Presentation is loading. Please wait.

Presentation is loading. Please wait.

Certification Programs CISA/CISM/CGEIT DoD Overview Update: 1 May 2009.

Published byBonnie Watkins Modified over 9 years ago

Similar presentations

Presentation on theme: "Certification Programs CISA/CISM/CGEIT DoD Overview Update: 1 May 2009."— Presentation transcript:

1 Certification Programs CISA/CISM/CGEIT DoD Overview Update: 1 May 2009

2 ISACA Facts  Founded in 1969, as the EDP Auditors Association  More than 86,000 members in over 160 countries  More than 175 chapters in over 70 countries worldwide

3 ANSI Accreditation  The American National Standards Institute (ANSI) has awarded accreditation under ISO/IEC 17024 to the Certified Information Systems Auditor (CISA) and Certified Information Security Manager (CISM) certification programs.  Accreditation by ANSI signifies that ISACA’s procedures meet ANSI’s essential requirements for openness, balance, consensus and due process.

4 DoD Mandate  100% of the DoD IA workforce to be certified by 12/10.  How do ISACA’s CISA and CISM certifications apply to the mandate? IAT Level IIAT Level IIIAT Level III CISA! IAM Level IIAM Level IIIAM Level III CISM!

5 CISA Certification Details

6 Individuals with experience providing:  IT audit and assurance services  Assurance that: the organization can achieve corporate governance of IT systems and infrastructure life cycle management meets the organization’s objectives IT service management practices meet the organization’s objectives an organization’s security architecture ensures confidentiality, integrity and availability of information assets disaster recovery and business continuity plans will ensure timely resumption of IT services while minimizing the business impact. Who is the CISA Certification intended for?

7 CERTIFIED PROFESSIONALS  More than 60,000 CISAs worldwide EXAM  Offered twice annually in June and December  Offered in 12 languages, in 250+ locations  In 2008, more than 28,000 candidates registered for the exam CISA Certification Current Facts

8 CISAs as our Current and Future Leaders A current profile of CISAs demonstrates the increasing managerial influence and authority achieved by CISAs within their organizations: More than 2,000 CISAs are now employed in organizations as the chief executive officer, chief financial officer or an equivalent executive position. More than 2,000 serve as chief audit executives, audit partners or audit heads. More than 5,000 serve as chief information officers, chief information security officers, security directors, security managers or consultants. More than 9,300 serve as audit directors, managers or consultants. Over 14,000 additional CISAs are currently employed in managerial or consulting positions in IT operations or compliance. More than 14,000 auditors.

9  Earn a passing score on the CISA Exam  Have a minimum of five years of verifiable IS audit, control or security experience (substitutions available)  Submit the CISA application and receive approval  Adhere to ISACA’s Code of Professional Ethics  Abide by IS Auditing Standards as adopted by ISACA  Comply with CISA Continuing Professional Education Policy CISA Certification Requirements

10 Why Become A CISA?  Enhanced Knowledge and Skills To demonstrate your willingness to improve your technical knowledge and skills To demonstrate to management your proficiency and commitment toward organizational excellence  Career Advancement To obtain credentials that employers seek To enhance your professional image  Worldwide Recognition To be included with over 60,000 other professionals who have gained the CISA designation worldwide

11  U.S. Department of Defense approved obtaining a CISA among the four approved baseline certifications for IT Assurance professionals at Level III  U.S. Federal Reserve System requires IT Examiners to obtain a CISA  Canadian Institute of Chartered Accountants (CICA) recognizes CISA as a IT assurance specialty  The American Institute of CPAs waives all requirements to become a CITP to CPAs and CISAs in “good standing”  Law in Korea requires that highly skilled professionals, such as CISAs, perform information system audit and security services  The US Department of Veteran Affairs reimburses exam fees for the CISA exam  The National Stock Exchange (NSE) of India recognizes the CISA designation as an integral facet of its system auditing guidelines.  India’s National Information Security Assurance Program recognizes the CISA designation to assess the information security risks in public sector organizations  Microsoft recognizes CISA as a part of its Infrastructure Security and Security Management specializations. For other recognitions, please contact Karyn Waller at kwaller@isaca.org.kwaller@isaca.org Other CISA Program Recognition

12 CISA Job Practice  IS Audit Process – 10% Provide IS audit services in accordance with IS audit standards, guidelines, and best practices to assist the organization in ensuring that its information technology and business systems are protected and controlled.  IT Governance – 15% To provide assurance that the organization has the structure, policies, accountability, mechanisms, and monitoring practices in place to achieve the requirements of corporate governance of IT.  Systems and Infrastructure Lifecycle – 16% To provide assurance that the management practices for the development/acquisition, testing, implementation, maintenance, and disposal of systems and infrastructure will meet the organization’s objectives.  IT Service Delivery and Support – 14% To provide assurance that the IT service management practices will ensure the delivery of the level of services required to meet the organization’s objectives.  Protection of Information Assets – 31% To provide assurance that the security architecture (policies, standards, procedures, and controls) ensures the confidentiality, integrity, and availability of information assets.  Business Continuity and Disaster Recovery – 14% To provide assurance that in the event of a disruption the business continuity and disaster recovery processes will ensure the timely resumption of IT services while minimizing the business impact.

13 CISM Certification Details

14 Who is the CISM Certification Intended for? Individuals who design, implement and manage an enterprise’s information security program. Security managers Security directors Security officers Security consultants

15 CISM Uniqueness What makes CISM Unique?  Designed for information security managers exclusively  Criteria and exam developed from job practice analysis validated by information security managers  Experience requirement includes information security management CISM Growth:  More than 10,000 CISMs worldwide  In 2009, exam offered in 250+ locations  Exam also offered in Japanese and Spanish and Korean

16 CISM General Requirements Certified Information Security Manager (CISM) Criteria Earn a passing score on the exam Submit verified evidence of a minimum of five years of information security work experience Adhere to ISACA Code of Professional Ethics Comply with continuing education policy

17 CISM Recognition  U.S. Department of Defense approves obtaining a CISM among the three approved baseline certifications for IT Assurance Managers at Level II and III  The US Department of Veteran Affairs reimburses exam fees for the CISM exam  Microsoft recognizes CISM as a part of its Infrastructure Security and Security Management specializations

18 CISMs by Job Title

19 Summary of CISM Job Practice Areas  Information Security Governance (23%) - Establish and maintain a framework to provide assurance that information security strategies are aligned with the business objectives and consistent with applicable laws and regulations.  Information Risk Management (22%) - Identify and manage information security risks to achieve business objectives.  Information Security Program Development (17%) - Create and maintain a program to implement the information security strategy.  Information Security Program Management (24%) - Design, develop and manage an information security program to implement the information security governance framework.  Incident Management and Response (14%) - Plan, develop and manage a capability to detect, respond to and recover from information security incidents.

20 CISM and CISA Exam Details

21 Types of Questions on the CISM and CISA Exams Each exam consists of 200 questions administered over a four- hour period Questions are designed to test practical knowledge and experience All questions are multiple choice Questions require the candidate to choose one best answer Every question or statement has four options (answer choices)

22 Administration of the CISA and CISM Exams  More than 250 test sites offered  Exams offered in every city where there is an ISACA chapter or a large interest in individuals sitting for the exam  Passing mark of 75 (scaled score)  2009/2010 exams - Saturday, 12 December 2009 Saturday, 12 June 2010 Saturday, 11 December 2010

23 December 2009 Registration Fees Early Registration: On or before 19 August 2009 ISACA Member: US $395.00 Non-Member: US $525.00 Final Registration: After 19 August 2009, but on or before 23 September 2009: ISACA Member: US $445.00 Non-Member: US $575.00 Register Online at www.isaca.org/examreg Online registration via the ISACA web site is encouraged, as candidates will save US $50. Non-members can join ISACA at the same time, which maximizes their savings. Exam fees must be paid in full to sit for the December exam. Those whose exam fees are not paid will not be sent an exam entrance ticket and their registration will be cancelled.

24 Bulletin of Information and Registration Form  Sent to potential candidates in ISACA database each year  Can be downloaded from ISACA web site – www.isaca.org/cisaboi or www.isaca.org/cismboi www.isaca.org/cisaboiwww.isaca.org/cismboi  Additional copies provided to ISACA chapters Requirements for certification Exam description Registration instructions  Test date procedures  Score reporting  Test center locations  Registration form

25 CISM and CISA Continuing Education Policy Details

26 Continuing Education Requirements Certification is granted annually to those who: annually report a minimum of 20 hours of continuing professional education annually pay the continuing education maintenance fee comply with the ISACA Code of Professional Ethics report a minimum of 120 hours of continuing education for each fixed three-year period

27 What makes CISA and CISM unique?  Experience based exams  One of a kind certifications  ISACA accredited by ANSI  Unique matching of DoD job requirements to CISA and CISM

28 New Certification  CGEIT® – Certified in the Governance of Enterprise IT  www.isaca.org/cgeit www.isaca.org/cgeit  Same exam structure and offerings  First exam was December 2008  Over 3000 people have been grandfathered  Not currently part of 8570.1

29 We need to hear from you!  Frequency of exams  Locations  Self-assessment  Training  Payment  Other  Contact for questions:

30 Want to know more? ISACA and ITGI 3701 Algonquin Road Suite 1010 Rolling Meadows, IL USA 60008 Phone: +1.847.253.1545 Fax: +1.847.253.1443 Web site: www.isaca.org

Download ppt "Certification Programs CISA/CISM/CGEIT DoD Overview Update: 1 May 2009."

Similar presentations

Introduction to the CGFM Program

Introduction to the CGFM Program
IT Assurance A fantastic career choice! Presented by the PICPA’s IT Assurance Committee.

IT Assurance A fantastic career choice! Presented by the PICPA’s IT Assurance Committee.
New Privacy and Security Certifications Fifth Annual HIPAA Summit Baltimore, MD October 30, 2002.

New Privacy and Security Certifications Fifth Annual HIPAA Summit Baltimore, MD October 30, 2002.
February 2014 What is a CNL ® ? The Clinical Nurse Leader SM (CNL) is a fast emerging nursing role developed by the American Association of Colleges.

February 2014 What is a CNL ® ? The Clinical Nurse Leader SM (CNL) is a fast emerging nursing role developed by the American Association of Colleges.
Advancement Information Session Becoming Board Certified in Healthcare Management as a Fellow of the American College of Healthcare Executives.

Advancement Information Session Becoming Board Certified in Healthcare Management as a Fellow of the American College of Healthcare Executives.
Security and Personnel

Security and Personnel
Summer 200811 IAVA1 NATIONAL INFORMATION ASSURANCE TRAINING STANDARD FOR SYSTEM ADMINISTRATORS (SA) Minimum.

Summer IAVA1 NATIONAL INFORMATION ASSURANCE TRAINING STANDARD FOR SYSTEM ADMINISTRATORS (SA) Minimum.
CISA/CISM Programs DoD and Component Overview June 29, 2006.

CISA/CISM Programs DoD and Component Overview June 29, 2006.
IGP Certification: The Next Step in Your Career

IGP Certification: The Next Step in Your Career
Security Controls – What Works

Security Controls – What Works
© 2006 IBM Corporation Introduction to z/OS Security Lesson 9: Standards and Policies.

© 2006 IBM Corporation Introduction to z/OS Security Lesson 9: Standards and Policies.
CBAP and BABOK Presented to the Albany Capital District Chapter of the IIBA February 3, 2009.

CBAP and BABOK Presented to the Albany Capital District Chapter of the IIBA February 3, 2009.
The CMA Program IMA St. Louis Chapter March 9th, 2010.

The CMA Program IMA St. Louis Chapter March 9th, 2010.
HRPA INFORMATION SESSION. Presentation Agenda Who is HRPA? What is the Certified Human Resources Professional (CHRP) designation? Why join HRPA? How to.

HRPA INFORMATION SESSION. Presentation Agenda Who is HRPA? What is the Certified Human Resources Professional (CHRP) designation? Why join HRPA? How to.
Certification and Training Presented by Sam Jeyandran.

Certification and Training Presented by Sam Jeyandran.
Mosby items and derived items © 2011, 2008 by Mosby Inc., an imprint of Elsevier Inc. Chapter 4 Nursing Licensure and Certification.

Mosby items and derived items © 2011, 2008 by Mosby Inc., an imprint of Elsevier Inc. Chapter 4 Nursing Licensure and Certification.
Advancement Information Session Becoming Board Certified in Healthcare Management as a Fellow of the American College of Healthcare Executives.

Advancement Information Session Becoming Board Certified in Healthcare Management as a Fellow of the American College of Healthcare Executives.
© ITGI, ISACA - not for commercial use. John R. Robles 787-647-3961 Guidance for Information.

© ITGI, ISACA - not for commercial use. John R. Robles Guidance for Information.
© 2007 ISACA ® All Rights Reserved DAMA-NCR Chapter Meeting March 11, 2008.

© 2007 ISACA ® All Rights Reserved DAMA-NCR Chapter Meeting March 11, 2008.
1 Homologues Group Meeting Slovenia, October 2009 Republika SlovenijaEuropean Union Ljubljana, 12-13 October 2009 Introduction to IT audits PART II IT.

1 Homologues Group Meeting Slovenia, October 2009 Republika SlovenijaEuropean Union Ljubljana, October 2009 Introduction to IT audits PART II IT.

Similar presentations

Ads by Google