The CISA certification is one of many available cybersecurity certifications, but is it right for your career goals? In this guide, we outline everything you need to know, including the certification details and requirements, cost of the exam and much more.


What Is the CISA Certification?

The Certified Information Systems Auditor (CISA) is a widely recognized certification issued by ISACA, a professional association focused on information technology. The CISA certification is “world-renowned as the standard of achievement for those who audit, control, monitor and assess an organization’s information technology and business systems.”

Now let’s look at 10 points to consider.

1. What Are the Benefits of Obtaining a CISA Certification?

In general, professional certifications are great resume boosters that can help you stand out from the competition. Indeed lists the following advantages:

  • Provides a competitive advantage
  • Increases earning potential
  • Expands your knowledge and skills
  • Adds to your professional credibility 

More specifically, Surgent explains that “the field of IT auditing is a niche market looking for experts” and the CISA certification allows recipients to “be at the forefront of an evolving business world.” 

ISACA also offers this explanation: “ISACA certifications are globally accepted and recognized. They combine the achievement of passing an exam with credit for your work and educational experience, giving you the credibility you need to move ahead in your career. Certification proves to employers that you have what it takes to add value to their enterprise. In fact, many organizations and governmental agencies around the world require or recognize ISACA’s certifications.”

2. CISA Salary Ranges

Salary will depend on a number of factors, including the position itself, the job responsibilities and how much experience is required. But according to ISACA, the average salary of someone who holds a CISA certification is around $110,000+. A CISA certification can also result in a potential 22% pay boost

3. Typical CISA-Holder Careers

If you’re considering a career in IT, obtaining a CISA certification is a good first step. ISACA even goes so far as to say this certification is “foundational to a successful IT career.” Regardless, it’s a good choice for entry-level to mid-career professionals and designed for IT/IS auditors, control, assurance, and information security professionals.

4. CISA Certification Requirements

It’s worth reviewing the requirements of any certification before you take the steps to pursue it. Here’s what you need to know about the CISA certification requirements:

  • Earn a passing score on the CISA exam
  • Apply for certification within 5 years of having passed the exam
  • Adhere to the ISACA Code of Professional Ethics
  • Commit to abide by the CISA Continuing Professional Education Policy
  • Possess a minimum of five years of professional information systems auditing, control or security work experience (as described in the job practice areas).
    • Substitutions and waivers of such experience may be obtained if certain education and general IS or audit experience requirements are met.
    • Experience waivers are available for a maximum of 3 years
  • Comply with Information Systems Auditing Standards

5. How Should I Pursue a CISA?

If you’re interested in pursuing a CISA certification, you may want to seek out others who have already obtained one. Talk to colleagues and connections on LinkedIn about whether this particular certification is worth pursuing. If you find that it is, here is how you apply for CISA certification:

  • Ensure you meet the eligibility requirements before registering for the exam
  • Register and pay for the exam (you will have 1 year to take the exam)
  • The final step to becoming CISA-certified is to submit your CISA Certification Application. Before doing so, you must:
    • Pass the CISA exam within the last 5 years
    • Have the relevant full-time work experience
    • Submit the CISA Certification Application and application processing fee 

6. How Should I Prepare for the CISA Exam?

ISACA offers a variety of exam preparation tools and resources. These include: 

  • Group training
  • Self-paced training
  • Study resources in various languages

 7. CISA Exam Breakdown

The CISA certification exam is 4 hours (240 minutes) consisting of 150 multiple choice questions. You can explore ISACA’s Item Writing Guide to learn more about the exam questions and how they are developed. 

 8. CISA Exam Cost

The cost of the CISA exam is $575 for an ISACA member and $760 for a non-member. It’s important to note that you are eligible to take the exam from the date of your registration; this eligibility period is good for 12 months. If you don’t take the exam after one year, you will lose your payments. 

There is also a CISA annual maintenance fee to maintain certification — $45 for ISACA members and $85 for nonmembers.

 9. Is Getting Your CISA Certification Worth It?

Certifications carry a lot of weight and can significantly increase a cybersecurity professional’s salary potential. They can serve as resume boosters, and sometimes they are even required for employment, especially in government-related positions. You have to weigh the time commitment and cost. 

10. Other Comparable Certifications

CISA is just one of many cybersecurity certifications. Some other important ones to consider include: 

  • Certified Information Security Manager (CISM): This certification focuses on governance, risk management, compliance and international security measures. It is geared toward managers who design, oversee and assess an enterprise’s information security infrastructure. 
  • Certified Information Systems Security Professional (CISSP): This certification was created by the International Information Systems Security Certification Consortium and is geared toward experienced security practitioners, managers and executives.
  • Certified in Risk and Information Systems Control (CRISC): The CRISC certification is designed specifically for IT professionals who have hands-on experience with risk identification, assessment and evaluation, risk response, risk monitoring, IS control design and implementation and IS control monitoring and maintenance. 
  • CompTIA Security+: The CompTIA Security+ is designed for entry-level security professionals. The CompTIA Security+ certification meets the ISO 17024 standard and is approved by the U.S. Department of Defense to fulfill Directive 8570.01-M requirements. 
  • Certified Ethical Hacker: The CEH (Practical), offered by the EC-Council, is an exam that teaches valuable hands-on testing skills and is geared toward entry-level applicants or those who are looking for an introduction to, or refresher on, ethical hacking. 
  • Certified Cloud Security Professional (CCSP): The CCSP is recommended for professionals who wish to demonstrate their proficiency in cloud computing and data security, including cloud architecture and design and application security considerations.
  • GIAC Security Essentials (GSEC): This certification is designed for professionals who want to demonstrate their hands-on proficiency in IT systems and information security tasks. It covers general security best practices and real-world applications. 

CISA Certification FAQs

Can I retake the exam if I don’t pass?

According to ISACA’s exam retake policy, individuals have four attempts within a rolling 12-month period to retake the exam with passing score.

Is a CISA certification required for certain positions?

It may be required or at least highly desired, depending on the position and industry. If it is, the job description should be explicit in these requirements.

What steps do I have to take to maintain a CISA certification?

According to ISACA, you must comply with the following to retain certification:

  • Earn and report an annual minimum of 20 CPE hours
  • Earn and report a minimum of 120 CPE hours for a 3-year reporting cycle
  • Pay the CISA annual maintenance fee ($45 for ISACA members and $85 for nonmembers)
  • Comply with the annual CPE audit (if you are selected)
  • Comply with ISACA’s Code of Professional Ethics
  • Abide by ISACA’s IT auditing standards

Should I get a CISA certification or a master’s degree?

It depends on your career goals, but a master’s degree is a great next step for securing a CISA certification. An advanced degree will add valuable experience and certainly increase your earning potential.

Let’s Talk About Your Cybersecurity Career Goals

If you’re interested in a CISA certification, a master’s degree is also worth considering. An advanced degree will add valuable experience and certainly increase your earning potential. There are many reasons why a master’s degree is worth the investment. In some cases it’s required for employment in the field of cybersecurity, but even if it isn’t, a master’s degree can help ensure a higher salary, job security and expanded career opportunities. 

If you are interested in taking your cybersecurity career to the next level, consider furthering your education with the University of San Diego — a highly regarded industry thought leader and education provider that offers two cybersecurity master’s degree programs — the 100% online Master of Science in Cyber Security Operations and Leadership and the online or on-campus Master of Science in Cyber Security Engineering.

8 Top-Paying Cybersecurity Jobs

Get the Free PDF

Download your copy of this blog post for convenient access.