CISA
What is CISA?
CISAAn ISACA certification for information systems auditors covering audit process, governance, acquisition, operations, and protection of information assets across five domains.
The Certified Information Systems Auditor (CISA) is issued by ISACA and is the standard credential for IT auditors, assurance professionals, and internal-control specialists. The exam covers five domains: Information Systems Auditing Process, Governance and Management of IT, Information Systems Acquisition Development and Implementation, Information Systems Operations and Business Resilience, and Protection of Information Assets. Candidates answer 150 multiple-choice questions in four hours and must achieve a scaled score of at least 450 out of 800. CISA requires five years of professional auditing, control, or security experience, with substitutions of up to three years for academic credentials or related certifications.
● Examples
- 01
An IT auditor uses CISA to plan SOX ITGC audits across application change, access, and operations.
- 02
A consultant validates ISO 27001 evidence packages using CISA-aligned audit procedures.
● Frequently asked questions
What is CISA?
An ISACA certification for information systems auditors covering audit process, governance, acquisition, operations, and protection of information assets across five domains. It belongs to the Compliance & Frameworks category of cybersecurity.
What does CISA mean?
An ISACA certification for information systems auditors covering audit process, governance, acquisition, operations, and protection of information assets across five domains.
How does CISA work?
The Certified Information Systems Auditor (CISA) is issued by ISACA and is the standard credential for IT auditors, assurance professionals, and internal-control specialists. The exam covers five domains: Information Systems Auditing Process, Governance and Management of IT, Information Systems Acquisition Development and Implementation, Information Systems Operations and Business Resilience, and Protection of Information Assets. Candidates answer 150 multiple-choice questions in four hours and must achieve a scaled score of at least 450 out of 800. CISA requires five years of professional auditing, control, or security experience, with substitutions of up to three years for academic credentials or related certifications.
How do you defend against CISA?
Defences for CISA typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for CISA?
Common alternative names include: Certified Information Systems Auditor.
● Related terms
- compliance№ 176
CISM
An ISACA management-level certification for information security managers covering governance, risk, program development, and incident management across four domains.
- compliance№ 236
CRISC
An ISACA certification for IT risk and control professionals covering governance, IT risk assessment, response, reporting, and control selection across four domains.
- compliance№ 177
CISSP
A senior-level vendor-neutral security certification from ISC2 covering eight domains of the Common Body of Knowledge and requiring five years of paid work experience.
- compliance№ 736
NIST SP 800-37
The NIST Risk Management Framework, defining a seven-step process for managing security and privacy risk across the system lifecycle.
● See also
- № 150CCSP