Top 5 Essential Tips for Passing the ISACA CISA Exam

It’s that season again, and auditors are starting to think about the next step in their careers. Many started the new year with resolutions, including educational goals. For an auditor, one of the educational eventualities that all auditors must eventually face is, is this the year I should become CISA certified?

ISACA only offers the exam twice a year, once in June and once in December each year. So taking the exam requires a little planning. If you’re one of those people that’s considering the exam this year, I have some advice for you. I’ve been teaching a CISA preparation class that I authored for the SANS Institute since 2005, and in all these classes I’ve taught, we’ve only ever had one student fail the exam. That being said, I have some advice for those of you considering taking the exam that I hope will help you to prepare and meet your educational resolutions!

1. Start Planning Now. You can’t wait until May and then expect to pass the exam. First of all, registrations for the exam are cutoff in April. That means you have to at least sign up for the exam two months in advance. If you don’t sign up I guarantee you won’t pass the exam. Once you’ve signed up for the exam, the second part of this step is to make yourself a training schedule and stick to it. Don’t underestimate the power of a good project plan for passing the exam!

2. Digest the ISACA Review Manual. You have to plan on reading the Review Manual from ISACA for the year you take the exam. Don’t bother with any other books or websites. This is the authoritative material that the exam questions are based on. Focus your time on this book, read it cover to cover, and make sure you understand everything inside. How easy is that?

3. Attend an In-Depth Review Course. There are a lot of courses out there run by volunteers, especially local ISACA chapters, that are trying to help their members with study sessions. These classes can be good refreshers, but make sure you know, they’re just that refreshers run by good hearted volunteers. If you take a short review class, bootcamp, or try to prepare on your own make sure you know, you will have to spend a lot more time preparing for the exam on your own. If your self motivated, these methods will work. But if you need structure to help you with your goals, consider signing up for a course that will help mentor you through the materials from start to finish and that won’t assume you already know the information.

4. Start Thinking Like an Accountant. This is one of the best pieces of advice you can get when you’re preparing for the exam. Remember, most of the people who wrote the CISA exam are either accountants or work in the financial services industry. They think like accountants. They don’t think like technology geeks or infosec professionals. Start to ask yourself the question, how would an accountant think about this question? This will help tremendously especially once you start taking practice tests and are trying to decide between two answers that both seem like they could be valid answers.

5. Take as Many ISACA Practice Tests as Possible. Like the ISACA Review Manual, focus on taking practice tests from ISACA as a part of your training schedule. Don’t try to use brain dump sites or memorize answers – but take as many ISACA practice tests as possible. This will get you into the mode of being able to answer questions the way ISACA wants you to answer them. This will also help test your knowledge level of the different content areas covered by the exam. The more questions and practice tests you take the better off you will do. You should plan on consistently scoring 90% or better on your tests before you take the real thing. (Side note, if you decide to take the preparation course with SANS, don’t buy these on your own, they’re included in the price of the class).

Overall passing the exam is possible. Many people have gone before you to pass the exam and have been successful and so can you. But passing the CISA exam is not something you try to throw together at the last minute. It requires time and dedication to reach the goal. Everyone I talk to that works in the audit field tells me, this certification is a must if you want a career in the IS Audit field. Maybe this is your year?

 As I mentioned before, at the SANS Institute we do offer an in-depth training program for passing the exam. This is not a boot camp, but it is in-depth training and mentoring that is designed to teach you what you need to know to be a good auditor, as well as help you pass the exam. To learn more about the next class we’re offering, check us out online here: http://tr.im/MGnD.

Good luck, and we wish you the best in your preparations this year!

SANS Webcast on the 20 Critical Security Controls – Aug 13th at 1pm ET

I’ll be presenting a webcast for the SANS Institute, along with Alan Paller and Eric Cole on the 20 Critical Security Controls. There’s been a lot of news on these controls in the past few months and a lot of discussion on how they interact with FISMA and NIST guidance for information security. This webcast is meant to talk about the latest developments with these controls and give some real life examples of how these controls are being used by organizations today to thwart some of the cyber-attacks that have been taking place.

If you have a few minutes to listen, I think it will be worth it – plus you can’t beat the price (free). Here’s the link to register, you’ll want to make sure you’re signed up in advance to make sure you get a spot: 

https://www.sans.org/webcasts/show.php?webcastid=92748

There will be Questions & Answers after the webcast. If you want to get your questions to the top of the pile, send it to my Twitter account at @jamestarala.

Free CISA Exam Prep Resources for the Upcoming Exam

I know a lot of you are diligently preparing for the CISA exam this weekend. For those of you who aren’t or you’ve never heard of the exam, read more about it here – www.isaca.org/cisa/.

Why should you care about this cert? Well, basically if you want to enter the audit field or if you’re an auditor and ever think you’ll want to change companies, you’ll need to have this cert. Not only did SC magazine name it to be their top infosec cert of the year, it’s also pretty well considered the entry ticket into the IS audit profession.

Ok, let’s get back to that free part…

So last night I recorded a two hour presentation on what to do this week to get ready for the exam. If you’re not already signed up for the exam, forget it, but you can try again in December later this year. The purpose of the presentation is to focus your studies the week before the exam. We try to give you a practical set of tips on areas you should be focusing on, what to do logistically to prepare, and general strategies for success.

If you want more information or want to be able to listen, you’ll have to register for it, but the best thing to do is visit this link (https://www.sans.org/registration/register.php?conferenceid=19554), register for the presentation, and enjoy the content. You’ll need to use the discount code (Review) to get it for free after you register.

Or on the other hand, just send me a tweet and ask what to do at either @jamestarala or @isaudit. Either way…
Enjoy, and good luck on the exam this weekend!