The CISA domains cover IT auditing, IT governance, systems development, IT operations, and information security.
The CISA certification framework is organized into five domains that together define the scope of information systems auditing.Domain 1 focuses on the process of auditing information systems, including audit planning, evidence collection, and risk assessment.Domain 2 addresses governance and management of IT, covering IT strategy, governance structures, risk management, and business continuity.Domain 3 examines systems and infrastructure lifecycle management, including project management, system development, and implementation practices.Domain 4 focuses on IT operations, maintenance, and support, such as service management, incident handling, and disaster recovery.Domain 5 covers protection of information assets, including information security, access control, infrastructure security, and physical security.
Understanding how domains connect helps candidates answer cross-domain questions.Many exam scenarios span governance, operations, and security together.
“The domains represent the full IT audit lifecycle.”
Expert Trainer
Expert Trainer
CISM® is intended for experienced security professionals who already influence governance, risk, or program decisions. It makes sense when a professional transitions from technical execution to management, oversight, or executive-facing security roles.
AZ-305 is designed for architects with experience in IT operations and prior experience designing and architecting solutions.
The CISA exam lasts four hours and consists of 150 multiple-choice questions. A minimum score of 450 out of 800 is required to pass.
Necessary cookies are always active. You can accept, reject non-essential cookies, or customize your preferences.