CISA study resources 2024: Comprehensive guide to pass the exam

Infosec Institute
January 28, 2024 by
Infosec Institute

The Certified Information Systems Auditor (CISA) is a globally recognized certification for security professionals focusing on information systems (IS), auditing, control and security. As one of five primary certifications granted by ISACA, the CISA certification was first launched in 1978. Although it was first released decades ago, the CISA is even more important in the complex and quickly changing cybersecurity landscape of 2024. 

In this comprehensive CISA study guide and overview of the CISA exam, we'll discuss exam eligibility and requirements, challenges of the exam, study strategies, the role CISA plays in cybersecurity careers and more to help you prepare for your CISA exam. 


Understanding the CISA exam 

Consisting of 150 questions, the CISA exam thoroughly tests both technical knowledge and real-life job practices. It dives deep into IS auditing, structure, protocols and more. Take a look at the CISA exam outline below. Please note that on August 1, 2024, the CISA exam will be updated. The domain names will remain the same; their weights will differ.  

Key domains 

The CISA exam covers five domains, and each is weighted differently. 

Domain 1: Information systems auditing process (21%) (18% starting August 1, 2024) 

This portion of the CISA exam covers industry-standard audit services that help organizations protect and control information systems. It covers both planning, such as business processes and risk-based audit planning, as well as actual execution, including project management, sampling methodology, data analytics and more. 

Domain 2: Governance and management of IT (17%) (18% starting August 1, 2024)  

This segment of the CISA exam confirms to stakeholders your ability to identify critical issues and recommend specific practices to safeguard the governance of information systems. This includes IT-related frameworks, enterprise architecture, maturity models, resource management and more. 

Domain 3: Information systems acquisition, development and implementation (12%) (12% remains after August 1, 2024) 

In the smallest part of the exam, candidates will be tested on their understanding of how IT relates to business. This includes business case and feasibility analysis, system development methodologies, testing methodologies and post-implementation review. 

Domain 4: Information systems operations and business resilience (23%) (26% starting August 1, 2024) 

This domain is a thorough examination of standard information, system operations and business resiliency, including continuity plans, disaster recovery plans, business impact analysis and more. In case of a real-life disaster, this portion of the exam covers your ability to bring services back online and mitigate disaster damages. 

Domain 5: Protection of Information Assets (27%) (26% after August 1, 2024) 

The largest bulk of the CISA exam is dedicated to the protection of key information assets. It also tests your knowledge of basic principles, best practices and pitfalls of asset security and control and security event management. 

Exam eligibility and prerequisites 

The CISA exam is for security professionals with a few years of experience. You must submit verified evidence of a minimum of five years of professional information systems auditing, control or security work experience. Up to three years of experience can be potentially waived through other requirements. 

The challenge of the CISA exam 

The CISA exam is known for being challenging, but with proper preparation and the right study strategies, you can alleviate some of the challenges of the CISA exam. The CISA exam is extremely thorough and rigorous in its examination process, with the average pass rate averaging around 40 to 50%. 

While the CISA exam does have a low pass rate, this is often because professionals try to take the exam without adequate preparation. However, as ISACA's number one partner, Infosec candidates have one of the highest pass rates. "Ninety-two percent of cybersecurity learners who sat for their exams passed their exams," said Bret Fund, SVP and General Manager of Infosec, in a recent joint webinar with ISACA CEO Erik Prusch. 


Comprehensive study strategies 

The CISA exam does require rigorous study, and although there are many ways to prepare for the CISA exam, common advice is to study for two to three hours a day, beginning at least two months before your exam date. It's not an entry-level certification, so it's highly recommended you have a combination of experience and a solid study strategy to pass. 

It might feel daunting to find the time, but keep in mind that passing the CISA exam is more about consistency and following a plan. Set a training schedule that fits your needs, whether that's three hours every night, thirty minutes every lunch break or a long cram session on the weekend. How you study isn't as important as the fact that you do it and do it consistently. Find a schedule that works, and make sure you have enough time planned. Maybe you need six months or a year to properly prepare if you're doing less prep. 

Explore John Badler's practical advice for how to pass your next exam. Also, if you already have on-the-job learning, you can easily apply that to your study schedule. If a coworker is taking the CISA exam, set up accountability check-ins for each other. 

Exam preparation resources 

Take a look below at some of the best study resources that are currently available for the CISA exam. These include everything from the benefits of membership to the ISACA to online courses and physical books. 


Membership to the ISACA not only offers savings and discounts on boot camps, training materials and more, but it also allows you access to a wide variety of self-study materials through their webinar library. It also offers a community for professional networking, allowing you to meet and connect with more experienced security professionals who have taken the CISA exam. 

Online courses and self-study materials 

Take a look at some self-paced and live online courses as well as free and paid study materials. 

CISA all-in-one exam guide 

Published through McGraw Hill, this guide is ideal for those who already have some knowledge of the exam content but need to bring the terminology into ISACA standards. 

CISA review questions, answers and explanations manual 

In this 1000 multiple-choice question book, you can see detailed answers and explanations, which is incredibly helpful. This thorough set of questions allows you to test for strengths and weaknesses of your skill set. 

Free CISA practice quiz 

A practice exam with 50 questions, the official ISACA practice exam is a great way to assess the domain areas you need to study more. 

ISACA CISA Bootcamp 

Infosec's live boot camps are five-day online, in-person, or structured as a team onsite and are incredibly helpful for passing your exam. They also include a 12-month subscription to the ISACA Official Question, Answer & Explanation, which is valuable for practice question simulation and on-demand training, allowing you to adjust your schedule around studying. 

CISA review manual by ISACA 

Available in multiple languages, The CISA Review Manual (27th Edition) is the most comprehensive study guide for the CISA exam, including details on all core topics and domains. 

Practice and simulation 

One of the best ways to prepare for the exam emotionally and intellectually is to take several practice exams. Practice exams allow you to time yourself, making sure you're adhering to the 90 minutes, and question banks allow you to test yourself on a wide variety of questions. When taking practice exams, make sure to time yourself and simulate a test-taking environment. Minimize distractions, turn off notifications and silence your phone. The best way to self-test before the exam is the ISACA Official Question, Answer & Explanation (QAE) database, but there are many other options like the books listed above and online practice exams. 

When it comes to time management during the exam, always skip and come back to any questions you're unsure of. This makes sure you can move through most of the exam and spend the least amount of time on questions you're unsure about. 

CISA exam day 

On the day of the exam, don't worry about last-minute cramming. Be confident in your months of studying and preparation. Make sure to eat a healthy breakfast before your exam and try to remain calm and focused throughout. 

After completing the exam, the CISA exam is graded on a scale of 200 to 800 points, and anything over 450 is considered passing. If you received a passing score, congratulations! Your hard work and dedication paid off. 

However, if you received a failing grade, you must wait 30 days before attempting the exam again. You then have four separate attempts to pass within a 12-month period. 

CISA's role in cybersecurity careers 

A CISA certification is advantageous for a successful career in cybersecurity, especially as enterprise organizations have increasingly complex and defensible information systems. A CISA certification demonstrates not only your commitment to learning and development but also your technical and practical application. The certification also opens significant career opportunities and growth and is one of the most highly regarded auditing certifications globally. 

CISA study resources 2024 

The CISA exam is a highly impactful next step in your cybersecurity career, and it can also feel daunting to approach such an important certification. With months of studying, practice tests and sample questions under your belt, rest assured you've done everything in your power to adequately prepare yourself for the CISA exam. 

Visit the Infosec CISA hub for more, including multiple free and self-study CISA materials to put your knowledge to the test. Free, self-paced YouTube videos like ISACA CISA Overview: The 'gold standard' for IT auditing certifications allow you to hear more information straight from the source. 

FAQ Summary 

Here are a few quick FAQs about prepping for the CISA exam. 

What is the best way to prepare for the CISA exam? 

The best way to prepare depends on your situation, motivation and existing CISA knowledge. A live five-day boot camp condenses your study time and ensures that you'll cover what you need to pass. However, if you need a more time-flexible, economical approach, or you're already familiar with key topics and want to brush up on a few selected areas, self-paced online courses offer a more flexible way to study. Sample questions, practice tests, books and more are excellent ways to practically test yourself within the allotted amount of time. 

How many hours of study to pass the CISA exam? 

It's recommended to study for 2 to 3 hours a day beginning two months before your exam date. 

What is the passing grade for the CISA exam? 

The CISA exam is graded on a scale of 200 to 800 points, and a passing score is 450 or higher. 

Infosec Institute
Infosec Institute

Infosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training.