Certified Information Systems Auditor (CISA) Course Outline)

Your Comprehensive Course Outline 

CISA Course Outline - Full Screen

Mastering the Audit: An Overview

The Certified Information Systems Auditor (CISA) certification, awarded by ISACA, is the globally recognized standard for professionals in information systems audit, control, and security. Aspiring CISAs must demonstrate proficiency across five key domains that encompass the entire lifecycle of information systems auditing.

The CISA examination is a 4-hour, 150-question multiple-choice exam designed to test a candidate's knowledge and practical application of the five core domains. The exam is scored on a scale of 200 to 800, with a passing score of 450.

The Five Pillars of CISA

Domain 1: Information System Auditing Process (21%)

This foundational domain covers the essential principles and practices of conducting information system audits. It emphasizes a risk-based approach to ensure that the audit process is efficient, effective, and aligned with organizational objectives.

  • IS Audit Standards, Guidelines, and Codes of Ethics
  • Risk-Based Audit Planning
  • Types of Audits and Assessments
  • Audit Project Management
  • Audit Evidence Collection and Evaluation
  • Reporting and Communication Techniques
  • Audit Follow-up and Remediation

Domain 2: Governance and Management of IT (17%)

This domain focuses on the strategic alignment of IT with business goals. It assesses a candidate's understanding of the structures, policies, and processes that an organization uses to direct and control its IT resources.

  • IT Governance Frameworks (COBIT, ITIL, ISO/IEC 27001)
  • IT Strategy and Organizational Structure
  • IT Policies, Standards, and Procedures
  • Risk Management
  • IT Resource Management
  • Performance Monitoring and Reporting
  • Business Continuity and Disaster Recovery Planning

Domain 3: IS Acquisition, Development, & Implementation (12%)

This domain covers the processes involved in acquiring, developing, and implementing information systems. The focus is on ensuring that these processes are controlled and result in systems that meet business requirements and are secure.

  • Project Governance and Management
  • Business Case and Feasibility Analysis
  • System Development Methodologies (Waterfall, Agile, DevOps)
  • Control Identification and Design
  • Testing Methodologies
  • Configuration and Release Management
  • Post-Implementation Review

Domain 4: IS Operations & Business Resilience (23%)

This domain addresses the operational aspects of information systems and the organization's ability to maintain business operations in the face of disruptions. It is one of the more heavily weighted domains on the exam.

  • IT Service Management
  • System and Network Infrastructure
  • Data Management
  • Incident Management and Response
  • Problem Management
  • Change and Patch Management
  • Business Impact Analysis (BIA)
  • Resilience and Disaster Recovery Testing

Domain 5: Protection of Information Assets (27%)

Reflecting the paramount importance of information security, this is the most heavily weighted domain. It covers the technical and procedural controls necessary to protect information assets against threats and vulnerabilities.

  • Information Security Governance
  • Information Asset Classification and Ownership
  • Physical and Environmental Controls
  • Logical Access Controls
  • Network Security
  • Security Architecture and Design
  • Data Privacy and Protection
  • Security Monitoring and Incident Response