What’s New in CISA?
Discover the latest advancements in the renowned Certified Information Systems Auditor (CISA) certification. In an ever-evolving landscape of cybersecurity and information systems management, staying abreast of the newest developments is crucial. This article navigates through the updates in the refreshed exam content, shedding light on how the CISA certification continues to evolve to meet the demands of an increasingly complex digital world.
Table of Contents
Introduction to CISA Certification
Overview of CISA Changes
Detailed CISA Domains
CISA Domain 1: Information Systems Auditing Process (18%)
CISA Domain 2: Governance and Management of IT (18%)
CISA Domain 3: Information Systems Acquisition, Development and Implementation (12%)
CISA Domain 4: Information Systems Operations and Business Resilience (26%)
CISA Domain 5: Protection of Information Assets (26%)
Preparing for the 2024 CISA Exam
Introduction to CISA Certification
The Certified Information Systems Auditor (CISA) certification validates expertise in auditing, controlling, monitoring, and assessing information technology and business systems. It demonstrates proficiency in safeguarding and managing enterprise IT assets, ensuring compliance with regulations, and assessing risks. CISA holders are highly sought-after professionals in the field of information systems auditing and security.
Overview of CISA Changes
The 2024 update to the CISA certification exam maintains its structure around five core domains but introduces new topics and focus areas within each, aligning more closely with modern IT audit and cybersecurity practices. This change reflects ISACA’s commitment to keeping the certification relevant to today’s rapidly changing technology landscape.
The Exam’s Content Outline (ECO) has been updated with a slight shift in weightage. This adjustment affects the focus placed on each domain and the number of questions candidates can expect on the CISA certification exam.
Detailed CISA Domains
| Domains | CISA 2019 | CISA 2024 |
| Information System Auditing Process | 21% | 18% |
| Governance and Management of IT | 17% | 18% |
| Information System Acquisition, Development, and Implementation | 12% | 12% |
| Information Systems Operations and Business Resilience | 23% | 26% |
| Protection of Information of Assets | 27% | 26% |
CISA Domain 1: Information Systems Auditing Process (18%)
Overview:
Domain 1, comprising 18% of the IS auditing process, focuses on ensuring industry-standard audit services. It involves planning, which is adhering to IS audit standards and codes of ethics, understanding business processes, employing various controls, and conducting risk-based audit planning. Execution entails project management, sampling, evidence collection, data analytics, and effective reporting, alongside ensuring the quality improvement of the audit process.
What’s new?
The overall domain weightage concerning the auditing process has been reduced to 18% while maintaining the foundational principles of auditing. Additionally, the new course content delves into how to integrate auditing seamlessly into the IT governance process of an organization. New subtopics include enhanced methodologies for risk-based audit planning, audit evidence collection techniques, and quality assurance in the audit process.
| CISA 2019 (21%) | CISA 2024 (18%) |
| A-Planning • IS Audit Standards, Guidelines, and Codes of Ethics • Business Processes • Types of Controls • Risk-Based Audit Planning • Types of Audits and Assessments |
A-Planning • IS Audit Standards, Guidelines, and Codes of Ethics • Business Processes • Types of Controls • Risk-Based Audit Planning • Types of Audits and Assessments |
| B-Execution • Audit Project Management • Sampling Methodology • Audit Evidence Collection Techniques • Data Analytics • Reporting and Communication Techniques • Quality Assurance and Improvement of the Audit Process |
B-Execution • Audit Project Management • Sampling Methodology • Audit Evidence Collection Techniques • Data Analytics • Reporting and Communication Techniques • Quality Assurance and Improvement of the Audit Process |
CISA Domain 2: Governance and Management of IT (18%)
Overview:
Domain 2, Governance and Management of IT, constitutes 18% of the exam. It highlights the vital role of IT governance and management in safeguarding information and related technologies. This domain delves into IT Governance and IT Management. Governance includes IT strategy, frameworks, standards, risk management, and legal compliance. Management covers resource allocation, service provider oversight, performance monitoring, and quality assurance, enabling professionals to recommend tailored practices for effective IT governance and management.
What’s new?
Updates to this domain reflect the growing complexity of IT governance and management, incorporating topics like IT-related frameworks, enterprise risk management, and maturity models. It underscores the auditor’s role in identifying critical issues and recommending practices for the governance of information and related technologies.
| CISA 2019 (17%) | CISA 2024 (18%) |
| A-IT Governance and IT Strategy
• IT-Related Frameworks |
A-IT Governance
• IT Governance and IT Strategy |
| B-IT Management • IT Resource Management • IT Service Provider Acquisition and Management • IT Performance Monitoring and Reporting • Quality Assurance and Quality Management of IT |
B-IT Management • IT Resource Management • IT Service Provider Acquisition and Management • IT Performance Monitoring and Reporting • Quality Assurance and Quality Management of IT |
CISA Domain 3: Information Systems Acquisition, Development and Implementation (12%)
Overview:
Domain 3 constitutes 12% of the exam and underscores the critical link between IT and business processes. It focuses on acquiring, developing, and implementing information systems. This involves project governance, feasibility analysis, development methodologies, and designing controls. It also includes implementation tasks like testing, configuration management, system migration, and post-implementation review. Mastery in this domain demonstrates proficiency in IT controls and an understanding of IT’s business relevance.
What’s new?
This domain now represents 12% of the exam and includes updated content on project governance, system development methodologies, and control identification and design. It validates the auditor’s expertise in overseeing the acquisition and implementation of information systems.
| CISA 2019 (12%) | CISA 2024 (12%) |
| A-Information Systems Acquisition and Development • Project Governance and Management • Business Case and Feasibility Analysis • System Development Methodologies • Control Identification and Design |
A-Information Systems Acquisition and Development • Project Governance and Management • Business Case and Feasibility Analysis • System Development Methodologies • Control Identification and Design |
| B-Information Systems Implementation • Testing Methodologies • Configuration and Release Management • System Migration, Infrastructure Deployment and Data Conversion • Post-Implementation Review |
B-Information Systems Implementation • Testing Methodologies • Configuration and Release Management • System Migration, Infrastructure Deployment and Data Conversion • Post-Implementation Review |
CISA Domain 4: Information Systems Operations and Business Resilience (26%)
Overview:
Domain 4, comprising 26%, addresses information systems operations and business resilience. It covers various operational aspects such as technology components, asset management, job scheduling, and user computing. It also involves data governance, performance management, incident handling, and change management. Business resilience focuses on BIA, system resilience, data backup, continuity, and disaster recovery planning. Proficiency in this domain demonstrates adeptness in IT controls and understanding of IT’s business impact.
What’s new?
Making up 26% of the exam, this domain has undergone substantial expansion to encompass a wider spectrum of topics aimed at mitigating risks across all organizational levels. Notably, it now addresses risks stemming from heightened remote work practices and potential disruptions such as pandemics. The updated topics include IT asset management, data governance, and business continuity planning. It highlights the auditor’s role in ensuring the smooth operation and resilience of information systems within a business context.
| CISA 2019 (23%) | CISA 2024 (26%) |
| A-Information Systems Operations • Common Technology Components • IT Asset Management • Job Scheduling and Production Process Automation • System Interfaces • End-User Computing • Data Governance • Systems Performance Management • Problem and Incident Management • Change, Configuration, Release, and Patch Management • IT Service Level Management |
A-Information Systems Operations • Common Technology Components • IT Asset Management • Job Scheduling and Production Process Automation • System Interfaces • End-User Computing • Data Governance • Systems Performance Management • Problem and Incident Management • Change, Configuration, Release, and Patch Management • IT Service Level Management • Database Management |
| B-Business Resilience • Business Impact Analysis • System Resiliency • Data Backup, Storage and Restoration • Business Continuity Plan • Disaster Recovery Plans |
B-Business Resilience • Business Impact Analysis (BIA) • System Resiliency • Data Backup, Storage, and Restoration • Business Continuity Plan (BCP) • Disaster Recovery Plans (DRP) |
CISA Domain 5: Protection of Information Assets (26%)
Overview:
Domain 5, comprising 26%, focuses on safeguarding information assets. It involves various aspects, such as establishing security frameworks, controlling access to data, managing identities, and securing networks and endpoints. It also involves monitoring security events, responding to incidents, and conducting forensic analysis. Understanding these principles and implementing best practices is crucial in addressing the evolving landscape of cybersecurity threats.
What’s new?
This domain now places a stronger emphasis on cybersecurity principles, including information asset security frameworks and privacy principles. It addresses the increasing importance of cybersecurity in the audit profession, reflecting its impact on virtually every aspect of information systems roles.
| CISA 2019 (27%) | CISA 2024 (26%) |
| A-Information Asset Security Frameworks, Standards and Guidelines • Privacy Principles • Physical Access and Environmental Controls • Identity and Access Management • Network and End-point Security • Data Classification • Data Encryption and Encryption-Related Techniques • Public Key Infrastructure • Web-Based Communication Technologies • Virtualized Environments • Mobile, Wireless and Internet-of-things Devices |
A-Information Asset Security and Control • Information Asset Security Frameworks, Standards, and Guidelines • Privacy Principles • Physical Access and Environmental Controls • Identity and Access Management • Network and End-Point Security • Data Classification • Data Encryption and Encryption-Related Techniques • Public Key Infrastructure (PKI) • Web-Based Communication Techniques • Virtualized Environments • Mobile, Wireless, and Internet-of-Things (IoT) Devices |
| B-Security Event Management • Security Awareness Training and Programs • Information System Attack Methods and Techniques • Security Testing Tools and Techniques • Security Monitoring Tools and Techniques • Incident Response Management • Evidence Collection and Forensics |
B-Security Event Management • Security Awareness Training and Programs • Information System Attack Methods and Techniques • Security Testing Tools and Techniques • Security Monitoring Tools and Techniques • Incident Response Management • Evidence Collection and Forensics |
Preparing for the 2024 CISA Exam:
Prospective candidates should note that exam preparation materials reflecting these updates are available from May 1, 2024. Take ample time for study and familiarization with the new topics and focus areas introduced in the updated exam.
CISA with InfosecTrain
The updated CISA exam, effective from August 1, 2024, maintains its structure with five domains but introduces new updates reflecting the latest technologies and innovations in IT audit practices. These changes ensure the exam remains relevant to current industry standards and practices, testing candidates on critical aspects of information systems auditing, IT governance and management, system acquisition, development, implementation, operations, business resilience, and information asset protection. For detailed updates and exam prep materials, refer to ISACA’s announcement and resources.
Discover the newest in CISA 2024 with InfosecTrain’s expert-led CISA certification training. The course will help participants stay ahead in cybersecurity with the latest curriculum, hands-on labs, and real-world insights. Boost your career and protect organizations from evolving threats. Enroll today!
TRAINING CALENDAR of Upcoming Batches For CISA
| Start Date | End Date | Start - End Time | Batch Type | Training Mode | Batch Status | |
|---|---|---|---|---|---|---|
| 30-Nov-2024 | 29-Dec-2024 | 09:00 - 13:00 IST | Weekend | Online | [ Open ] | |
| 28-Dec-2024 | 15-Feb-2025 | 20:00 - 23:00 IST | Weekend | Online | [ Open ] | |
| 18-Jan-2025 | 22-Feb-2025 | 19:00 - 23:00 IST | Weekend | Online | [ Open ] |
Contact Us
1800-843-7890 (India) 
