CISA Essentials Exam Guide & Test Questions
To ensure your success, you should have at least five years of professional experience in information systems auditing, control, or security. You are also required to prove this level of experience to ISACA in order to obtain certification. The major areas of work experience are described in the CISA job practice domains:
- The process of auditing information systems
- Governance and management of IT
- Information systems acquisition, development, and implementation
- Information systems operations, maintenance, and service management
- Protection of information assets
Section 1: The Process of
Auditing Information Systems Domain
Chapter 1: Some
Organizations, Laws, Standards, and Frameworks
Chapter 2: ISAAS
Chapter 3: From
Governance to Procedures
Chapter 4: KGI,
CSF, KPI, and KRI
Chapter 5: ALE,
RTO, RPO, SDO, MTO, MTD, and AIW
Chapter 6: Risk
Appetite, Tolerance, and Capacity
Chapter 7: From
Threats to Controls
Chapter 8: Risk
Management
Chapter 9: Sampling
Chapter 10: IS
Auditor Duties for the Process of Auditing Information Systems Domain
Section 2: The Governance and
Management of IT Domain
Chapter 11: Security
Concepts
Chapter 12: Roles,
Responsibilities, and a RACI Matrix
Chapter 13: Human
Resources (HR)
Chapter 14: Outsourcing
Chapter 15: Cloud
Computing
Chapter 16: Capital
Expenditures and Operational Expenditures
Chapter 17: BCP,
DRP, and BIA
Chapter 18: Plan
Testing
Chapter 19: Enterprise
Architecture
Chapter 20: Governance
Chapter 21: Information
Security Policy
Chapter 22: Information
Technology Management Practices
Chapter 23: IT
Organizational Structure Roles and Responsibilities
Chapter 24: IS
Auditor Duties for the Governance and Management of IT Domain
Section 3: The Information
Systems Acquisition, Development, and Implementation Domain
Chapter 25: Project
Management
Chapter 26: Benefits
Realization
Chapter 27: The
Software Development Lifecycle (SDLC)
Chapter 28: Software
Development
Chapter 29: E-Commerce
Chapter 30: EDI
Chapter 31: Email
Chapter 32: Electronic
Money
Chapter 33: Integrated
Manufacturing System (IMS)
Chapter 34: Industrial
Control Systems (ICS)
Chapter 35: Artificial
Intelligence and Expert Systems
Chapter 36: Business
Intelligence (BI)
Chapter 37: Decision
Support System (DSS)
Chapter 38: Re-Engineering
Chapter 39: Other
Business Applications
Chapter 40: Infrastructure
Chapter 41: Managing
Change, Configuration, Patches, and Releases
Chapter 42: Application
Controls
Chapter 43: IS
Auditor Duties for the Information Systems Acquisition, Development, and
Implementation Domain
Section 4: The Information
Systems Operations, Maintenance, and Service Management Domain
Chapter 44: Information
Systems Operations
Chapter 45: Hardware
Architecture
Chapter 46: Operating
Systems
Chapter 47: Database
Management
Chapter 48: Third-Party
Software
Chapter 49: Network
Infrastructure
Chapter 50: Internet
Concepts
Chapter 51: Telecommunications
Chapter 52: IS
Auditor Duties for the Information Systems Operations, Maintenance, and Service
Management Domain
Section 5: The Protection of
Information Assets Domain
Chapter 53: Asset
Classification
Chapter 54: Security
Awareness and Training
Chapter 55: External Parties
Chapter 56: Computer
Crime
Chapter 57: Logical Access
Chapter 58: Remote
Connectivity
Chapter 59: Media
Handling
Chapter 60: Network
Security
Chapter 61: Firewalls
Chapter 62: Intrusion
Detection
Chapter 63: Encryption
Chapter 64: Penetration
Testing
Chapter 65: Environmental
Issues
Chapter 66: Data
Leakage Prevention (DLP)
Chapter 67: Physical
Access
Chapter 68: IS Auditor Duties for the Protection of Information Assets Domain