The first certification most IT professionals in the Information Security field want is the CISA (certified information systems auditor). It's a great foundation to prove you know a thing or two about managing IT risks and the inevitable compliance duties that come with IT management positions.
If you are thinking of taking the CISA examination here are a few pieces of advice that helped me easily pass the test.
1. Utilize the Practice Questions Database! This is probably the most essential part of passing the CISA examination. The practice questions are almost identical in content and format to what you will see on the actual test. I took the practice tests until I was at about 90% accuracy.
2. Read the CISA study guide. I gave myself three months to work through the entire book. I focused mostly on key terms and concepts. The book is fairly readable and if you have a little IT experience to put the concepts in context it's much easier to follow.
That's it. If you do these two things I'm willing to bet that 99% of people who take the CISA examination will pass. Please be sure to check ISACA's website for the latest study material here. They tend to update (even if only slightly) each year.
