Certified Information Systems Auditor training by IS audit and cybersecurity practitioners. All 5 CISA domains covered at exam depth, aligned to the current ISACA content outline.
The Certified Information Systems Auditor (CISA) is ISACA's flagship certification for IS audit, control, assurance, and security professionals. It is recognized globally as the standard credential for professionals who audit, control, monitor, and assess information technology and business systems.
CISA holders typically work in internal audit, external audit, IT governance, compliance, and cybersecurity risk management. For organizations subject to CMMC, FedRAMP, or SOC 2 audits, CISA-credentialed staff provide structured, methodology-driven audit capability.
ISACA requires candidates to pass the CISA exam and have five years of professional IS audit, control, assurance, or security work experience (with certain substitutions available). Experience verification and certification maintenance are administered by ISACA.
Exam details subject to change. Verify current requirements at isaca.org.
The CISA exam covers five domains. VIS training addresses each domain with the weight and depth it carries on the exam.
Standards, guidelines, and codes of professional ethics for IS auditing. Risk-based audit planning, execution methodologies, evidence gathering, and reporting. This domain establishes the audit framework that underpins all other CISA domains.
IT governance frameworks (COBIT, ITIL, ISO 38500), IT strategy and policy, organizational structures, risk management, and IT-business alignment. This domain connects strongly to COBIT 2019 and is highly relevant for government and defense environments.
Business case development, project governance, system development life cycle (SDLC), acquisition and contract management, testing and quality assurance. Auditing controls through the development and procurement process.
IT operations management, incident and problem management, change and patch management, configuration management, service level management, and business continuity and disaster recovery. Heavily tested — maps directly to CMMC operational control families.
The highest-weighted domain. Information asset management, security architecture, identity and access management, network and infrastructure security, cryptography, physical and environmental controls, and data classification. Deep technical coverage with strong alignment to NIST 800-53 and NIST 800-171.
CISA is the right credential for professionals who audit, assess, or provide oversight of information systems.
Internal and external IT auditors seeking to formalize their methodology and validate their expertise with a globally recognized credential.
GRC analysts and compliance managers who assess controls, gather audit evidence, and prepare organizations for third-party assessments including CMMC C3PAO audits.
Security engineers and analysts transitioning toward audit, risk, or governance roles, or seeking to add IS audit methodology to their existing technical background.
Security management certification for those moving from audit into program leadership.
Risk and controls certification that pairs naturally with CISA for a complete GRC credential set.
For CISA candidates on CMMC teams — the technical compliance work that gives audit context.
Schedule a 30-minute consultation to discuss your CISA preparation timeline, current background, and training options that fit your schedule.
Schedule CISA Training ConsultationVirtual Infrastructure Services LLC · South Brunswick, NJ · +1 (732) 200-7351