CISA Study Material

[bodacious00]

Hello,

I'm planning on attempting the CISA exam in June and would like to know what books you guys recommend. I found many books online, but I'm not really too sure which books are best. Any feedback is appreciated.

Thanks.

[JDMurray]

Have looked for CISA study material reviews at www.isaca.org and www.cccure.org too?

[bodacious00]

Thanks JD. I looked at those resources as well, but there wasn't much info I was looking for.

The ISACA site has CISA study aids that are a bit pricey (IMO) and doesn't display customer feedback on the material. I'm not too sure how effective their study material may be.

The AIO CISA book by Gregory seems to be the most popular, as referenced in cccure.org, but I'm not sure if this book can be used alone to pass the exam.

Although I think that the ISACA material may be the best bet to prepare and pass the CISA exam, I'm a pretty cheap guy. I don't really want to spend $130 on a book that has the same material as the AIO $50 book. I don't get reimbursed for study material and only get reimbursed by my employer if I pass the exam.

[dynamik]

I'm going to use the official guides with the AIO book. Seems like that should be enough.

Edit: Just saw your response. It seems like the official guides go into a little more depth, but are more difficult to read. This is a relatively expensive exam that's only offered twice per year, so I'd rather be over-prepared.

[eMeS]

I intended to use Amazon.com: CISA Certified Information Systems Auditor Study Guide (9780470231524): David L. Cannon: Books

However I was lazy and ran out of time and only got to do quick pass through the book.

IMO, the exam isn't hard if you meet the experience requirements. It's most accurate to say that the exam is long and covers a lot of territory.

MS

[down77]

I'm currently using this one for the June attempt:

Amazon.com: CISA Certified Information Systems Auditor All-in-One Exam Guide (9780071487559): Peter H. Gregory: Books

I agree with eMeS, the material is not too bad as long as you have the experience behind it. I expect the test to be a quarter mile long and an inch deep.

You may also want to check for any local ISSA study sessions/groups.

[eMeS]

Quote:

Originally Posted by down77

I expect the test to be a quarter mile long and an inch deep.

That's about it....such as knowing the different phases of audits as well as the types of fire suppression systems in use in data centers....

MS

[Paul Boz]

All you need is the official books for the exam. If it's not in the books it's not on the test. That's at least the story with the three people I know with the CISA.

[GAngel]

Quote:

Originally Posted by eMeS

That's about it....such as knowing the different phases of audits as well as the types of fire suppression systems in use in data centers....

MS

That's in the cissp books. All theses exams are rehashes of each other with a bit more content in certain areas.

[Paul Boz]

Quote:

Originally Posted by GAngel

That's in the cissp books. All theses exams are rehashes of each other with a bit more content in certain areas.

That's how all certs are lol. Once you've got the foundation knowledge you can really lay into them.

[tpatt100]

Quote:

Originally Posted by eMeS

That's about it....such as knowing the different phases of audits as well as the types of fire suppression systems in use in data centers....

MS

I completed the first two chapters in the CISA All in One and I found myself completing sentences in my mind before I got to them. I am finding quite a bit of rehash from my CISSP studies. Not that i am complaining though.

[eMeS]

Quote:

Originally Posted by tpatt100

I completed the first two chapters in the CISA All in One and I found myself completing sentences in my mind before I got to them. I am finding quite a bit of rehash from my CISSP studies. Not that i am complaining though.

Now you're making me want to take the CISSP...afraid that it would be a stretch for me though on the experience requirements....

MS

[down77]

Quote:

Originally Posted by tpatt100

I completed the first two chapters in the CISA All in One and I found myself completing sentences in my mind before I got to them. I am finding quite a bit of rehash from my CISSP studies. Not that i am complaining though.

I had a very similar experience. I had a few colleagues ask me why I did not take the CISA immediately after I took the CISSP.

eMes,

I am sure if you sit down and match up the domains to your resume you would have more than enough experience to meet the 5 year requirement (minus time served for degrees and certification).

[Ye Gum Noki]

I studyied on my own for the CISA and considered several resources. I settled on the ISACA official guide and the question bank. The OG is a hard read and I ended up focusing on the question bank and using the OG as a reference for when I got questions wrong.

I took the CISA in 2008, three years after I had passed the CISSP. Obviously there's going to be some similarities in Information Security related exams, but the CISA was a little easier to me, partly because of the CISSP, I'm sure. But mostly I think it was because I used the ISACA material. I highly recommend the OG and the question bank.

Additionally, a word of caution: Unless you're experienced in IT Audit or understand it greatly, the CISA exam can be challenging for CISSPs and InfoSec folks in general. You have to think like an auditor, which, in some cases, can be different than thinking like an InfoSec Pro.

Good luck to all candidates,

Mr. Ye

[tpatt100]

holy crap the CISA 2010 Question database off the ISACA site is 225 dollars

[Ye Gum Noki]

Yes it's a little pricey, but still cheaper than a seminar or boot camp. Remember it IS coming from the sanctioning body. It's a great study source.

And... the 2009 question bank and OG are cheaper and there's probably not a ton of difference in the two.

Good luck,

Mr. Ye