Maintenance and Service Management (Domain 4)
    • Information Systems Operations
    • Information Systems Hardware
    • Hardware Maintenance Program
    • Job Scheduling and Production Process Automation
    • System Interfaces
    • End User Computing
    • Data Governance
    • IS Architecture and Software
    • Operating Systems
    • Access Control Software
    • Additional Software Considerations
    • Problem and Incident Management
    • Change Configuration, Release, and Patch Management
    • IT Service Level Management
    • Database Management
    • Business Impact Analysis
    • System Resiliency
    • Data Backup, Storage, and Restoration
    • Business Continuity Planning
    • Disaster Recovery
    • Domain 4: Putting It All Together and Review
  • Protection of Information Assets (Domain 5)
    • Information Security Management
    • Logical Access
    • Network and Endpoint Security
    • Network Architectures
    • Data Classification
    • Data Encryption
    • Web-based Communications Technologies
    • Virtualized Environments
    • Wireless and Internet of Things
    • Security Awareness Training and Programs
    • Information System Attack Methods and Techniques
    • Security Testing Tools and Techniques
    • Security Monitoring Tools and Techniques
    • Incident Response Management
    • Evidence Collection and Forensics
    • Domain 5: Putting it All Together and Review
  • Exam Preparation
    • Exam Preparation

Taught by

Daryl Sheppard


Start your review of Certified Information Systems Auditor (CISA)

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.