I have been taking a Certified Information Systems Auditor (CISA) course on Saturdays to get ready for the CISA exam. Not only does my employer need me to have it, but the CISA certification is actually sought after by many IT auditors. I obtained the books from ISACA and started reviewing them before the course. Now, I have done SANS training and passed GSEC, GCIH and Security+; these were very security related courses. However, CISA is different.
Our first instructor had the class mingle to get to know each other. He emphasized that outside of us learning from him and the lecture, we learn from each other and our experiences. This has been very helpful because if we run across a question, there are some students who have practical, real world experience who can provide examples about what they have seen in the industry. I come from a security perspective with my Regis education and experience, and I feel that my knowledge helped me understand how security and auditing connected.
The interesting part about this class is that the instructors have told our class to study the exam questions on the ISACA compact disc or the web database (the compact disc is actually updated more frequently). In fact, the third instructor told us to go through the exam questions and refer to the review guide for things we didn’t understand. The instructors have stated that there were a few things we should know straight from the book, and highlighted those areas. At the same time, the instructors have emphasized that having knowledge and experience will help immensely in understanding and passing CISA. I feel my knowledge of penetration testing from my thesis in Regis’ MS in Information Assurance program helped me understand what the CISA is looking for during an audit.
Outside of studying the exam questions for the concepts of CISA, I have learned that CISA pertains to security via accountability. It is more auditing than anything. It really comes down to documentation and being able to hold someone accountable when something is not right. It is about knowing what the laws and practices are and ensuring the company being audited has the right policy and procedures in place to avoid issues.
Regis University does have coursework in auditing to prepare a student for the journey to take and pass the CISA. Think about it, you would likely be ahead of some of the students in the ISACA class and be able to share your knowledge from Regis with them.
I still have some sessions to go before taking the exam, but I really do appreciate the Denver ISACA Chapter for putting this on for free and the instructors taking their time to teach it for free (they do receive CPEs for teaching the course).
Want to learn more about the Master of Science in Information assurance at Regis? Request more information or call us at 877-820-0581 to speak with an admissions counselor.