Professional Documents
Culture Documents
Over the years thousands have taken the CISA® exam and been certified. These
professionals are available on various mailing lists, forums and in person to provide
guidance and mentoring assistance to CISA® aspirants. The most active resource is the
CISA Group on Yahoo! and you must sign up asap. Once you have signed up, read the
archives and you will gain valuable insights which will help you in your efforts to gain
the CISA® certification.
Contents
■ 1 Strategy and Approach .. Personal experiences of CISA exam pass-outs
■ 1.1 Conversations ... valuable advice
■ 1.2 What was your approach in studying for the exam
■ 1.3 Certification Application - step by step in detail
■ 1.4 Experience info for Certification
■ 1.5 CPE's
■ 2 Copies of CRM and Exam Questions ... A BIG NO NO
■ 2.1 Requesting and sharing the ISACA CRM
■ 2.2 Discussions about Exam questions
■ 3 What resources are available for preparation
■ 3.1 Insight into approach to the Exam
■ 4 Are there any classes which I can attend
■ 4.1 CISA® Review Classes held by most ISACA Chapters
■ 4.2 Online and offline courses offered by some identified vendors
■ 4.3 What are study groups
■ 4.3.1 Where can I find a study group
■ 5 Study materials, books the CRM.... etc
■ 5.1 Purchase dilemma at the ISACA Bookstore
■ 5.2 Books, Study Materials guidance and guides !
■ 5.2.1 Books and the ISACA Manual
■ 5.2.2 Can I start my own study group or do I need permission
http://www.securians.com/wiki/FAQs/index.php?title=CISA_FAQs:Advic... 12/03/2011
CISA FAQs:Advice & Guidance - The FAQ Project Page 2 of 12
Click above or here... to read the various snippets of communications between peers
wanting to know about the certification and those willingly extending information and
advice.
There are a lot of commercial test prep materials (books, software, classes) available for the CISA exam in addi
the books offered by ISACA and review courses offered by ISACA chapters.
http://www.securians.com/wiki/FAQs/index.php?title=CISA_FAQs:Advic... 12/03/2011
CISA FAQs:Advice & Guidance - The FAQ Project Page 3 of 12
9. For things or terminologies that you don€™t understand, search it on Google and the ISACA website.
This is a tried and tested method and has a 95 % success rate.
This provides you with the reasoning for right or wrong and gives you the knowledge about the incorrect options,
correct options (which you may mark) and the correct options. So you get to learn much more about the why's and t
dont's. Go through all the 500 or 600 questions you have and then come back and do your practice tests after a w
As you will read the explanations for the questions / answers and relate them to your reading and to your experi
find there is a lot which you missed and this will help you a lot.
... makes some great points, but if you are using the ISACA CD-ROM course I would not 'mark any option'
you do not have any prior knowledge. The new ISACA course utilizes a diagnostic tool to adjust your studying to
learning needs. If you 'guess' a question and happen to be correct, you will slightly distort the accuracy of t
diagnostics. The more questions you "guess" correctly, the more you impact the diagnostics. If you are viewing
have no knowledge of the material being asked, you can select the "Mark Wrong and Guess" feature in the questio
you to guess at the question without risking any distortion of the diagnostic scoring. Then you can make use of
provided to each question.
...will take the December exam and just read the CRM and finished the questions in
the CD. My rate is about 62% correct, way below the 75% required to pass the
exam. would you guy shed some light on how well you did on those questions when
preparing the exam?
> Try to hit at least 90% by exam time. Although the CRM alone will not be enough to pass the exam.
> Also read some of the articles on the CD-ROM and ISACA website
I found the questions on "the CISA prep Guide" are very difficult. I wonder if it's
worthwhile to try the questions on this book? I also tried the CRM CD, only got
50% in some chapters.
> I try the sample questions on CD and always get 50%. I do think it is helpful to practice using CRM question o
> to familiar with the question format, especially it helps me learning how to use auditor view to answer the qu
http://www.securians.com/wiki/FAQs/index.php?title=CISA_FAQs:Advic... 12/03/2011
CISA FAQs:Advice & Guidance - The FAQ Project Page 4 of 12
After Passing CISA the first task is to apply for CISA. I have tried to explain the procedure in simple steps.
a. Visit http://www.isaca.org/cisaapp
b. Now look for these lines
For those who took the exam in 2006 or later:
Download Application (PDF, 93K) or request an application from the Certification Department
i Download the form.
ii Downloaded form is also attached with this mail
c. Now read the page marked as below :-
Application for CISA Certification
Requirements to Become a Certified Information Systems Auditor
- This page contains all the requirements to become CISA.
1 The first and foremost condition is passing CISA Exam, which you have already done.
2 Second condition is Experience of 5 years.
- There are some relaxations in experience for some specific experience / qualifications.
Some of them are as under :-
• Max 1 Year of Exp. with One Year of IS Audit OR IS Security OR IS Control.
Plus
• Max 1 years for Degrees like BA, B Com, B Sc etc.
OR
• Max 2 years for 4 Year Degrees like BE, B Tech.
OR
• Max 1 Year for a Degree in IS Security (like PRISM Program of Mumbai or IS Program of ICFAI)
Plus
• Max 1 year for Min. 2 Years full time teaching in IS Security at University.
Now count how many of experience you require ?
This experience must be in related fields as we studied in CISA Exam.
3. Third Condition is to abide by ISACA Code of Professional Ethics.
4. Fourth Condition is abide by IS Standards by ISACA.
5. Fifth Condition is CPE
(will be required after becoming CISA - we shall discuss this in detail in a separate email)
d.Now Go to Page Marked as Under
Application for CISA Certification
Instructions for Completion of Forms
1. Read these instructions before completing the form.
2. Now go to page 1 of the form.
. Here give names and addresses of 3 persons who will certify your experience.
These may be your seniors or ex-employer( s). These people will be contacted / called to confirm you
2.1 Now go to page 2
. Fill in the details related to work experience.
. Tick against areas (domain) we studied in CRM.
. Now go to part B and claim experience waivers.
. Complete all details on page 2.
2.2 Now go to page 3.
. Take print-out or make 3 copies.
. Give one copy each to the persons from whom you are receiving the references.
. These certificates must be kept in separate covers but may be sent with the same big cover in which y
are sending the CISA Application.
e. Now put these 3 covers in one big cover
- Also put the application form in big cover.
- Send this cover to ISACA at the address :-
Certification Coordinator
ISACA
3701 Algonquin Road, Suite 1010
Rolling Meadows, IL 60008-3124 USA
f. You will receive your certification confirmation via email.
Hope this will help you in claiming your CISA Certificate.
Please note that ISACA is strict in verification and any wrong information may lead to rejection/cancellation of
- Mukesh Pandya, CISA
Disclaimer : The steps are indicative and not exhaustive. Please read the CISA Application for Certification pub
ISACA as a standard document. This is a work by Mukesh Pandya just to help the members of CISA-Study Group.
http://www.securians.com/wiki/FAQs/index.php?title=CISA_FAQs:Advic... 12/03/2011
CISA FAQs:Advice & Guidance - The FAQ Project Page 5 of 12
(I have seen ISACA site, I am having impression that 5 years experience in any one
domain would serve the purpose; kindly correct me if I am wrong)
You only need five years of experience in audit or Infosec, no matter which domains are covered.
CPE's
Can someone please point me at a list of what activities (apart of course from
ISACA sponsored events) are allowable for CPEs for ISACA/CISA.
For example, the ISC2 describes the activities and criteria here:
https://www.isc2.org/cgi-bin/cissp_content.cgi?page=89 Is there a similar page on
the ISACA web site?
Note: There is much more ... Check the CISA Continuing Education Policy
(http://www.isaca.org/Template.cfm?
Section=CISA_Certification&Template=/TaggedPage/TaggedPageDisplay.cfm&TPLID=28&C
on the ISACA website.
Can anyone tell me where i can get the copy of CISA Technical Manual and CD in
Mumbai (Xerox copy) ? Or the members who are preparing for CISA 2004 and who can
share the study material or order CISA material altogether (in group).
Unauthorized reproduction of ISACA Publications including CISA Manual and CISA Review Questions may amount to vi
copyrights. This may lead to prosecution of the offenders under Copyrights Act (as applicable to India or elsewh
Further any CISA candidate doing this would be violating the ISACA Code of Ethics.
I think the minimum requirement for any professional is conforming to ethical standards of conduct. This would i
short-cut methods or trying to get the certification by hook or by crook.
Have you read the Code of Ethics? Auditors by definition should be respected and trusted members of the communit
infringement doesn't add much respect to you.
Note: This is by far the most active request on the group whenever a new batch starts
preparing (or deciding) to sit for the exam. And warnings are given every time, and a
code of conduct document is also circulated. Please stay away from such requests and
remain clean - it's ethical and the expected course of action. You are going to spend on
http://www.securians.com/wiki/FAQs/index.php?title=CISA_FAQs:Advic... 12/03/2011
CISA FAQs:Advice & Guidance - The FAQ Project Page 6 of 12
the exam, so this is a bit more and you will easily cover the amount in your next
appraisal, or your company will reimburse you.
I am preparing for CISA 2004. But I dont have the CISA Manual 2004. Also, I have
the Q & A 2002 CD with me. Do you have the CISA manual 2004. I would like to
share it with you. Also, anybody willing to share notes/CD do mail me.
To the best of my knowledge, the 2002 Q&A CD is licensed for a single user/CPU. If you are planning to use this
for a CISA study group, it might be advisable for you to contact ISACA to determine their policies on "sharing" t
- ISACA has a process for disputing specific questions. If you have an issue with one or more questions, please t
them at certification@isaca.org
- Postings to this group that cite specific questions are subject to removal.
- Persons who post questions that cite specific questions are subject to being moderated (i.e. postings must be a
or removed.
Then again... CISAs are not allowed to discuss exam questions, which means questions that they responded when th
CISA exam. We can discuss practice "public-available" questions to help others prepare for the test.
Note: As mentioned elsewhere in this FAQ the CD may or may not contain questions
from previous exams. Besides, these questions are NOT for publication or use and they
are provided to you under copyrights which are owned by ISACA. So again, please read
the copyright notice which came along with the CD and then decide what you section
don't agree to or want to violate, and do it at your own risk. The risk of revocation of
your designation and a lawsuit ?
http://www.securians.com/wiki/FAQs/index.php?title=CISA_FAQs:Advic... 12/03/2011
CISA FAQs:Advice & Guidance - The FAQ Project Page 7 of 12
CISA® Review Classes are usually conducted by all ISACA Chapters. Check with
the ISACA Chapter in your city. You can also register for the online classes
conducted by ISACA.
ISACA Offers an online course. Will identify other vendors and update this
resource.
Well the best place is at the Review class in your city. You will find other
candidates like yourself who are also looking for study partners. You can also post a
http://www.securians.com/wiki/FAQs/index.php?title=CISA_FAQs:Advic... 12/03/2011
CISA FAQs:Advice & Guidance - The FAQ Project Page 8 of 12
message on the mailing list. Maybe I shall start a project to provide a platform for
people to connect together and form study groups.
Please help us be guided like what are the most efficient resources and
approaches.
Use ISACA as a reference and find other books worth reading...ISACA manual is very dry and a pain to read...just
You can start googling CISA books then read the review...there are a lot of good books there..
i have 3 CISA prep books to support the ISACA manual...plus the question database of 2006...
Try CISA Cram 2 by Allen Keele, easier read. I got a used copy on Amazon for less than $20.
Voices
ISACA has published good study material for CISA Exam. The details are available at http://www.isaca.org/booksto
Please note that CISA Review Manual (CRM) is NOT available in PDF Format. Please avoid emails for PDF version of
http://www.securians.com/wiki/FAQs/index.php?title=CISA_FAQs:Advic... 12/03/2011
CISA FAQs:Advice & Guidance - The FAQ Project Page 9 of 12
However CISA Question Bank is available in CD / Download Version. But I suggest you to go for printed version be
the examination is paper based so study with printed material will help you more.
There are some other material / books are also available, details of which can be found on CISA-Study Group's Ho
http://tech.groups.yahoo.com/group/CISA-Study/files/ However, I will strongly suggest you to stick to CRM only.
Can anyone tell me the book name and author for CISA preparation. The ISACA
manual is really very dry.
From my research and communication with other CISAs the best study resources are:
1. 2007 CISA CD database from ISACA website.
2. The 2007 CISA Study Manual from the ISACA website.
3. The CISA Study Guide by David Cannon - Sybex Pub.
Here's the link to CISA Review Manual 2004 and Review Questions 2003 and 2004, -- official publications of ISACA
CISA® Books (http://www.isaca.org/cisabooks)
I do not know what's the best study material but SRV's (www.srvbooks.com)study material helped at least me to pa
the CISA- exam (though rather long time ago).
In addition Micromash (www.micromash.net) is selling a CISA online review course.
Note: the responses may mention CRM 2004 or a earlier year so obviously this is a
response from someone in that year. The questions remain the same, and so do the
responses. The link given above takes you to the ISACA Bookstore and you will get the
latest version of the CRM ! Remember, these responses are reproduced here verbatim.
What's the difference between CISA Review Manual and CISA Prep Guide? Which
one is more accessible and more easy to read ? Are any differences between them ?
Which one is better to study for the exam ?
The CISA prep guide isn't the best-written book on CISA or security auditing in general. You should get the CRM 2
the December exam to get most comprehensive material for the exam. Also get the 650 Qs CD set if you can afford
I've got the CRM from 2004, i don't have the 2500 yet. It's better to learn from the
CRM insteed of Prep Guide ? I can't afford 650 Q&A. :(
Basic difference is that the manual is official.... issued by ISACA. Prep guides are prepared by various publish
The best combination would be Manual+CD (containing about 1000 odd questions+ Ron Weber's Text book
http://www.securians.com/wiki/FAQs/index.php?title=CISA_FAQs:Advic... 12/03/2011
CISA FAQs:Advice & Guidance - The FAQ Project Page 10 of 12
Of course you can start your own study group. And no you do not need to ask for
permission from anyone. These are informal groups and candidates support each
other in their efforts.
http://www.securians.com/wiki/FAQs/index.php?title=CISA_FAQs:Advic... 12/03/2011
CISA FAQs:Advice & Guidance - The FAQ Project Page 11 of 12
You will be able to find people through the ISACA Chapter in your city.
Why don't you post on the CISA Mailing List on Yahoo! too.
Are there any online groups which I can join for help
Yes the CISA® forum on Yahoo! Groups. Then there is the CISA® group on
Facebook and Orkut. The various ISACA Chapters, many other locations (both
physical and virtual). I run the Toronto Information Security Meetup and CISA®
professionals are welcome to join.
http://www.securians.com/wiki/FAQs/index.php?title=CISA_FAQs:Advic... 12/03/2011
CISA FAQs:Advice & Guidance - The FAQ Project Page 12 of 12
ACS, the recognized association for information and communications technology professionals, provides advice on s
recognition for prospective migrants to Australia. Under the agreement between the ACS and the Department of Imm
Citizenship, those seeking to migrate to Australia as an IT professional must complete an assessment through the
lodging a migration application.
http://www.securians.com/wiki/FAQs/index.php?title=CISA_FAQs:Advic... 12/03/2011