CISA stands for certified information systems auditor and is the most well recognized certifications for IS auditing. Specifically, the CISA is designed to demonstrate someone’s ability to “audit, control, monitor and assess an organization’s information technology and business systems”. The average salary of a CISA is $110,000 in the US. If you’re entry level to mid level and you’re looking to work as an information security analyst or directly in audit this certification could be useful for you. Here I’ve put together some of the best study and practice material for the CISA exam. In order to pass the CISA you need to get a 450 on a scale of 200-800 points.
ISACA Official Book
ISACA stands for information systems audit control association and they are the governing body that oversees the CISA certification. Based on what I’ve found, the official book and question bank is more than enough to pass the exam. You’ll know when you’re ready to sit the official exam once you can get to the point of getting 80% or more of the practice questions correct.
CISA QAE
This is the CISA’s question, answer and explanation database. This book is simply a compiled list of practice questions that you can go through to prepare for the exam. Many people use only this to study for the exam because it’s very straight to the point and it provides explanations that help you understand why the answer is correct. You can probably pass from just memorizing the answers but if you’re trying to use this certification to improve your knowledge and understanding this won’t do you a lot of good. It’s better to read the official book and get a solid understanding of the concepts and then use the practice questions to reinforce that knowledge and learn the syntax you can expect to see in the exam questions.
CISAexamstudy.com
This website is dedicated to helping CISA applicants prepare for the exam. It has video tutorials, summary of key points for each domain and practice questions. Overall it is a great resource, the only downside is that there are a lot of ads that can interfere with your experience. If need be you can use a browser based ad blocker to stop them and use the website with no interference. Try not to do this all the time as you want to reward the people that put all this content out there free of charge.
Reddit is probably the best forum for finding out how to pass any certification. There are often forums dedicated to any of the major security certifications such as CISSP, Security+, CISM and CISA is no exception. You can simply google “CISA study materials reddit” and you can find people sharing their experiences of how they prepared for the exam and passed or what they did wrong that caused them to fail. Either way you can learn from other people’s experiences.
Final Thoughts
CISA is considered a fairly difficult exam to pass, slightly harder than the CISSP from what I’ve heard about it. However, the passing mark itself is much lower than most other certifications and with the right preparation it’s definitely doable. Using the material found in this article you should be able to pass, with little or no cost outside of the testing fee. I’m generally not a big fan of paying for classroom preparation unless it’s being funded by your company. It costs a lot of money, you still have to spend time studying on your own and it’s not as effective as learning on your own in my opinion. Once you are comfortable with the material and can score at least 75% on the practice questions you can register for the exam here.