Security Encyclopedia

CISA (Certified Information Systems Auditor)

The CISA (Certified Information Systems Auditor) is an information security auditing certification sponsored by ISACA.

With regards to its focus on security auditing, the CISA is a professional certification for technology professionals much in the way that financial auditing is a core component for Certified Public Accountants (CPAs). The CISA is growing in stature as a security certification due to the rise of regulations affecting enterprises with a large online presence. Examples of regulations that make security auditing, and hence investments in professionals, are the European Union’s General Data Protection Regulation (GDPR) and its amended Payment Services Directive (PSD, PSD2).

The Information Systems Audit and Control Association, which is known only by its acronym ISACA, is an international professional association that sponsors the CISA. The certification requirements include five years experience in the field, a single exam consisting of 200 questions taken over four hours, and a fee.


“A security professional focusing on security auditing might want to explore a CISA certification since it provides that specific kind of knowledge about security program leadership.”