Module 1: Introduction
- Digital Asset Protection
- Lines of Defense
- Role of Audit
- Audit Objectives
- Audit Scope
Module 2: Cybersecurity Governance
- Cybersecurity Roles and Responsibilities
- Security Frameworks
- Security Organization Goals & Objectives
- Cybersecurity Policy and Standards
- Cyber and Legal/ Regulatory Requirements
- Information Asset Classification
- Cybersecurity Insurance
- Cybersecurity Risk Assessment
- Cybersecurity Awareness Training & Education
- Social Media – Risk and Control
- Third-Party Assessment
- Service Providers
- Supply Chain Risk Management
- Performance Measurement
Module 3: Cybersecurity Operations
- Concepts and Definitions
- Threat and Vulnerability Management
- Enterprise Identity and Access Management
- Configuration Management / Asset management
- Change Management
- Patch Management
- Network Security
- Build and Deploy/Secure Authorization Process for Information Technology
- Incident Management
- Client Endpoint Protection
- Application Security
- Data Backup and Recovery
- Security Compliance
- Cryptography
Module 4: Cybersecurity Technology Topics
- Firewall and Network Security technologies
- Security Incident & Event Management (SIEM)
- Wireless Technology
- Cloud Computing
- Mobile Security
- Internet of Things (IoT)
- Virtualization Security
- Industrial Control Systems (ICS)
The Cybersecurity Audit Certificate Exam is an online, closed-book, remotely proctored exam. The exam covers four domains and includes a total of 75 questions. The number of questions in each domain is based upon the domain’s assigned weight. The chart on the right displays the domains and the weights assigned to them.
- Cybersecurity Governance - 20%
- Cybersecurity Operations - 45%
- Cybersecurity Technology Topics - 30%
- Cybersecurity and the audit role - 5%
Product Access Change
Important Update to ISACA Product Access Periods
Effective 16 April 2026, ISACA is changing product access times from 12-months to 6-months across Exams, QAE, Online Review Courses, non-sponsored Webinars, and Virtual Workshops.
Access periods will change from 12 months to 6 months, as outlined below.
How the New Access Windows Work
- 1. Assignment & Redemption Window: Products must be assigned and redeemed within 6 months of the purchase date.
- 2. Access & Completion Window: Once redeemed, learners will have 6 months of access to use the product. This includes - Accessing learning content, Scheduling exams, Sitting exams (where applicable).
What This Means for You as a Learner
- Review Manuals – Learners will continue to have longterm access
- QAE Databases & Online Review Courses – Available for 6 months after redemption
- Exams – Must be scheduled and completed within 6 months of redemption
- We recommend redeeming products promptly and planning your study and exam schedule early to make the most of your access period.