+ Reply to Thread
Page 1 of 2 1 2 Last
Results 1 to 25 of 47
  1. Junior Member
    Join Date
    Aug 2009
    Posts
    11

    Certifications
    CISSP, GSEC, Security+
    #1

    Default CISA Study Material

    Hello,

    I'm planning on attempting the CISA exam in June and would like to know what books you guys recommend. I found many books online, but I'm not really too sure which books are best. Any feedback is appreciated.

    Thanks.
    Reply With Quote Quote  

  2. SS -->
  3. Certification Invigilator Forum Admin JDMurray's Avatar
    Join Date
    Jul 2003
    Location
    Surf City USA
    Posts
    10,597
    Blog Entries
    50

    Certifications
    GSEC, EnCE, CISSP, SSCP, CEH (ANSI), CASP, CCNA, CCENT, CWSP, CWNA, CWTS, Security+, Server+, Network+, A+, DHTI+, PDI+, MSIT InfoSec
    #2
    Have looked for CISA study material reviews at www.isaca.org and www.cccure.org too?
    Moderator of the InfoSec, CWNP, IT Jobs, Virtualization, Java, and Microsoft Developers forums at www.techexams.net
    --
    Blog: www.techexams.net/blogs/jdmurray
    LinkedIn: www.linkedin.com/in/jamesdmurray
    Twitter: www.twitter.com/jdmurray
    Reply With Quote Quote  

  4. Junior Member
    Join Date
    Aug 2009
    Posts
    11

    Certifications
    CISSP, GSEC, Security+
    #3
    Thanks JD. I looked at those resources as well, but there wasn't much info I was looking for.

    The ISACA site has CISA study aids that are a bit pricey (IMO) and doesn't display customer feedback on the material. I'm not too sure how effective their study material may be.

    The AIO CISA book by Gregory seems to be the most popular, as referenced in cccure.org, but I'm not sure if this book can be used alone to pass the exam.

    Although I think that the ISACA material may be the best bet to prepare and pass the CISA exam, I'm a pretty cheap guy. I don't really want to spend $130 on a book that has the same material as the AIO $50 book. I don't get reimbursed for study material and only get reimbursed by my employer if I pass the exam.
    Reply With Quote Quote  

  5. Senior Member
    Join Date
    Mar 2007
    Posts
    12,308
    #4
    I'm going to use the official guides with the AIO book. Seems like that should be enough.

    Edit: Just saw your response. It seems like the official guides go into a little more depth, but are more difficult to read. This is a relatively expensive exam that's only offered twice per year, so I'd rather be over-prepared.
    Reply With Quote Quote  


  6. Join Date
    Jun 2007
    Posts
    1,859
    #5
    I intended to use Amazon.com: CISA Certified Information Systems Auditor Study Guide (9780470231524): David L. Cannon: Books

    However I was lazy and ran out of time and only got to do quick pass through the book.

    IMO, the exam isn't hard if you meet the experience requirements. It's most accurate to say that the exam is long and covers a lot of territory.

    MS
    Reply With Quote Quote  

  7. Senior Member
    Join Date
    Apr 2008
    Location
    Florida
    Posts
    988

    Certifications
    CCIE R&S #38616 and many more!
    #6
    I'm currently using this one for the June attempt:

    Amazon.com: CISA Certified Information Systems Auditor All-in-One Exam Guide (9780071487559): Peter H. Gregory: Books

    I agree with eMeS, the material is not too bad as long as you have the experience behind it. I expect the test to be a quarter mile long and an inch deep.

    You may also want to check for any local ISSA study sessions/groups.
    Reply With Quote Quote  


  8. Join Date
    Jun 2007
    Posts
    1,859
    #7
    Quote Originally Posted by down77 View Post
    I expect the test to be a quarter mile long and an inch deep.
    That's about it....such as knowing the different phases of audits as well as the types of fire suppression systems in use in data centers....

    MS
    Reply With Quote Quote  

  9. The Colosus of Clout Paul Boz's Avatar
    Join Date
    Oct 2006
    Location
    Baton Rouge, LA
    Posts
    2,607

    Certifications
    CCNP, CCIP, CCDP, CCDA, CCNA, CCNA Security, NSTISSI 4011, GSEC, GCFW, GCIH, GCIA
    #8
    All you need is the official books for the exam. If it's not in the books it's not on the test. That's at least the story with the three people I know with the CISA.
    Reply With Quote Quote  

  10. Senior Member
    Join Date
    Jun 2009
    Location
    Canada
    Posts
    702

    Certifications
    Most Recent: CISSP & CCDA
    #9
    Quote Originally Posted by eMeS View Post
    That's about it....such as knowing the different phases of audits as well as the types of fire suppression systems in use in data centers....

    MS
    That's in the cissp books. All theses exams are rehashes of each other with a bit more content in certain areas.
    Reply With Quote Quote  

  11. The Colosus of Clout Paul Boz's Avatar
    Join Date
    Oct 2006
    Location
    Baton Rouge, LA
    Posts
    2,607

    Certifications
    CCNP, CCIP, CCDP, CCDA, CCNA, CCNA Security, NSTISSI 4011, GSEC, GCFW, GCIH, GCIA
    #10
    Quote Originally Posted by GAngel View Post
    That's in the cissp books. All theses exams are rehashes of each other with a bit more content in certain areas.
    That's how all certs are lol. Once you've got the foundation knowledge you can really lay into them.
    Reply With Quote Quote  

  12. Network Security tpatt100's Avatar
    Join Date
    Aug 2009
    Location
    Ypsilanti, MI
    Posts
    2,881

    Certifications
    CISA, CISSP, GIAC G2700, CEH, CHFI, Security+, CCENT, N+, A+
    #11
    Quote Originally Posted by eMeS View Post
    That's about it....such as knowing the different phases of audits as well as the types of fire suppression systems in use in data centers....

    MS
    I completed the first two chapters in the CISA All in One and I found myself completing sentences in my mind before I got to them. I am finding quite a bit of rehash from my CISSP studies. Not that i am complaining though.
    Reply With Quote Quote  


  13. Join Date
    Jun 2007
    Posts
    1,859
    #12
    Quote Originally Posted by tpatt100 View Post
    I completed the first two chapters in the CISA All in One and I found myself completing sentences in my mind before I got to them. I am finding quite a bit of rehash from my CISSP studies. Not that i am complaining though.
    Now you're making me want to take the CISSP...afraid that it would be a stretch for me though on the experience requirements....

    MS
    Reply With Quote Quote  

  14. Senior Member
    Join Date
    Apr 2008
    Location
    Florida
    Posts
    988

    Certifications
    CCIE R&S #38616 and many more!
    #13
    Quote Originally Posted by tpatt100 View Post
    I completed the first two chapters in the CISA All in One and I found myself completing sentences in my mind before I got to them. I am finding quite a bit of rehash from my CISSP studies. Not that i am complaining though.
    I had a very similar experience. I had a few colleagues ask me why I did not take the CISA immediately after I took the CISSP.

    eMes,

    I am sure if you sit down and match up the domains to your resume you would have more than enough experience to meet the 5 year requirement (minus time served for degrees and certification).
    Reply With Quote Quote  

  15. Senior Member Ye Gum Noki's Avatar
    Join Date
    Apr 2006
    Location
    Bayou George
    Posts
    115

    Certifications
    CISSP, CISA, MCSE:Security, CNE, Security +
    #14
    I studyied on my own for the CISA and considered several resources. I settled on the ISACA official guide and the question bank. The OG is a hard read and I ended up focusing on the question bank and using the OG as a reference for when I got questions wrong.

    I took the CISA in 2008, three years after I had passed the CISSP. Obviously there's going to be some similarities in Information Security related exams, but the CISA was a little easier to me, partly because of the CISSP, I'm sure. But mostly I think it was because I used the ISACA material. I highly recommend the OG and the question bank.

    Additionally, a word of caution: Unless you're experienced in IT Audit or understand it greatly, the CISA exam can be challenging for CISSPs and InfoSec folks in general. You have to think like an auditor, which, in some cases, can be different than thinking like an InfoSec Pro.

    Good luck to all candidates,

    Mr. Ye
    Reply With Quote Quote  

  16. Network Security tpatt100's Avatar
    Join Date
    Aug 2009
    Location
    Ypsilanti, MI
    Posts
    2,881

    Certifications
    CISA, CISSP, GIAC G2700, CEH, CHFI, Security+, CCENT, N+, A+
    #15
    holy crap the CISA 2010 Question database off the ISACA site is 225 dollars
    Reply With Quote Quote  

  17. Senior Member Ye Gum Noki's Avatar
    Join Date
    Apr 2006
    Location
    Bayou George
    Posts
    115

    Certifications
    CISSP, CISA, MCSE:Security, CNE, Security +
    #16
    Yes it's a little pricey, but still cheaper than a seminar or boot camp. Remember it IS coming from the sanctioning body. It's a great study source.

    And... the 2009 question bank and OG are cheaper and there's probably not a ton of difference in the two.

    Good luck,

    Mr. Ye
    Reply With Quote Quote  

  18. Junior Member
    Join Date
    Aug 2011
    Location
    Houston, Texas
    Posts
    7

    Certifications
    GICSP, Associate of (ISC)˛ towards CISSP, CISA, Lean Six Sigma, Cert. Cyber Forensics Professional, Cert. Cyber Crime Investigator
    #17
    Any updates on study material anyone? Has the exam changed in recent times?
    Reply With Quote Quote  

  19. Junior Member
    Join Date
    Aug 2011
    Location
    Houston, Texas
    Posts
    7

    Certifications
    GICSP, Associate of (ISC)˛ towards CISSP, CISA, Lean Six Sigma, Cert. Cyber Forensics Professional, Cert. Cyber Crime Investigator
    #18
    Quote Originally Posted by GAngel View Post
    That's in the cissp books. All theses exams are rehashes of each other with a bit more content in certain areas.
    Totally agree to this statement. Catch is you should be good at those 'certain areas' to pass the exam.
    Reply With Quote Quote  

  20. Senior Member
    Join Date
    May 2010
    Posts
    223

    Certifications
    BS:IT, MBA, SSCP, MCP, MCDST, Network +, Security+, Project +,
    #19
    Quote Originally Posted by tpatt100 View Post
    holy crap the CISA 2010 Question database off the ISACA site is 225 dollars
    It was worth it to me. I just passed the exam in June and other than a few quick looks inside a pdf or two in their library (I'm a member), the question database was the only thing I used to prepare.
    Reply With Quote Quote  

  21. Junior Member
    Join Date
    Jul 2015
    Posts
    29

    Certifications
    PMP, CBAP, TOGAF, ITIL-Expert, CISA, CGEIT, CRISC, COBIT, Prince2, Prince2-Agile, MSP, MoP, P3O, MoR, MoV, ISO20000, ISO9000, LeanIT, Scrum-Agile, etc
    #20
    In my case I just passed CISA June 2015 exam on top 5% using David Cannon book as the only resource (http://amzn.com/B004RCNGYE) , I found it good enough and at very reasonable price.
    Reply With Quote Quote  

  22. Senior Member
    Join Date
    Jan 2013
    Posts
    151

    Certifications
    CISA, CGEIT, CRISC, CISM, CISSP
    #21
    Quote Originally Posted by csicilia View Post
    In my case I just passed CISA June 2015 exam on top 5% using David Cannon book as the only resource (http://amzn.com/B004RCNGYE) , I found it good enough and at very reasonable price.
    One of my work peers and I used that book as well. It was very helpful. We both passed. At the time I had solid IT experience and he had solid Audit experience. It seemed to fill in the gaps for both of us.
    Reply With Quote Quote  

  23. Junior Member
    Join Date
    Jul 2015
    Posts
    29

    Certifications
    PMP, CBAP, TOGAF, ITIL-Expert, CISA, CGEIT, CRISC, COBIT, Prince2, Prince2-Agile, MSP, MoP, P3O, MoR, MoV, ISO20000, ISO9000, LeanIT, Scrum-Agile, etc
    #22
    Quote Originally Posted by andhow View Post
    One of my work peers and I used that book as well. It was very helpful. We both passed. At the time I had solid IT experience and he had solid Audit experience. It seemed to fill in the gaps for both of us.
    In my case with 20+ years of experience and certified in several frameworks I read it back to back without hurry for 2 months (some weeks I did not opened the book), the day before the exam I read again 2 chapters that I felt I was weaker and the Exam Essentials section of all chapters. In total I would say that I invested around 40 hours to pass it basically using only David Cannon's book.
    Reply With Quote Quote  

  24. Junior Member Registered Member
    Join Date
    Aug 2015
    Posts
    2
    #23
    Quote Originally Posted by andhow View Post
    One of my work peers and I used that book as well. It was very helpful. We both passed. At the time I had solid IT experience and he had solid Audit experience. It seemed to fill in the gaps for both of us.
    It seems like the version that is out for David Cannon's book is from 2011 (edition 3). The 4th edition is not going to come out until December 2015. I'm looking to take the exam in September. So the exam hasn't changed much from 4 years ago?
    Reply With Quote Quote  

  25. Member
    Join Date
    Jul 2015
    Posts
    59
    #24
    I used Cannon's book + QA DB for the 2013 sitting. Unlike other folks, I did not have a tremendous amount of work experience. I found Cannon's book a great introduction to many aspects of IT auditing. I couldn't read ISACA's official guide because...<zzzzzzzzz>...However, I would not just read Cannon's book, but also the ISACA's QA DB. This will help you understand the types of Q's ISACA asks.

    The field of IT auditing has not changed significantly since 2011. I would say Cannon's book is likely very relevant.
    Reply With Quote Quote  

  26. Junior Member Registered Member
    Join Date
    Aug 2015
    Posts
    2
    #25
    Guys,any other reliable source with latest editions for the 2015 Dec Exam Prep? Really helps me!
    I'd be more than happy to go with David Cannons's but worried if I'd be missing the latest updates and changes I'm sure a lot of practices have changed since 2010's. Suggestions Please..
    Last edited by Skayanytime; 08-13-2015 at 11:51 AM.
    Reply With Quote Quote  

+ Reply to Thread
Page 1 of 2 1 2 Last

Social Networking & Bookmarks