About CISA Domains

It is offered by ISACA (Information Systems Audit and Control Association) and is designed for professionals who want to demonstrate their expertise in auditing, controlling, and assuring information systems. To earn the CISA certification, candidates must pass the CISA exam, which covers several domains or areas of knowledge. As of my last knowledge update in September 2021, the CISA exam consists of five domains:

1. Domain 1: The Process of Auditing Information Systems

   • This domain focuses on the fundamentals of IT audit and the audit process. It covers topics like auditing standards, planning, governance, risk management, and the various phases of an audit.

2. Domain 2: Governance and Management of IT

   • This domain deals with IT governance, risk management, and the organizational structure and framework for managing and controlling IT within an organization.

3. Domain 3: Information Systems Acquisition, Development, and Implementation

   • This domain covers the processes involved in acquiring, developing, and implementing information systems. It includes topics such as project management, requirements analysis, system development methodologies, and system testing.

4. Domain 4: Information Systems Operations, Maintenance, and Service Management

   • This domain focuses on the ongoing operation, maintenance, and management of information systems. It includes topics like IT service management, system administration, and IT performance monitoring and optimization.

5. Domain 5: Protection of Information Assets

   • This domain deals with information security and the protection of information assets. It covers topics such as information security policies, physical and environmental controls, access controls, and cryptography.