ISACA Fundamentals Cybersecurity Exam

By: Mark Ferwerda

The Cybersecurity (CSX) Fundamentals certificate through ISACA (Information Systems Audit and Control Association) helps build competency in cybersecurity concepts, principles and language. During the COVID lockdown, I decided this was one of the BTI focus areas I would like to learn more about, and this article relates to my experiences preparing for and taking the certification exam.

Preparing for the ISACA Fundamentals Cybersecurity Exam

ISACA is an international professional association with a focus on IT governance. They offer a variety of courses and certificates on IT topics and cybersecurity. While ISACA would like you to join them as a member (reduced test fees is one incentive offered), you do not need to be a member to apply for certificates.

The Cybersecurity Fundamentals certificate is focused on fundamentals and is not overly technical. It is based on ISACA’s on-line book “CSX Cybersecurity Fundamentals”. The book has 6 sections with several appendixes:

  1. Cybersecurity Introduction and Overview
  2. Cybersecurity Concepts
  3. Security Architectures Principles
  4. Security of Networks, Systems, Applications and Data
  5. Incident Response
  6. Security Implications and Adoption of Evolving Technology

At the end of each chapter is a knowledge check to see how well you understood the chapter (Answers are provided in Appendix C).

I downloaded a copy of the book and went to a local print shop and printed it out. I read through it once just to get a basic understanding, and then read through it a second time and highlighted what I thought was important. At this point, I was still confused by some things, as several topics seemed to come up in multiple places and I did not understand why, so I then outlined all the chapters and that helped quite a bit.

Taking the ISACA Fundamentals Cybersecurity Exam

To qualify for the certificate, you must take an online proctored test. The test consists of 75 multiple choice questions, with a passing grade of at least 65%, so the bar does not seem that high. ISACA has some pre-test practice questions that you can take on-line to gauge whether you are ready to take the online test. I took the pre-test before I read the book to see where I stood (really bad) and then again after (much better).  You can take the pre-test as often as you want to, and the questions are not always the same, so taking it multiple times is worthwhile if you feel you need the practice.

After some further studying, I signed up for the test. I had a variety of times to pick from that were 2 weeks out or more, and I received a list of conditions to meet in order to take the test. There were no notes allowed, and you need a quiet room with no people around, a camera and a mic so the proctor could see and talk to you. Also, you have to download an application to your computer (I have a Mac) to take the test. When you run the application, you cannot exit the test until you have completed all questions.  

On the day of the test, I got online about 30 minutes early to make sure things were set up correctly and everything was ready. Once my appointed time came, my proctor joined me online. We confirmed my identity and went over the rules. I had to pan my camera around my desk and room to make sure there were no papers, books, or pens around. I was not allowed to get out of my chair or move out of sight of the camera once the test started. Once that was done, my proctor asked if I had any questions and if not, I could start the test. I had 2 hours to finish the test that included the 10 minutes setup with the proctor.  I actually finished in about 1 hour and had plenty of time to review my answers. Once I hit submit, I got my results back within a minute.  The results come back graded by sections and an overall score. While I didn’t do as well as I thought, I had room to spare. Interestingly I did the best on the sections I thought were my weakest (the more technical sections 4-6) while I did worst on the more general sections (sections 2 & 3). I would have liked to know what questions I missed but that information was not provided. There were some questions that I didn’t remember reading about at all, so maybe the test wasn’t quite that easy. Finally, none of the pre-test practice questions showed up on the actual test.

Obtaining the Cybersecurity Fundamentals Certificate

ISACA notified me within several days with information on where I could get my certificate. I submitted my test expenses for reimbursement and, as a bonus, BTI provided a nice bonus for getting the certificate! I thought the overall experience was well worth the effort and the cybersecurity knowledge has been helpful for my work.  For more information on the ISACA cybersecurity certificate programs, visit the following links and  

Note that as of 1 June 2021, the Cybersecurity Fundamentals Certificate exam will be based on the updated work-related domains as outlined below. 

  • Information Security Fundamentals (27%) 
  • Threat Landscape (18%) 
  • Securing Assets (35%) 
  • Security Operations and Responses (20%)

Interested in joining the BTI team?  Check out our benefits and current open positions.

Previous ArticleCybersecurity Maturity Model Certification Next ArticleUnderstanding the Role of DFARS vs. CMMC