The CISA Domains – An Overview

March 16, 2011 by Kenneth Magee

ISACA’s 2011 CISA Exam material has been revised from six domains to five domains.  Prior to 2011 Domain 6 was Business Continuity and Disaster Recovery.  That old Domain 6 has been separated into two parts with Business Continuity being included in Governance and Management of IT which is Domain 2 and Disaster Recovery being merged into Domain4 which is Information Systems Opertions, Maintenance and Support.  The only domain title which stays the same is Domain 5 Protection of Information Assets.  Each domain also has a new weight for the exam and a new number of questions.  So the new names, weights, and number or questions are as follows:

Domain 1: The Process of Auditing Information Systems (14% of the exam or 28 questions)

Domain 2: Governance and Management of IT (14% of the exam or 28 questions)

Domain 3: Information Systems Acquisition, Development and Implementation (19% of the exam or 38 questions)

Domain 4: Information Systems Operations, Maintenance and Support (23% of the exam or 46 questions)

Domain 5: Protection of Information Assets (30% of the exam or 60 questions)

I will be updating the existing Domain articles over the next five weeks so check back often to get the latest.

It’s important as an auditor to understand the areas, not just to pass the exam, but to provide value to the IT audit process.


Posted: March 16, 2011


We've encountered a new and totally unexpected error.

Get instant boot camp pricing

Thank you!

A new tab for your requested boot camp pricing will open in 5 seconds. If it doesn't open, click here.

Articles Author
Kenneth Magee
View Profile

J Kenneth (Ken) Magee is president and owner of Data Security Consultation and Training, LLC, which specializes in data security auditing and information security training. He has over 40 years of IT experience in both private industry and the public sector with the last 21 devoted to IT security and Risk Management.

Ken holds degrees from Robert Morris University and Fairleigh Dickinson University. He holds 30 certifications including: CTT+, CEH, CPT, SSCP, CISSP-ISSMP, CAP, CISA, CISM, ISO 27001 PA, GIAC-GWAPT/GSEC/GSNA, CIA-CGAP, Security+, and CDP. He is a Senior Instructor with the InfoSec Institute.