Cybersecurity Audit Certificate

The Cybersecurity Audit Certificate is ISACA's specialized credential for audit and assurance professionals who need to evaluate cybersecurity programs, controls, and technologies. It bridges the gap between traditional IT audit skills and modern cybersecurity requirements, equipping auditors to assess cloud security, identity management, threat intelligence practices, and incident response capabilities. It is highly valued by internal auditors working in technology-intensive organizations.

Request Training Email Inquiry

What is the Cybersecurity Audit Certificate?

Who Should Take This Course?

IT Auditors expanding into cybersecurity assurance
Internal Auditors in financial services, healthcare, and government
Information Security Auditors and Reviewers
Compliance professionals auditing security controls
CISA-certified professionals adding cybersecurity depth
Risk Managers overseeing cybersecurity audit functions
Consultants performing cybersecurity maturity assessments

What You Will Learn in the CSAC Course

A comprehensive curriculum covering all exam objectives with hands-on labs and real-world practice.

Module 1: Cybersecurity Fundamentals for Auditors

Establish core cybersecurity knowledge required for effective auditing.

Cybersecurity concepts, threats, and attack vectors
Cybersecurity frameworks: NIST CSF, ISO 27001, CIS Controls
The audit lifecycle applied to cybersecurity programs
Audit evidence collection for cybersecurity reviews

Module 2: Auditing Security Controls and Technologies

Evaluate technical and operational cybersecurity controls.

Auditing network security: firewalls, IDS/IPS, segmentation
Identity and access management (IAM) audit procedures
Endpoint protection and vulnerability management audits
Encryption and data protection control reviews

Module 3: Cloud and Emerging Technology Auditing

Apply audit techniques to cloud environments and emerging technologies.

Cloud security shared responsibility models
Auditing IaaS, PaaS, and SaaS environments
Third-party and vendor cybersecurity risk auditing
DevSecOps and CI/CD pipeline security reviews

Module 4: Incident Response and Resilience Auditing

Assess incident response capabilities and business resilience programs.

Auditing incident response plans and procedures
Threat intelligence program evaluation
Business continuity and disaster recovery audit
Reporting cybersecurity audit findings to leadership

Course Prerequisites

Pre-requisites training is free when you purchase the course from ProSupport

No formal prerequisites — open to audit and security professionals
Basic IT audit or cybersecurity background is strongly recommended
CISA certification or experience in audit roles is beneficial
No work experience requirement for the certificate

Exam Information

Everything you need to know about the CSAC certification exam.

Exam Component	Details
Exam Name	Cybersecurity Audit Certificate
Exam Code	CSAC
Exam Type	Multiple Choice
Total Questions	75
Passing Score	65% (49 out of 75)
Exam Duration	120 minutes
Language	English
Exam Provider	ISACA Online Proctoring
Exam Focus	Cybersecurity fundamentals for auditors, control evaluation, cloud auditing, and incident response
Exam Registration	ISACA portal (isaca.org/credentialing/certificates)
Retake Policy	No mandatory waiting period; re-registration required
Certification Validity	No expiry — certificate holders should maintain ongoing CPE