• The auditing process
• Governance and management
• System acquisition
• System operations
• Protection of information assets

The exam consists of 200 multiple-choice questions, and candidates have a four-hour time limit. Test scores are reported as a scaled score that ranges from 200 to 800. A score of 450 is the minimum passing score. The exam is paper based. No Internet access or other outside resources are allowed.

Once you successfully completed the CISA exam you may want to attempt another one of the exams offered by ISACA. These include Certified Information Security Manager (CISM), Certified in the Governance of Enterprise IT (CGEIT), and Certified in Risk and Information Systems Control (CRISC). For those not testing this year please keep in mind that ISACA only offers tests once every 6 months, so the next test date will not occur until June 9^th, 2012.

Make sure to give yourself plenty of time. My approach is to start with some pre-study. Go to the vendor’s web site, and look at the requirements for a particular test. For example, CompTIA exam requirements can be found at their web site. Next, look through the requirements to see what you know and what area you need to spend time studying.

One approach is to find a good book on the topic so that you become familiar with what the exam requires. You may want to follow that up with a certification class or boot camp. For instance, the CEH certification course provides you with a lot of good hands-on experience and a better understanding of the tools. After attending the course, start working though some practice tests to get a better idea of the type of questions you can expect to see on the certification exam.

In all, this process can take 60 to 90 days. What’s important is to not feel bad that you didn’t start yet but that you take positive action to move toward your goals. Good luck, and let me know what certifications you obtained this year.

• Domain 1—The Process of Auditing Information Systems
• Domain 2—Governance and Management of IT
• Domain 3—Information Systems Acquisition, Development and Implementation
• Domain 4—Information Systems Operations, Maintenance and Support
• Domain 5—Protection of Information Assets

The exam is four hours, includes 200 questions, and a minimum score of 450 out of 800 is required to pass the exam. If you haven’t started studying, time is running out!

image courtesy of user lusi at rgbstock.com

If you’ve been procrastinating and not studying, you should start studying now!  It’s always better to study a little each day than to attempt to cram at the last moment in my opinion.

All of the ISACA exams are considered somewhat difficult, and, with the fact that they are only scheduled twice a year, failure requires a six-month wait to retest!

Note: The registration period for the December exams is no longer open, so you’ll have to wait until June if you did not already register.

What is your winning strategy for studying? If you have any tips or techniques that you have found to be successful, please let me know and pass them along to the group here.

CISA and CISM are registered marks of ISACA, the Information Systems Audit and Control Association.

This is why programs such as DoD 8570 are so important.  Depending on the job role, Department of Defense Directive 8570 (DoD 8570) provides guidance and procedures for the training, certification, and management of all government employees who conduct Information Assurance functions in assigned duty positions. These individuals are required to carry an approved certification for their particular job classification.

Certifications such as Security+, CISM, CISA, and CISSP all qualify under various aspects of DoD 8570.  Having one of these certifications is a good way to help your chances should you be looking for one of these jobs.  In today’s environment, anything you can do to boost your career opportunities is worth considering.

This year, the December exam takes place on the 11th. Early registration closes August 27th, and final registration ends on October 6th. To register, visit the ISACA web site. Online registrants save $50.

To prepare for your exam, be sure to check out ISACA’s Candidate’s Guides, which contain a summary of key subject areas, suggestions for reference material, a glossary of acronyms that might be encountered on the exam, and a sample of the answer sheet. You can also read their study materials and review questions.

Are you considering the CISA certification? If so, have you registered for December’s exam yet?

The CISA emblem is a registered mark of ISACA®.

The best way to increase your odds of passing is to start prepping months before you are scheduled to take the exam.  The ISACA site has links to lots of material you can access for free.  Three such items include the job practice areas, glossary, and terminology.  Each of these are worth reviewing.  The job practice area will show you what are considered testable topics for each of the six areas of the test.  As an example, item 6.3 states that test candidates must have “knowledge of business impact analysis (BIA).”

You will also want to review testable topics.  ISACA sells their study guide, and there are others available such as the CISA Exam Prep. Once you have finished the reading material, you will want to start taking some practice exams.  The practice tests will help you get a better idea of what ISACA will be looking for when you take the actual exam.  The exam is known to use words like best, worst, least, most, etc.  These key words can make a big difference when choosing the right answer instead of a distracter.

From Michael Gregg