Getting CISA. The history of one certificate and assistance to interested
This story is about how I obtained the CISA certificate to become a certified information systems auditor and to join the army of more than 100,000 professionals (according to ISACA itself). I think in general terms the analogy can be extended to CISM, CGEIT and CRISC.
Certification is quite popular, in Russia, judging by the turnout for the exam,they are trying to pass many, but not so many materials on how to prepare and just personal experience on this topic. I decided to correct this situation.
')
Under the spoilers, I hid my individual research regarding this certification, so that a large amount of text would not frighten those who had a chance to look in and want to quickly glance over the entire article. Fans of the details will be satisfied with my colorful souls, revealing spoilers.
CISA certification is highly valued throughout the world and slowly comes to Russia. It is a good help for employment in international companies (but experience will not replace). Also in the ISACA certification lineup, the auditor is the first step towards CISM, which is already a recognized requirement for serious IT or information security managers. Another feature of CISA is the versatility of the material being studied, which will be useful in any case.
First of all, the question arises - how much will it cost? Here it is most reasonable to indicate the price in dollars, so it will be more relevant and objective. I was lucky, and I managed to pay most of it in January, when theCrimea was not yet our dollar had not jumped to the current 36 kopecks (when I started writing the article was still 35 ...).
1. New Member Fee Online + 10.00
2. Russia Chapter (for 2014) + 10.00
3. Basic Membership Dues (for 2014) + 135.00
4. Bookstore Purchase (books) + 171.00
5. 2014 June CISA Exam + 495.00 - 75.00 - 50.00 = 370.00
6. CISA Practice Question Database v14 + 185.00
7. CISA Application Processing Fee + 50.00
Total = 931.00
From the preparatory materials, I bought everything that is possible (in English, there are still versions in Japanese, French, etc ... There is no Russian and this is good). The complete training package offered by ISACA includes:
1. The official manual for the exam (book).
2. Fresh questionnaire for 2014 (book).
3. Base questions for 2014 (software).
More about them below.
1. Get discounts by becoming a member of the ISACA organization (option paid). In addition, without membership for the exam is still not allowed.
2. Buy materials and everything else as early as possible - save more.
3. If the employer pays for your certification, it will be a nice change.
4. Enough only official materials.
Theory and practice: a picture about cool encryption and cryptanalysis with a soldering iron.
Exam is given after self-preparation. The Internet also offers courses that are naturally quite expensive. For five days, they promise to cover the material of the entire exam. I will not follow the principle of “did not read, but condemn”, but for myself this option was swept away immediately. Therefore, the preparation solely on their own.
The theory is represented by five domains, which are described on the official website. In a sense, I was lucky, because my professional education and the main practical experience got into the subject of Information security domain, the proportion of which in the exam is almost a third. This means that the questions from this domain are more common and it was easier for me, since I know this topic more than closely.
Now about the official manual. There are many theories, a book with more than 300 pages in small print. The text is quite lively and differs for the better from dry standards. At the beginning of each domain, those competencies are described that highlight the practical tasks for which these competencies are necessary. At the end of each domain there are test cases so that you can evaluate yourself by answering a few questions.
The information in the manual is very detailed and useful. Allows an engineer to look at project management issues, and managers, for example, at change management issues. Naturally, the depth of the material is far from professional literature, so the section dedicated to your specialization will be read twice as fast.
1. Regularity is a must for success.
2. Calculate the time with a margin, for a couple of months to fully prepare difficult. Reading every day 4 pages per book will take you more than 3 months - and this is without days off.
3. Find as much motivation as you can. It's all individually. I built the schedule, and a lot of how I still encouraged and controlled myself.
4. Protect yourself from everything that distracts you. For example, I finally left mywife WoT.
5. Try not to burn out. Take a break once or twice a week, but do not forget that you will have to increase the load in the following days.
The base of questions consists of two parts. The first is a book with 100 fresh questions (updated every year), in which there are detailed explanations of the answers and a pair of answer sheets as in the exam so that you can arrange a hardware simulation of the exam. Questions, as in the exam, are mixed by topic, the difficulty varies from obvious to difficult.
The second is a database of questions provided on disk or simply downloaded as a setup file of 76 megabytes. If youlive in Russia do not trust the mail, are tired of waiting, or you have an ultrabook without a drive - choose the second option. At the base of about 1,100 questions, including those that are in a paper update for the year. If there is a desire, then you can save on this without ordering a book version. In the base to each of the most questions there is a fairly detailed explanation of the answers. There are various modes of training, including the intellectual system of the Professor, who herself chooses the questions necessary for the training (more on this in my experience under the spoiler). There are also modes for selecting questions by domains and various features (not viewed, with errors, etc.).
The main possibility is a software simulation of the exam - 4 hours with a countdown, 200 questions and no explanations for choosing the answer.Diablo 3 hardcore mode
1. At first, you can use the Personal Professor mode, but you will not be fed up with one of them.
2. Take a walk at least once on the entire database of questions, necessarily studying explanations for the questions - this is a guarantee of consolidation of the studied.
3. Try not only to intuitively choose the answer based on your experience and knowledge, but to mentally voice the logic of choice for yourself. This will allow better to consolidate the material in those issues that cause particular difficulties.
4. Be sure to pass at least a couple of times exactly the four-hour simulation of the exam.
5. It is useful for self-assessment to go through the book simulation of the exam before learning the theory. Then after studying the theory. And it is possible after studying most of the database of questions. This will help to understand the dynamics of learning.
The exam is carried out 3 times a year. In 2014 it is June, August and December. Details about the deadlines for registration for the exam and discounts for early registration can be found on the official website.
The case takes place in Moscow. It seems that residents of the CIS countries, where examinations are not conducted, come to this place. The Russian division of ISACA does not have a platform, so an event is held at the sites of universities or other organizations. The June exam was held at the institute next to the Belarusian one.
An invitation to an exam is a document without which they are not allowed to pass. It is sent by mail and email so that you can print it yourself. The invitation describes in detail the strict rules for the examination, the conditions forgiving an anathema to exile from the exam for violations and other important information. Drinking and eating during the exam can not be, and not enough time.
The structure of the exam is also described in detail on the official website. Initially, verbal instruction, collective filling in exam questionnaires and answers to questions. then everyone hides sealed questionnaires (which can be used as a draft) and proceed to the exam.
1. It is very important to find your own rhythm, to understand how much time is permissible on an easy / medium / difficult question. With this help simulate the exam during preparation.
2. Naturally, distract, relax, clear your mind and so on. Most likely it will not work if you do not own yoga.
3. Feel the line between questions that need to be answered immediately and those that should be re-thought. Walk twice on all almost unreal.
4. Leaving the question for later select at least some option. Perhaps the intuition that prompted the first answer will be the only guide.
Exam results are announced after 5 weeks. This is quite fast, because there used to be as many as 8. After that, a notification and further instructions are sent to the email. ISACA honestly warns that it is too early for everyone to boast that you have become CISA, but gives links to social services. network, so that everyone can share the news about the successfully passed exam.
Now begins the preparation phase of the CISA Application. It is necessary to fill in 6 sheets A4 with the following information by hand or via a form in the browser:
1. Work experience
2. Teaching experience
3. Education
4. Certificate Delivery Information
5. Confirmation from 2 people
In accordance with the requirements for certification, you must confirm 5 years of work experience. Part can be counted for teaching experience, and part for higher education. I was counted 2 years for a higher education in information security, the remaining 4 years for real work experience.
For confirmation of education, you can send a special letter from the educational institution to ISACA, however, to simplify the procedure, it is necessary to confirm from 2 recommenders.
Each of both verifiers requires completing the form on two sheets, where it is indicated that they confirm education, previous work experience, real work experience and list the skills (from domains, as in the manual) that you possess.
After this, scans can be sent to ISACA e-mail, you will be assigned a Certification Assistant, which will check and issue a certificate, which takes up to 8 weeks.
Simultaneously with the submission of documents for certification, you need to pay another fee.
The certificate itself will be in paper form and sent by regular mail, therefore, one cannot expect a quick receipt in Russia. I hope to get it in a couple of months.
In general, the task turned out to be quite capable, if we approach it responsibly. Like most tasks in life, however ...
Obtaining certification was as follows:
December 2013 - making a decision
January 2014 - buying materials
January - May 2014 - studying theoretical materials
May-June 2014 - practice on the basis of questions
June 14, 2014 - exam
July 17, 2014 - obtaining results
July 18, 2014 - sending documents for certification
July 28, 2014 - receiving confirmation of certification
2 August 2014 - receiving an electronic badge confirming certification
Approximately September 2014 - receiving a paper certificate
Ps , CPE, . , .
Certification is quite popular, in Russia, judging by the turnout for the exam,
')
Under the spoilers, I hid my individual research regarding this certification, so that a large amount of text would not frighten those who had a chance to look in and want to quickly glance over the entire article. Fans of the details will be satisfied with my colorful souls, revealing spoilers.
And here is the first one. About myself
I have a higher professional education in information security. Experience in the state. structure, experience in the service of information security of one of the Big Three operators. Today I work as an IT and IB auditor and I plan to develop further in this direction.
Why CISA?
CISA certification is highly valued throughout the world and slowly comes to Russia. It is a good help for employment in international companies (but experience will not replace). Also in the ISACA certification lineup, the auditor is the first step towards CISM, which is already a recognized requirement for serious IT or information security managers. Another feature of CISA is the versatility of the material being studied, which will be useful in any case.
As I came to this ...
Before you reach the decision on obtaining certification, I have mastered a large number of different materials in related areas. Among the most interesting that came to my eyes over the last year (and in fact half a year, since the preparation began later) were: ISO 27001 (I could not specify, although I couldn’t say that this is the most interesting document, but certainly the reader), NIST Special Publication 800 (American Institute Information Security Series), COBIT 5 (this is more about IT, but very useful), ISAF 2 (this is purely for auditors).
Issue price
First of all, the question arises - how much will it cost? Here it is most reasonable to indicate the price in dollars, so it will be more relevant and objective. I was lucky, and I managed to pay most of it in January, when the
1. New Member Fee Online + 10.00
2. Russia Chapter (for 2014) + 10.00
3. Basic Membership Dues (for 2014) + 135.00
4. Bookstore Purchase (books) + 171.00
5. 2014 June CISA Exam + 495.00 - 75.00 - 50.00 = 370.00
6. CISA Practice Question Database v14 + 185.00
7. CISA Application Processing Fee + 50.00
Total = 931.00
From the preparatory materials, I bought everything that is possible (in English, there are still versions in Japanese, French, etc ... There is no Russian and this is good). The complete training package offered by ISACA includes:
1. The official manual for the exam (book).
2. Fresh questionnaire for 2014 (book).
3. Base questions for 2014 (software).
More about them below.
Recommendations:
1. Get discounts by becoming a member of the ISACA organization (option paid). In addition, without membership for the exam is still not allowed.
2. Buy materials and everything else as early as possible - save more.
3. If the employer pays for your certification, it will be a nice change.
4. Enough only official materials.
Discount history
It is worth mentioning here also one small case with a discount, which gave me $ 50 and a large portion of respect for the organization of ISACA. But the thing was that it cost me $ 420 for the exam (with a discount of $ 75 for early registration), as in the evening I received a letter from ISACA, in which I was informed in a cheerful tone about giving a personal discount for the $ 50 exam. It turns out almost 1,700 rubles - also money, and a little shame, a little bit late. Having spent half an hour thinking about the option of canceling a transaction and re-paying it already at a discount, I came to the conclusion that this was the wrong line of conduct. And then I just wrote in support that I paid for the exam, having forgotten to use my personal discount code and indicated it in the letter. I did it more out of despair than in the hope of getting a real solution. What was my surprise when support without any further questioning notified me that the missed discount would be transferred to my card. What happened a few days later. I was humanly pleased.
Theory and practice: a picture about cool encryption and cryptanalysis with a soldering iron.
About theory
Exam is given after self-preparation. The Internet also offers courses that are naturally quite expensive. For five days, they promise to cover the material of the entire exam. I will not follow the principle of “did not read, but condemn”, but for myself this option was swept away immediately. Therefore, the preparation solely on their own.
The theory is represented by five domains, which are described on the official website. In a sense, I was lucky, because my professional education and the main practical experience got into the subject of Information security domain, the proportion of which in the exam is almost a third. This means that the questions from this domain are more common and it was easier for me, since I know this topic more than closely.
Now about the official manual. There are many theories, a book with more than 300 pages in small print. The text is quite lively and differs for the better from dry standards. At the beginning of each domain, those competencies are described that highlight the practical tasks for which these competencies are necessary. At the end of each domain there are test cases so that you can evaluate yourself by answering a few questions.
The information in the manual is very detailed and useful. Allows an engineer to look at project management issues, and managers, for example, at change management issues. Naturally, the depth of the material is far from professional literature, so the section dedicated to your specialization will be read twice as fast.
How I prepared
Having chosen the summer exam, which is to take place in June, I decided to start preparing for 5 months. As it turned out - this is much more than advised in the forums. However, this approach gave its results, the certificate was obtained, so I think that I chose the right path.
In most reviews on preparation for the CISA, you will find the statement that there is enough official material. Now I can confidently confirm this statement, especially if you have a good technical background.
However, I not only decided to prepare for 5 months, but I did it successfully and almost daily . Stability, regularity, constancy - this is all a guarantee of a good result (as in any training). In the middle of January I paid for the books, and in order not to wait until they came (in my case, this wait lasted more than a month) I began to read the manual of 2013 found on the Internet. According to the assurances of experienced, most of the material for the year has not changed (and for two, and for three, in fact, too).
Below is an example of a graph in accordance with which I prepared and motivated myself (in the columns, the page range, empty and introductory pages were missing). On average, it turned out to read about 4 pages of the official manual per day, which was enough for a foreign text in small print, especially if you did not just read it, but try to understand and remember more. As a result, because of the good quality of the text and its “liveliness,” my vocabulary has expanded considerably.
I calculated that I would finish the whole theory around May and after that I could devote a month and a half to studying the base of questions.
Something like this happened, but the May holidays, as usual and as I suspected, are completely out of the rut of preparation, in spite of anything beyond motivation.
In most reviews on preparation for the CISA, you will find the statement that there is enough official material. Now I can confidently confirm this statement, especially if you have a good technical background.
However, I not only decided to prepare for 5 months, but I did it successfully and almost daily . Stability, regularity, constancy - this is all a guarantee of a good result (as in any training). In the middle of January I paid for the books, and in order not to wait until they came (in my case, this wait lasted more than a month) I began to read the manual of 2013 found on the Internet. According to the assurances of experienced, most of the material for the year has not changed (and for two, and for three, in fact, too).
Below is an example of a graph in accordance with which I prepared and motivated myself (in the columns, the page range, empty and introductory pages were missing). On average, it turned out to read about 4 pages of the official manual per day, which was enough for a foreign text in small print, especially if you did not just read it, but try to understand and remember more. As a result, because of the good quality of the text and its “liveliness,” my vocabulary has expanded considerably.
I calculated that I would finish the whole theory around May and after that I could devote a month and a half to studying the base of questions.
Something like this happened, but the May holidays, as usual and as I suspected, are completely out of the rut of preparation, in spite of anything beyond motivation.
Recommendations:
1. Regularity is a must for success.
2. Calculate the time with a margin, for a couple of months to fully prepare difficult. Reading every day 4 pages per book will take you more than 3 months - and this is without days off.
3. Find as much motivation as you can. It's all individually. I built the schedule, and a lot of how I still encouraged and controlled myself.
4. Protect yourself from everything that distracts you. For example, I finally left my
5. Try not to burn out. Take a break once or twice a week, but do not forget that you will have to increase the load in the following days.
Training on issues
The base of questions consists of two parts. The first is a book with 100 fresh questions (updated every year), in which there are detailed explanations of the answers and a pair of answer sheets as in the exam so that you can arrange a hardware simulation of the exam. Questions, as in the exam, are mixed by topic, the difficulty varies from obvious to difficult.
The second is a database of questions provided on disk or simply downloaded as a setup file of 76 megabytes. If you
The main possibility is a software simulation of the exam - 4 hours with a countdown, 200 questions and no explanations for choosing the answer.
How I worked with the questionnaire
I bought the base of questions back in March, as soon as it became available (they started selling it later than basic materials).
However, I carefully kept the distribution until the May holidays, believing that it is better to first read the entire manual, and then chase away all the questions at once. After the end of the training, I thought that maybe it was worth answering 50-100 questions from the database for each domain after I read the material from the manual. Perhaps this would allow more clearly to learn and remember the basic principles. However, I'm not sure that all this would not be erased by subsequent domains.
The question base is a special program that allows you to track your progress on answering questions, choosing training modes, etc. A great option, without it seems to me impossible to successfully prepare for the exam.
The base makes it clear the basic principles of the formation of questions, since often the questions sound a bit unusual. As everyone knows, questions in the absolute majority of cases require you to choose thewrong is not the right, but the most suitable or, for example, the least difficult option. Also on these issues, you will understand the basic ideas, such as: human life is above all other values ​​and goals (in the case of checking for safety systems during disasters, for example), audit evidence must be reliable and reliable (before reporting on any violation, you need to collect sufficient, reliable and strong evidence), etc. These concepts will make it easier to navigate issues when doubts arise.
The general concept of training allows you to take the adaptive course of the Personal Professor, during which the program itself selects questions and domains for you, mixing them in a proportion roughly equivalent to the exam. It is also possible to answer questions from a separate domain, etc.
At the beginning, I passed questions of 30-50 pieces in the Personal Professor mode every day. After answering, the program provides an explanation of the correct and incorrect answers. This allows you to learn not only the principles of “as it should,” but also “as it should not,” which, of course, is also useful. Thus, testing allows you to study the material even in the process of answering questions. However, the program of the Professor periodically slips the old questions, to consolidate. Repetitions are about 10-20%, and this is useful on the one hand, because “repetition is the mother of learning”. However, on the other hand, the questions become familiar and after that the head already chooses the answer not on the basis of reflections, but recalling the question.
I think that in pure form it is impossible to remember 1100 questions with answers, however, on the most diverse set of associations (length of question, key words) before the exam itself (after a month of daily classes) I answered more than 50% of the questions on the machine, almost without thinking and not reading the answers, but as if “perceiving” them (looking distractedly at all the text on the monitor, like fighters in the ring to catch all the opponent's movements). Therefore, towards the end, I had to change my tactics a little. A week before the exam, I had about 300 questions that I never answered correctly during my studies (either I was wrong, or the program did not even offer me these questions). Therefore, in the last week I trained by answering only those questions that were not answered, the program assumes such a regime. I set myself the goal to answer correctly at least 1 time to absolutely all questions.
There were questions that I answered incorrectly over and over again. My reasoning logic differed from the opinion of ISACA specialists. Maybe due to lack of experience, subtleties of translation and something else. I honestly tried to hammer these questions again and again, until I understand and remember the essence of the correct answer.
The program also has the ability to simulate the exam - 200 questions in 4 hours. I passed this test 4 or 5 times to practice assiduity and to simulate the load roughly. However, of course, such training gives only a rough idea of ​​the exam. I usually managed from 2 and a quarter to 3 hours of the 4.
However, I carefully kept the distribution until the May holidays, believing that it is better to first read the entire manual, and then chase away all the questions at once. After the end of the training, I thought that maybe it was worth answering 50-100 questions from the database for each domain after I read the material from the manual. Perhaps this would allow more clearly to learn and remember the basic principles. However, I'm not sure that all this would not be erased by subsequent domains.
The question base is a special program that allows you to track your progress on answering questions, choosing training modes, etc. A great option, without it seems to me impossible to successfully prepare for the exam.
The base makes it clear the basic principles of the formation of questions, since often the questions sound a bit unusual. As everyone knows, questions in the absolute majority of cases require you to choose the
The general concept of training allows you to take the adaptive course of the Personal Professor, during which the program itself selects questions and domains for you, mixing them in a proportion roughly equivalent to the exam. It is also possible to answer questions from a separate domain, etc.
At the beginning, I passed questions of 30-50 pieces in the Personal Professor mode every day. After answering, the program provides an explanation of the correct and incorrect answers. This allows you to learn not only the principles of “as it should,” but also “as it should not,” which, of course, is also useful. Thus, testing allows you to study the material even in the process of answering questions. However, the program of the Professor periodically slips the old questions, to consolidate. Repetitions are about 10-20%, and this is useful on the one hand, because “repetition is the mother of learning”. However, on the other hand, the questions become familiar and after that the head already chooses the answer not on the basis of reflections, but recalling the question.
I think that in pure form it is impossible to remember 1100 questions with answers, however, on the most diverse set of associations (length of question, key words) before the exam itself (after a month of daily classes) I answered more than 50% of the questions on the machine, almost without thinking and not reading the answers, but as if “perceiving” them (looking distractedly at all the text on the monitor, like fighters in the ring to catch all the opponent's movements). Therefore, towards the end, I had to change my tactics a little. A week before the exam, I had about 300 questions that I never answered correctly during my studies (either I was wrong, or the program did not even offer me these questions). Therefore, in the last week I trained by answering only those questions that were not answered, the program assumes such a regime. I set myself the goal to answer correctly at least 1 time to absolutely all questions.
There were questions that I answered incorrectly over and over again. My reasoning logic differed from the opinion of ISACA specialists. Maybe due to lack of experience, subtleties of translation and something else. I honestly tried to hammer these questions again and again, until I understand and remember the essence of the correct answer.
The program also has the ability to simulate the exam - 200 questions in 4 hours. I passed this test 4 or 5 times to practice assiduity and to simulate the load roughly. However, of course, such training gives only a rough idea of ​​the exam. I usually managed from 2 and a quarter to 3 hours of the 4.
Recommendations:
1. At first, you can use the Personal Professor mode, but you will not be fed up with one of them.
2. Take a walk at least once on the entire database of questions, necessarily studying explanations for the questions - this is a guarantee of consolidation of the studied.
3. Try not only to intuitively choose the answer based on your experience and knowledge, but to mentally voice the logic of choice for yourself. This will allow better to consolidate the material in those issues that cause particular difficulties.
4. Be sure to pass at least a couple of times exactly the four-hour simulation of the exam.
5. It is useful for self-assessment to go through the book simulation of the exam before learning the theory. Then after studying the theory. And it is possible after studying most of the database of questions. This will help to understand the dynamics of learning.
Exam
The exam is carried out 3 times a year. In 2014 it is June, August and December. Details about the deadlines for registration for the exam and discounts for early registration can be found on the official website.
The case takes place in Moscow. It seems that residents of the CIS countries, where examinations are not conducted, come to this place. The Russian division of ISACA does not have a platform, so an event is held at the sites of universities or other organizations. The June exam was held at the institute next to the Belarusian one.
An invitation to an exam is a document without which they are not allowed to pass. It is sent by mail and email so that you can print it yourself. The invitation describes in detail the strict rules for the examination, the conditions for
The structure of the exam is also described in detail on the official website. Initially, verbal instruction, collective filling in exam questionnaires and answers to questions. then everyone hides sealed questionnaires (which can be used as a draft) and proceed to the exam.
How did everything go
Invitations to the exam, sent by mail, I did not wait until now. Probably, customs officials thought that in a letter from America lies the iPhone. However, the invitation is easily printed from the ISACA website from the personal account.
From the subtleties : write your name on the site in English. The fact that the document certifying your identity on the exam (passport) says in Russian is not a problem. Reliable information from technical support.
On the exam, everything is not so strict as it was written in the invitation. The staff of the training center, who conducted the exam, are lovely people who speak Russian. Answer any questions. Actively help. As a result, you could take with you things and mobile devices (which was strictly forbidden in the document), provided that you put them carefully next to the chair. I left everything in the car, taking with me only a passport, pencils, an invitation, and the keys to the car. Someone even managed a little snack. One latecomer was launched after the start of oral instruction, although I would not allow the second exception anymore. Wishing handed out earplugs and pencils, if someone forgot.
The start was slightly delayed and the exam started 40 minutes later than the scheduled time. 4 hours passed almost imperceptibly and they were barely enough.
All that I managed to do in the end was to answer three-quarters of the questions at once to a clean copy. And the remaining 50 questions from the draft are re-read again and again having considered the answer in the answer sheet. All I have left is 20 minutes. Judging by the pair of neighbors, I was not the slowest, so time is actually less than I expected.
Questions on the exam are completely different than in the database. You should not hope to find similar or altered questions. Questions seem harder than in the preparatory base. Perhaps this is the stress and conditions of the exam. Some questions gave the impression that their subjects were not even covered in the manual, although I am sure that this is not so. And this means that 1,100 questions even in general did not cover all the material.
In general, the exam has fewer light questions like choosing a hash function among encryption algorithms, choosing the right type of backup data center, etc.
However, there are a small number of questions (maybe 10% -15%), which can be answered based on the very general principles mentioned above.
On exiting the exam, I had absolutely no understanding of my results. I felt that with exactly the same probability I could, as well as pass, and not pass the exam. A very unusual sensation resulting from complex issues.
Some who pass are advised to get drunk and forget about the exam until you get the results. And if you can not forget - get drunk again. I just managed to protect myself from muddy thoughts and plunging in the work would move away from it, despite regular questioning of others about the result.
From the subtleties : write your name on the site in English. The fact that the document certifying your identity on the exam (passport) says in Russian is not a problem. Reliable information from technical support.
On the exam, everything is not so strict as it was written in the invitation. The staff of the training center, who conducted the exam, are lovely people who speak Russian. Answer any questions. Actively help. As a result, you could take with you things and mobile devices (which was strictly forbidden in the document), provided that you put them carefully next to the chair. I left everything in the car, taking with me only a passport, pencils, an invitation, and the keys to the car. Someone even managed a little snack. One latecomer was launched after the start of oral instruction, although I would not allow the second exception anymore. Wishing handed out earplugs and pencils, if someone forgot.
The start was slightly delayed and the exam started 40 minutes later than the scheduled time. 4 hours passed almost imperceptibly and they were barely enough.
All that I managed to do in the end was to answer three-quarters of the questions at once to a clean copy. And the remaining 50 questions from the draft are re-read again and again having considered the answer in the answer sheet. All I have left is 20 minutes. Judging by the pair of neighbors, I was not the slowest, so time is actually less than I expected.
Questions on the exam are completely different than in the database. You should not hope to find similar or altered questions. Questions seem harder than in the preparatory base. Perhaps this is the stress and conditions of the exam. Some questions gave the impression that their subjects were not even covered in the manual, although I am sure that this is not so. And this means that 1,100 questions even in general did not cover all the material.
In general, the exam has fewer light questions like choosing a hash function among encryption algorithms, choosing the right type of backup data center, etc.
However, there are a small number of questions (maybe 10% -15%), which can be answered based on the very general principles mentioned above.
On exiting the exam, I had absolutely no understanding of my results. I felt that with exactly the same probability I could, as well as pass, and not pass the exam. A very unusual sensation resulting from complex issues.
Some who pass are advised to get drunk and forget about the exam until you get the results. And if you can not forget - get drunk again. I just managed to protect myself from muddy thoughts and plunging in the work would move away from it, despite regular questioning of others about the result.
Recommendations:
1. It is very important to find your own rhythm, to understand how much time is permissible on an easy / medium / difficult question. With this help simulate the exam during preparation.
2. Naturally, distract, relax, clear your mind and so on. Most likely it will not work if you do not own yoga.
3. Feel the line between questions that need to be answered immediately and those that should be re-thought. Walk twice on all almost unreal.
4. Leaving the question for later select at least some option. Perhaps the intuition that prompted the first answer will be the only guide.
Preparation of documents
Exam results are announced after 5 weeks. This is quite fast, because there used to be as many as 8. After that, a notification and further instructions are sent to the email. ISACA honestly warns that it is too early for everyone to boast that you have become CISA, but gives links to social services. network, so that everyone can share the news about the successfully passed exam.
Now begins the preparation phase of the CISA Application. It is necessary to fill in 6 sheets A4 with the following information by hand or via a form in the browser:
1. Work experience
2. Teaching experience
3. Education
4. Certificate Delivery Information
5. Confirmation from 2 people
In accordance with the requirements for certification, you must confirm 5 years of work experience. Part can be counted for teaching experience, and part for higher education. I was counted 2 years for a higher education in information security, the remaining 4 years for real work experience.
For confirmation of education, you can send a special letter from the educational institution to ISACA, however, to simplify the procedure, it is necessary to confirm from 2 recommenders.
Each of both verifiers requires completing the form on two sheets, where it is indicated that they confirm education, previous work experience, real work experience and list the skills (from domains, as in the manual) that you possess.
After this, scans can be sent to ISACA e-mail, you will be assigned a Certification Assistant, which will check and issue a certificate, which takes up to 8 weeks.
Simultaneously with the submission of documents for certification, you need to pay another fee.
The certificate itself will be in paper form and sent by regular mail, therefore, one cannot expect a quick receipt in Russia. I hope to get it in a couple of months.
Real terms
After just 2 days less than the promised five weeks, I finally got the result from ISACA.
I did not postpone and the next morning I filled out the documents for certification, scanned and sent, paying $ 50 more on the way.
After just 10 days after sending the documents, an email was received about the certification awarding and receiving the official CISA title. It's time to call everyone and show off a new achievement. A few days later we received a letter with a link to an electronic badge, which can be provided to all who doubt and are interested in your certificate. The electronic badge is provided in accordance with the Mozilla Open Badges standard by youracclaim.com. On the site, you must create a profile in which you can aggregate similar electronic badges from other places. This badge can already be attached to the profile on Linkedin or HH.ru.
It looks like a piece of my badge:
I did not postpone and the next morning I filled out the documents for certification, scanned and sent, paying $ 50 more on the way.
After just 10 days after sending the documents, an email was received about the certification awarding and receiving the official CISA title. It's time to call everyone and show off a new achievement. A few days later we received a letter with a link to an electronic badge, which can be provided to all who doubt and are interested in your certificate. The electronic badge is provided in accordance with the Mozilla Open Badges standard by youracclaim.com. On the site, you must create a profile in which you can aggregate similar electronic badges from other places. This badge can already be attached to the profile on Linkedin or HH.ru.
It looks like a piece of my badge:
Chronology of events
In general, the task turned out to be quite capable, if we approach it responsibly. Like most tasks in life, however ...
Obtaining certification was as follows:
December 2013 - making a decision
January 2014 - buying materials
January - May 2014 - studying theoretical materials
May-June 2014 - practice on the basis of questions
June 14, 2014 - exam
July 17, 2014 - obtaining results
July 18, 2014 - sending documents for certification
July 28, 2014 - receiving confirmation of certification
2 August 2014 - receiving an electronic badge confirming certification
Approximately September 2014 - receiving a paper certificate
Ps , CPE, . , .
Source: https://habr.com/ru/post/233735/
All Articles