CISA Study Material

bodacious00

Hello,

I'm planning on attempting the CISA exam in June and would like to know what books you guys recommend. I found many books online, but I'm not really too sure which books are best. Any feedback is appreciated.

Thanks.

JDMurray

Have looked for CISA study material reviews at www.isaca.org and www.cccure.org too?

bodacious00

Thanks JD. I looked at those resources as well, but there wasn't much info I was looking for.

The ISACA site has CISA study aids that are a bit pricey (IMO) and doesn't display customer feedback on the material. I'm not too sure how effective their study material may be.

The AIO CISA book by Gregory seems to be the most popular, as referenced in cccure.org, but I'm not sure if this book can be used alone to pass the exam.

Although I think that the ISACA material may be the best bet to prepare and pass the CISA exam, I'm a pretty cheap guy. I don't really want to spend $130 on a book that has the same material as the AIO $50 book. I don't get reimbursed for study material and only get reimbursed by my employer if I pass the exam.

dynamik

I'm going to use the official guides with the AIO book. Seems like that should be enough.

Edit: Just saw your response. It seems like the official guides go into a little more depth, but are more difficult to read. This is a relatively expensive exam that's only offered twice per year, so I'd rather be over-prepared.

eMeS

I intended to use Amazon.com: CISA Certified Information Systems Auditor Study Guide (9780470231524): David L. Cannon: Books

However I was lazy and ran out of time and only got to do quick pass through the book.

IMO, the exam isn't hard if you meet the experience requirements. It's most accurate to say that the exam is long and covers a lot of territory.

MS

down77

I'm currently using this one for the June attempt:

Amazon.com: CISA Certified Information Systems Auditor All-in-One Exam Guide (9780071487559): Peter H. Gregory: Books

I agree with eMeS, the material is not too bad as long as you have the experience behind it. I expect the test to be a quarter mile long and an inch deep.

You may also want to check for any local ISSA study sessions/groups.

eMeS

down77 wrote: »

I expect the test to be a quarter mile long and an inch deep.

That's about it....such as knowing the different phases of audits as well as the types of fire suppression systems in use in data centers....

MS

Paul Boz

All you need is the official books for the exam. If it's not in the books it's not on the test. That's at least the story with the three people I know with the CISA.

GAngel

eMeS wrote: »

That's about it....such as knowing the different phases of audits as well as the types of fire suppression systems in use in data centers....

MS

That's in the cissp books. All theses exams are rehashes of each other with a bit more content in certain areas.

Paul Boz

GAngel wrote: »

That's in the cissp books. All theses exams are rehashes of each other with a bit more content in certain areas.

That's how all certs are lol. Once you've got the foundation knowledge you can really lay into them.

tpatt100

eMeS wrote: »

That's about it....such as knowing the different phases of audits as well as the types of fire suppression systems in use in data centers....

MS

I completed the first two chapters in the CISA All in One and I found myself completing sentences in my mind before I got to them. I am finding quite a bit of rehash from my CISSP studies. Not that i am complaining though.

eMeS

tpatt100 wrote: »

I completed the first two chapters in the CISA All in One and I found myself completing sentences in my mind before I got to them. I am finding quite a bit of rehash from my CISSP studies. Not that i am complaining though.

Now you're making me want to take the CISSP...afraid that it would be a stretch for me though on the experience requirements....

MS

down77

tpatt100 wrote: »

I completed the first two chapters in the CISA All in One and I found myself completing sentences in my mind before I got to them. I am finding quite a bit of rehash from my CISSP studies. Not that i am complaining though.

I had a very similar experience. I had a few colleagues ask me why I did not take the CISA immediately after I took the CISSP.

eMes,

I am sure if you sit down and match up the domains to your resume you would have more than enough experience to meet the 5 year requirement (minus time served for degrees and certification).

Ye Gum Noki

I studyied on my own for the CISA and considered several resources. I settled on the ISACA official guide and the question bank. The OG is a hard read and I ended up focusing on the question bank and using the OG as a reference for when I got questions wrong.

I took the CISA in 2008, three years after I had passed the CISSP. Obviously there's going to be some similarities in Information Security related exams, but the CISA was a little easier to me, partly because of the CISSP, I'm sure. But mostly I think it was because I used the ISACA material. I highly recommend the OG and the question bank.

Additionally, a word of caution: Unless you're experienced in IT Audit or understand it greatly, the CISA exam can be challenging for CISSPs and InfoSec folks in general. You have to think like an auditor, which, in some cases, can be different than thinking like an InfoSec Pro.

Good luck to all candidates,

Mr. Ye

tpatt100

holy crap the CISA 2010 Question database off the ISACA site is 225 dollars

Ye Gum Noki

Yes it's a little pricey, but still cheaper than a seminar or boot camp. Remember it IS coming from the sanctioning body. It's a great study source.

And... the 2009 question bank and OG are cheaper and there's probably not a ton of difference in the two.

Good luck,

Mr. Ye

akhilesh_rb

Any updates on study material anyone? Has the exam changed in recent times?

akhilesh_rb

GAngel wrote: »

That's in the cissp books. All theses exams are rehashes of each other with a bit more content in certain areas.

Totally agree to this statement. Catch is you should be good at those 'certain areas' to pass the exam.

jtoast

tpatt100 wrote: »

holy crap the CISA 2010 Question database off the ISACA site is 225 dollars

It was worth it to me. I just passed the exam in June and other than a few quick looks inside a pdf or two in their library (I'm a member), the question database was the only thing I used to prepare.

csicilia

In my case I just passed CISA June 2015 exam on top 5% using David Cannon book as the only resource ([FONT=Arial, sans-serif]http://amzn.com/B004RCNGYE) , I found it good enough and at very reasonable price.[/FONT]

andhow

csicilia wrote: »

In my case I just passed CISA June 2015 exam on top 5% using David Cannon book as the only resource (http://amzn.com/B004RCNGYE) , I found it good enough and at very reasonable price.

One of my work peers and I used that book as well. It was very helpful. We both passed. At the time I had solid IT experience and he had solid Audit experience. It seemed to fill in the gaps for both of us.

csicilia

andhow wrote: »

One of my work peers and I used that book as well. It was very helpful. We both passed. At the time I had solid IT experience and he had solid Audit experience. It seemed to fill in the gaps for both of us.

In my case with 20+ years of experience and certified in several frameworks I read it back to back without hurry for 2 months (some weeks I did not opened the book), the day before the exam I read again 2 chapters that I felt I was weaker and the Exam Essentials section of all chapters. In total I would say that I invested around 40 hours to pass it basically using only David Cannon's book.

curiousdude

andhow wrote: »

One of my work peers and I used that book as well. It was very helpful. We both passed. At the time I had solid IT experience and he had solid Audit experience. It seemed to fill in the gaps for both of us.

It seems like the version that is out for David Cannon's book is from 2011 (edition 3). The 4th edition is not going to come out until December 2015. I'm looking to take the exam in September. So the exam hasn't changed much from 4 years ago?

ilikeshells

I used Cannon's book + QA DB for the 2013 sitting. Unlike other folks, I did not have a tremendous amount of work experience. I found Cannon's book a great introduction to many aspects of IT auditing. I couldn't read ISACA's official guide because...<zzzzzzzzz>...However, I would not just read Cannon's book, but also the ISACA's QA DB. This will help you understand the types of Q's ISACA asks.

The field of IT auditing has not changed significantly since 2011. I would say Cannon's book is likely very relevant.

Skayanytime

Guys,any other reliable source with latest editions for the 2015 Dec Exam Prep? Really helps me!
I'd be more than happy to go with David Cannons's but worried if I'd be missing the latest updates and changes I'm sure a lot of practices have changed since 2010's. Suggestions Please..

Mike7

The official guide aka CISA Review Manual 2015 is the most reliable source.
However, most find it to be the cure for insomnia.

Guess you need to be a real auditor to read it.

Skayanytime

Waw.I'm not an auditor I'm aspiring to be one.My current profession is pure IT Operations am a little bit experienced in IT Audits like SOX which draws me to this. I find the review manual expensive buy to find out how bad it is before I could wait for my Company to give an Approval to go - ahead! Thanks anyways Mike.

curiousdude

Well... I guess I just answered my own question. There isn't too much change from the 2015 manual and the david cannon's study guide. At least from 2 chapters that I've read ( protecting information assets, BCP/DRP plans). I've read the 2015 isaca manual from front to back, every single page, and now I'm reading the david cannon book in chapters that I'm not doing too good with on the MCQ. I see many similarities, but the most distinct feature of David Cannon's book is that it is written extremely well, and very very interesting to read. He provides many realistic examples and helps you understand the concepts. Its a good read regardless.

Remedymp

Another book that is relevant to read is the Information Auditor using controls.

faisalma

My IT background is pretty similar to what Skayanytime said. However, i had a year and half of experience in PCI-DSS implementation and then maintaining for my previous work place. But now planning to be become an IT auditor and i was recommended to check CISA by our IT auditor.

I am planning 3 months prep with the help of the following resources,

David Canon - http://www.amazon.com/Certified-Information-Systems-Auditor-Study/dp/0470231521/ref=sr_1_2?ie=UTF8&s=books&qid=1268066203&sr=8-2&tag=viglink20307-20

English: CISA Review Questions, Answers & Explanations Database v15 CD-ROM by ISACA

What do you suggest ? Thanks in advance.

koolguy123

Hey Guys,
I am planning on studying for CISA but I am not sure if I am eligible to get certificate. I have always been working in networking area and been working as Network Security Design/Architecture. I have CCNA, CCNP, CCIE Security Written, Watchguard firewall specialist certifications and Masters degree in computer networking.
I want to finish and take exam in 2 months period. Do you think I am qualified and can take exam in 2 months time. I do network audit but other than this I do not have any more audit experience.

Your help and suggestion will be much appreciated.