In this video, Marc Menninger describes the CISA certification. Learn how this certification can be important to your IT security career. Discover topics you can expect to see on the exam and if there are any experience requirements to take it. Explore which jobs often require the CISA certification and resources to help you prepare for it.
- [Instructor] The Certified Information Systems Auditor, or CISA certification, offered by ISACA validates your knowledge of IT security audit controls. You will be tested in your ability to asses vulnerabilities, report on compliance, and implement controls within an organization. The CISA is an advanced certification for experienced IT security professionals. In order to take the exam, you need to have five years of work experience and information systems auditing, or IT security.
Your work experience must begin within 10 years prior to applying for the CISA certification, or within five years of passing the exam. A waiver for up to three years of the work experience requirement is available based on previous employment or educational history. Topics you can expect to see on the exam include information systems auditing process, governance and management of IT, information systems acquisition, development, and implementation, information systems operations, maintenance, and service management, and protection of information assets.
IT security job listings that often require the CISA certification include IT security auditors, consultants, architects, and managers. While there are many written resources to choose from, these three books thoroughly cover the most recent version of the exam and have been well received by the security community. The core content of each is fairly similar, so writing style and additional resources can help you select one that's right for you. The CISA Review Manual is the official ISACA reference manual for the exam.
The CISA Review Questions, Answers, & Explanations Manual has 1,000 multiple choice study questions from previous CISA exams. And the CISA: Certified Information Systems Auditor Study Guide includes electronic flashcards and practice exams. For links to these resources and other related information please see the handout for this video. Once you have the CISA certification it's valid for three years. You can retain it for longer by obtaining 120 CPEs every three years.
Check the ISACA website for more details about getting CPEs. The CISA certification is great for aspiring IT security auditors and other security professionals who want to demonstrate their ability to audit IT security controls.
Marc closes with a few pieces of career advice specific to the world of information security, which will help you succeed in this dynamic and high-demand industry.
- IT security key concepts
- Understanding the job marketplace (government vs. healthcare, etc.)
- IT security success traits
- Career specializations
- IT security certifications
- Getting experience
- Marketing yourself