1. Certification Programs�CISA/CISM/CGEIT�DoD Overview ��Update: 1 May 2009�� NOTE: This ISACA awareness presentation is copyrighted by ISACA. 2009 ISACA. All rights reserved.
NOTE: This ISACA awareness presentation is copyrighted by ISACA. 2009 ISACA. All rights reserved.
2. ISACA Facts Founded in 1969, as the EDP Auditors Association
More than 86,000 members in over 160 countries
More than 175 chapters in over 70 countries worldwide
3. ANSI Accreditation The American National Standards Institute (ANSI) has awarded accreditation under ISO/IEC 17024 to the Certified Information Systems Auditor (CISA) and Certified Information Security Manager (CISM) certification programs.
Accreditation by ANSI signifies that ISACAs procedures meet ANSIs essential requirements for openness, balance, consensus and due process.
4. DoD Mandate 100% of the DoD IA workforce to be certified by 12/10.
How do ISACAs CISA and CISM certifications apply to the mandate?
5. CISA Certification Details Title SlideTitle Slide
6. Individuals with experience providing:
IT audit and assurance services
Assurance that:
the organization can achieve corporate
governance of IT
systems and infrastructure life cycle management meets the organizations objectives
IT service management practices meet the organizations objectives
an organizations security architecture ensures confidentiality, integrity and availability of information assets
disaster recovery and business continuity plans will ensure timely resumption of IT services while minimizing the business impact. Who is the CISA Certification intended for?
7. CERTIFIED PROFESSIONALS
More than 60,000 CISAs worldwide
EXAM
Offered twice annually in June and December
Offered in 12 languages, in 250+ locations
In 2008, more than 28,000 candidates registered for the exam CISA Certification �Current Facts
8. CISAs as our Current and Future Leaders
9. Earn a passing score on the CISA Exam
Have a minimum of five years of verifiable IS audit, control or security experience (substitutions available)
Submit the CISA application and receive approval
Adhere to ISACAs Code of Professional Ethics
Abide by IS Auditing Standards as adopted by ISACA
Comply with CISA Continuing Professional Education Policy CISA Certification�Requirements
10. Why Become A CISA? Enhanced Knowledge and Skills
To demonstrate your willingness to improve your technical knowledge and skills
To demonstrate to management your proficiency and commitment toward organizational excellence
Career Advancement
To obtain credentials that employers seek
To enhance your professional image
Worldwide Recognition
To be included with over 60,000 other professionals who have gained the CISA designation worldwide
11. U.S. Department of Defense approved obtaining a CISA among the four approved baseline certifications for IT Assurance professionals at Level III
U.S. Federal Reserve System requires IT Examiners to obtain a CISA
Canadian Institute of Chartered Accountants (CICA) recognizes CISA as a IT assurance specialty
The American Institute of CPAs waives all requirements to become a CITP to CPAs and CISAs in good standing
Law in Korea requires that highly skilled professionals, such as CISAs, perform information system audit and security services
The US Department of Veteran Affairs reimburses exam fees for the CISA exam
The National Stock Exchange (NSE) of India recognizes the CISA designation as an integral facet of its system auditing guidelines.
Indias National Information Security Assurance Program recognizes the CISA designation to assess the information security risks in public sector organizations
Microsoft recognizes CISA as a part of its Infrastructure Security and Security Management specializations
.For other recognitions, please contact Karyn Waller at kwaller@isaca.org.
12. CISA Job Practice IS Audit Process 10%
Provide IS audit services in accordance with IS audit standards, guidelines, and best practices to assist the organization in ensuring that its information technology and business systems are protected and controlled.
IT Governance 15%
To provide assurance that the organization has the structure, policies, accountability, mechanisms, and monitoring practices in place to achieve the requirements of corporate governance of IT.
Systems and Infrastructure Lifecycle 16%
To provide assurance that the management practices for the development/acquisition, testing, implementation, maintenance, and disposal of systems and infrastructure will meet the organizations objectives.
IT Service Delivery and Support 14%
To provide assurance that the IT service management practices will ensure the delivery of the level of services required to meet the organizations objectives.
Protection of Information Assets 31%
To provide assurance that the security architecture (policies, standards, procedures, and controls) ensures the confidentiality, integrity, and availability of information assets.
Business Continuity and Disaster Recovery 14%
To provide assurance that in the event of a disruption the business continuity and disaster recovery processes will ensure the timely resumption of IT services while minimizing the business impact.
13. CISM Certification Details Title SlideTitle Slide
14. Who is the CISM Certification Intended for? Individuals who design, implement and manage an enterprises information security program.
Security managers
Security directors
Security officers
Security consultants
15. CISM Uniqueness What makes CISM Unique?
Designed for information security managers exclusively
Criteria and exam developed from job practice analysis validated by information security managers
Experience requirement includes information security management
CISM Growth:
More than 10,000 CISMs worldwide
In 2009, exam offered in 250+ locations
Exam also offered in Japanese and Spanish and Korean
16. CISM General Requirements Certified Information Security Manager (CISM) Criteria
Earn a passing score on the exam
Submit verified evidence of a minimum of five years of information security work experience
Adhere to ISACA Code of Professional Ethics
Comply with continuing education policy
17. CISM Recognition U.S. Department of Defense approves obtaining a CISM among the three approved baseline certifications for IT Assurance Managers at Level II and III
The US Department of Veteran Affairs reimburses exam fees for the CISM exam
Microsoft recognizes CISM as a part of its Infrastructure Security and Security Management specializations
18. CISMs by Job Title
19. Summary of CISM Job Practice Areas Information Security Governance (23%) - Establish and maintain a framework to provide assurance that information security strategies are aligned with the business objectives and consistent with applicable laws and regulations.
Information Risk Management (22%) - Identify and manage information security risks to achieve business objectives.
Information Security Program Development (17%) - Create and maintain a program to implement the information security strategy.
Information Security Program Management (24%) - Design, develop and manage an information security program to implement the information security governance framework.
Incident Management and Response (14%) - Plan, develop and manage a capability to detect, respond to and recover from information security incidents.
20. CISM and CISA Exam Details Title SlideTitle Slide
21. Types of Questions on the CISM and CISA Exams Each exam consists of 200 questions administered over a four-hour period
Questions are designed to test practical knowledge and experience
All questions are multiple choice
Questions require the candidate to choose one best answer
Every question or statement has four options (answer choices)
22. Administration of the CISA and CISM Exams More than 250 test sites offered
Exams offered in every city where there is an ISACA chapter or a large interest in individuals sitting for the exam
Passing mark of 75 (scaled score)
2009/2010 exams - Saturday, 12 December 2009
Saturday, 12 June 2010
Saturday, 11 December 2010
23. December 2009 Registration Fees Early Registration: On or before 19 August 2009
ISACA Member: US $395.00
Non-Member: US $525.00
Final Registration: After 19 August 2009, but on or before 23 September 2009:
ISACA Member: US $445.00
Non-Member: US $575.00
Register Online at www.isaca.org/examreg
Online registration via the ISACA web site is encouraged, as candidates will save US $50.
Non-members can join ISACA at the same time, which maximizes their savings.
24. Bulletin of Information and Registration Form Sent to potential candidates in ISACA database each year
Can be downloaded from ISACA web site www.isaca.org/cisaboi or www.isaca.org/cismboi
Additional copies provided to ISACA chapters
25. CISM and CISA Continuing Education �Policy Details Title SlideTitle Slide
26. Continuing Education Requirements Certification is granted annually to those who:
annually report a minimum of 20 hours of continuing professional education
annually pay the continuing education maintenance fee
comply with the ISACA Code of Professional Ethics
report a minimum of 120 hours of continuing education for each fixed three-year period
27. What makes CISA and CISM unique? Experience based exams
One of a kind certifications
ISACA accredited by ANSI
Unique matching of DoD job requirements to CISA and CISM
28. New Certification CGEIT Certified in the Governance of Enterprise IT
www.isaca.org/cgeit
Same exam structure and offerings
First exam was December 2008
Over 3000 people have been grandfathered
Not currently part of 8570.1
29. We need to hear from you! Frequency of exams
Locations
Self-assessment
Training
Payment
Other
Contact for questions:
30. ISACA and ITGI
3701 Algonquin Road
Suite 1010
Rolling Meadows, IL USA 60008
Phone: +1.847.253.1545
Fax: +1.847.253.1443
Web site: www.isaca.org
