What Does Certified Information Systems Auditor (CISA) Mean?
Certified Information Systems Auditor (CISA) is a certification issued by ISACA that validates an auditor's ability to assess risk, institute information technology access and management controls, execute security audits and report on compliance.
The exam for this certification covers the following topics in regards to information and communication (ICT) systems:
Acquisition, development, testing and implementation
This part of the exam tests the candidate's knowledge of feasibility studies, business cases, total cost of ownership (TCO), return on investment (ROI) and software development project management.
Operations, maintenance & service management
This part of the exam tests the candidate's knowledge of service management best practices, enterprise architecture, systems resiliency, information lifecycle management (ILM), IT controls and performance monitoring.
IT Governance
This part of the exam tests the candidate's knowledge of enterprise risk management (ERM), specific IT governance frameworks, quality assurance (QA), performance scorecards and other topics related to business continuity and disaster recovery (BCDR).
Asset protection
This part of the exam tests the candidate's knowledge of privacy laws and regulations, risk management, digital forensics, data handling and best practices for physical and environmental security controls including digital signatures and encryption.
Auditing
This part of the exam tests the candidate's knowledge of auditing tools and best practices, as well as the candidate's knowledge of laws and regulations that pertain to an organization's business processes.
