Why Take the Certified Information Systems Auditor Exam?
More career opportunities and higher salary are the most compelling reason to obtain the ISACA CISA certification. As of this writing, a search on Indeed.com for positions that include the word CISA returns 4,309 job postings in the United States. And the positions generally pay well. A search on Glassdoor reports that the average annual salary for an information security auditor is $99,834. Some will pay much less and some will pay much more.
Having the CISA certification does not prove that you are an expert. It does, however, demonstrate that you have a certain level of knowledge required to work in the information security field. Many employers encourage it or require it for their auditors. It lends credibility to the
holder of the certification. That's important, especially if your company bill's out your services at a high rate.
How Difficult Is The CISA Exam?
The CISA exam can be very challenging, even for an experienced information security professional. With 5 or 10 years of experience, a few weeks or months of self-study may be all that is needed to pass. An experienced veteran would have picked up much of the required information from working in the field and being exposed to the concepts over time. For someone new to the field it may require 3 to 6 months of study that includes formal training via an in-person or online class.
In addition to understanding the breadth of subject matter that the exam covers, another challenge is the wording ISACA uses in its questions and answers. Each question usually gives you two obviously wrong answers and two potentially correct answers. The trick is determining which of the two answers is more correct. ISACA uses an approach that, at times, seems to defy logic and real world practices. Once you understand the ISACA approach, however, you can usually identify the best answer with confidence. The best way to do that is via ISACA's CISA test engine - Question, Answers & Explanations Database, which, I cover in the next section.
Study Materials I Consulted
- The
All In One CISA by Peter H. Gregory - the
book is over 700 pages and covers all of the CISA topics. I read this over the course of many months as I had a busy work and travel schedule. It includes practices questions at the end of each chapter. It also has a good appendix that discusses how to conduct a professional audit, which is valuable in itself.
- Next stop for me was the CISA test engine - Question, Answers & Explanations Database - 12 Month Subscription from ISACA. I highly
recommend it. It's basically a practice CISA test engine. It helps you understand ISACA's approach in the way it
asks questions. Sometimes I completely disagreed
with their logic but realized I just had to understand theirs to pass
the exam. It includes a ReadyScore measurement, based on how well you answer the questions. Once you achieve a ReadyScore of 80% or higher, you're ready to take the actual CISA exam. I used the tool for about 30 minutes a day for about 6 weeks. I then took several full practices exams of a few hours each over the next two weeks.
- The test engine revealed that I needed to fill in some gaps. I used the
Hemang Doshi CISA Exam - Study Guide to help with that, as it was recommended by posts I read. It's basically a condensed study guide with review questions of
250 pages that focuses on critical exam topics.
- I also took the CISA training on LinkedIn Learning as my previous employer gave us free access to it. It contains high level information that is valuable for people who may be new to the field. Experienced auditors and other information security professionals may find it a useful refresher or may skip it altogether.
Experienced auditors with 10 or more years may not need a book or a course. They may be able to pass the exam with the CISA test engine - Question, Answers & Explanations Database.
The CISA is a highly recognized certification in the auditing field and very valuable to an information security professional's career growth and salary potential. An auditor can have a successful career without it, especially if he or she already possesses the CISSP or similar certification. But if you are in the running for a position where other candidates have the CISA, you will be more competitive with it. n
For more information on the CISA certification, requirements, and exam, visit the ISACA CISA web page.
No comments:
Post a Comment