Cisa Job Practice

ISACA CISA Job Practice Update 2019

As of June 2019, ISACA have made changes and improvements to the job practice for their CISA certification. As a premier partner of ISACA for the US and EMEA, it’s important for Firebrand clients to be made aware.

For the last 50 years, ISACA has established themselves as a reputable provider of IT certifications across the world. The CISA certification is recognised as one of their most sought after, successful endorsements, and has proven the most favourable way for security professionals to showcase their abilities and experience in the IT industry.

To remain relevant and ahead of the game, IT certifications need to be constantly updated and improved - so since June 2019, ISACA introduced a new CISA Job Practice.

Kim Cohen, ISACA’s director of certification, explained how ISACA has a responsibility to “ensure CISA continues evolving to best serve certification-holders and their enterprises... [in order to guarantee they stay]... relevant in their field long after they have passed their exam.”

As a premier ISACA partner for EMEA and the US, Firebrand welcomes the exciting opportunities the new job practice brings to the IT industry. 

So, what are the main changes to the CISA Job Practice?

In November 2018, ISACA announced their intentions to update job practice areas of the CISA. The domains, sub-domains and task statements representing the work performed in information systems audit, assurance and control, will all be updated and their systems improved.
ISACA enlisted and removed new task statements and rewrote the domains - what each of them involves and their weight. 

The changes in the CISA Job Practice are the results developed after extensive research, feedback, and validation from subject matter experts and prominent industry leaders. According to ISACA, the CISA Practice Analysis Task Force was composed of 9 expert members and more than 4,000 CISA-certified professionals from around the world.
Regarding the domains of the new CISA Job Practice, the number will remain the same but changes will be made to the exam content and the importance of each criteria. Two subdomains will also be added to each of the five job practice areas. 
In new job practice areas, knowledge statements are rewritten to make sure they are current with modern technologies and used properly to refrain from any losses or redundancies. 
Cisa Certification Blog 2

The new task statements 

The CISA 2019 Job Practice areas are made of 39 task statements. Of these, 35 remain the same but have been rewritten in order to remain relevant, five are new to deal with changes within the IT audit and security profession, and one has been completely removed.

The five new task statements comprise of:
  1. Perform technical security testing to identify potential threats and vulnerabilities
  2. Utilise data analytics tools to streamline audit processes
  3. Utilise data analytics tools to streamline audit processes
  4. Identify opportunities for process improvement in the organisation’s IT policies and practices
  5. Evaluate potential opportunities and threats associated with emerging technologies, regulations, and industry practices

The five domains of the CISA Job Practice

The domains of the CISA Job Practice hold great authority in the certification. The Five Domains, in fact, have not changed, but are now broken down into sub-domains so that they are more comprehensible and relevant.

1. The Process of Auditing Information Systems

In this domain, you’ll learn how the CISA certification offers standardised audit services to help organisations in controlling and safeguarding Information Systems. You’ll also learn how to help find business’ current IT security, potential risks, and control solutions.

There are multiple subdomains here, the two main ones being Planning and Execution. Planning involves risk-based audit planning, control types, business process and information system audit standards, code of ethics and guidelines.

Execution incorporates audit project management, sampling methodologies, data analytics, audit evidence, collection techniques and reporting and communication techniques.

This domain is still weighted the same as before at 21%.

2. Governance and Management of IT

This domain is split into two subdomains: IT Governance and IT Management. The weighting of Domain 2 has increased from 1% to 17%. It ensures that essential processes and structures are available to accomplish the organisations' objectives and strategies.

This domain also makes sure you can identify issues and provide recommendations for supporting and protecting the governance of information and associated technology.

3. Information Systems Acquisition, Development and Implementation

This domain has been reduced from 18% to 12% weighting and has been split into Information Systems Acquisition and Development and Information Systems Implementation. You’ll learn about Information Systems Acquisition, Development and Implementation to meet organisational objectives. 
Luke Isaca

4. Information Systems Operations and Business Resilience

This domain confirms that you have learnt about IT principles such as asset management, system interfaces, data governance and end-user computing, to name a few.

This domain is divided into Information Systems Operations and Business Resilience and holds a weight of 23%. Business resilience involves the understanding of Disaster Recovery Plan (DRP), Business Continuity Plan (BCP), Business Impact Analysis (BIA), System Resiliency and Data Backup, Storage and Restoration. 

5. Protection of Information Assets

This is the most important domain of the CISA certification. It's being increased to a 27% weighting and has been split into Information Asset Security and Control and Security Event Management.

Protecting Information Assets is one of the key roles for CISA certification holders. This domain provides you with in-depth insight of security awareness training, attach methods, incident response, privacy principles, network security and more.

Get certified, fast

No other partner trains as many people for the ISACA certification in the US or EMEA. As a trusted provider, gain your certification through Firebrand’s all-inclusive accelerated courses, where you’ll have access to official courseware, curriculum, and be taught by certified ISACA instructors in a distraction-free environment. 

As the industry's "gold standard” certification for IS audit control, assurance and security professionals, employers would immediately identify the high-quality standard and your career prospects would immediately accelerate.
Get certified with Firebrand and return to the office a CISA expert.