The CISA domains cover IT auditing, IT governance, systems development, IT operations, and information security.
The CISA certification framework is organized into five domains that together define the scope of information systems auditing.Domain 1 focuses on the process of auditing information systems, including audit planning, evidence collection, and risk assessment.Domain 2 addresses governance and management of IT, covering IT strategy, governance structures, risk management, and business continuity.Domain 3 examines systems and infrastructure lifecycle management, including project management, system development, and implementation practices.Domain 4 focuses on IT operations, maintenance, and support, such as service management, incident handling, and disaster recovery.Domain 5 covers protection of information assets, including information security, access control, infrastructure security, and physical security.
Understanding how domains connect helps candidates answer cross-domain questions.Many exam scenarios span governance, operations, and security together.
“The domains represent the full IT audit lifecycle.”
This ISO/IEC 27001 Lead Auditor training prepares experienced professionals to conduct and lead ISMS audits that stand up to regulatory, contractual, and certification scrutiny. The course focuses on audit execution, evidence evaluation, and decision-making under real-world constraints.
View courseThis three-day course teaches you how to conduct and manage management system internal audits in line with ISO 19011 guidance and related best practices. You learn internal audit concepts, auditor competence and behavior, and common requirements across management system standards.
View courseThis CISM® bootcamp prepares experienced security professionals to pass the ISACA CISM exam and to operate credibly at management and governance level. The training goes beyond exam memorisation.
View courseThe CISA exam lasts four hours and consists of 150 multiple-choice questions. A minimum score of 450 out of 800 is required to pass.
byRamesh PAVADEPOULLE
CISA is a globally recognized certification for information systems auditors. It validates competence in IT auditing, governance, risk management, and information security.
byAlexis HIRSCHHORN
CISM® is intended for experienced security professionals who already influence governance, risk, or program decisions. It makes sense when a professional transitions from technical execution to management, oversight, or executive-facing security roles.
byAlexis HIRSCHHORN
The CISA exam lasts four hours and consists of 150 multiple-choice questions. A minimum score of 450 out of 800 is required to pass.
CISA is a globally recognized certification for information systems auditors. It validates competence in IT auditing, governance, risk management, and information security.
The bootcamp is intended for professionals who plan to sit for the CISA exam. It is suitable for IT auditors, assurance, risk, and compliance professionals.
The bootcamp uses interactive instruction, group activities, real-world scenarios, and extensive exam-question practice to reinforce learning.
Browse all FAQs →
Full knowledge base
Necessary cookies are always active. You can accept, reject non-essential cookies, or customize your preferences.