Professional Designations in IT Governance

1,012 views
969 views

Published on

This infocast introduces four professional designations related to IT governance that are the most prevalent and recognized in today’s corporate world. Each of these certifications are discussed with respect to their disciplines of knowledge area and analyze the value created for their employers.

Published in: Business, Technology, Education
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
1,012
On SlideShare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
0
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Professional Designations in IT Governance

  1. 1. Professional Designations in Information TechnologyGovernance<br />University of Waterloo<br />ACC626 IT Assurance & CAATs<br />By Jessica Lee<br />July 2011<br />
  2. 2. Background<br /><ul><li>New regulations transformed the industry of information technology (IT) and security
  3. 3. IT professional must possess expertise in security controls and competency in IT frameworks to contribute to the corporate information security agenda </li></li></ul><li>Four Professional Designations<br /><ul><li>Certified Information Systems Auditor (CISA)
  4. 4. Certified Information Security Manager (CISM)
  5. 5. Certified in the Governance of Enterprise IT (CGEIT)
  6. 6. Certified Information Systems Security Professional (CISSP)</li></li></ul><li>Certified Information Systems Auditor (CISA)<br /><ul><li>Focuses on the auditing, control, monitoring and assessment of an organization’s information technology and business systems
  7. 7. Governed by the Information Systems Audit and Control Association (ISACA)
  8. 8. Since 1978, over 85 thousand professionals in 160 countries worldwide have achieved the CISA.</li></li></ul><li>CISA: Domains of Knowledge<br />The Process of Auditing Information Systems (14%)<br />Governance and Management of IT (14%)<br />Information Systems Acquisition, Development and Implementation (19%) <br />Information Systems Operations, Maintenance and Support (23%)<br />Protection of Information Assets (30%)<br />
  9. 9. CISA: Value to Employers (1)<br /><ul><li>Demonstrate proven experience and provides for the credibility and recognition in the industry as an IT audit profession
  10. 10. Required to pass a comprehensive exam along with accredited work and educational experience
  11. 11. Recognition from government agencies and standard setting bodies:
  12. 12. Securities Exchange Board of India
  13. 13. Payment Card Industry Data Security Standard </li></li></ul><li>CISA: Value to Employers (2)<br /><ul><li>Over 1,200 CISA practitioners are serving in organizations as CEO, CFO or equivalent C-suite executive positions
  14. 14. CISA is most suitable for managerial or executive level career advancement
  15. 15. Differentiated job nature of IS audits and controls</li></li></ul><li>Certified Information Security Manager (CISM) <br /><ul><li>Focus on both managerial and technical abilities to oversee and manage an enterprise-wide information security system
  16. 16. Promote international regulations
  17. 17. Provide executive management with effective security management and consulting services
  18. 18. Governed by ISACA
  19. 19. Since 2003, over 16 thousand professionals have achieved the CISM</li></li></ul><li>CISM: Domains of Knowledge<br />Information Security Governance (23%)<br />Information Risk Management (22%)<br />Information Security Program Development (17%)<br />Information Security Program Management (24%)<br />Incident Management & Response (14%)<br />
  20. 20. CISM: Value to Employers (1)<br /><ul><li>Manages risks and security measures in coherence with the company’s strategic objectives and processes
  21. 21. Over 4,000 CISMs in the workplace are serving as IT directors or managers
  22. 22. Bridges the gap between strategic management and practical application of information security</li></li></ul><li>CISM: Value to Employers (2)<br /><ul><li>Recognition from government agencies and standard setting bodies:
  23. 23. U.S. Department of Defense (DoD) for DoD level 2 and 3 information assurance professionals</li></li></ul><li>Certified in the Governance of Enterprise IT (CGEIT)<br /><ul><li>Recognize IT professionals for their experiences in relation to IT to management, advisory or assurance roles
  24. 24. Collaboration between ISACA and worldwide experts, and the intellectual property of the IT Governance Institute
  25. 25. Geared towards professionals who have significant experiences
  26. 26. Introduced by ISACA in 2007</li></li></ul><li>CGEIT: Domains of Knowledge<br />IT Governance Framework (25%)<br />Strategic Alignment (15%)<br />Value Delivery (15%) <br />Risk Management (20%)<br />Resource Management (13%) <br />Performance Measurement (12%)<br />
  27. 27. CGEIT: Value to Employers<br /><ul><li>Expected to be recognized and adapted as a “best practice”
  28. 28. Create value through the improvement of internal decision making, also known as internal informing
  29. 29. Enhance the existing IT governance structure to attain the most efficient and effective IT investments and procedures</li></li></ul><li>Certified Information Systems Security Professional (CISSP)<br /><ul><li>Most popular and recognized security certification around the world
  30. 30. Established in 1989 by the US-based International Information Systems Security Certification Consortium (ISC)2
  31. 31. Broad overview of information security, spanning over 10 subject areas
  32. 32. Endorsed by another (ISC)2 certification holder and an audit may be necessary</li></li></ul><li>CISSP: Domains of Knowledge<br />Access control <br />Telecommunications and network security <br />Information security and risk management <br />Application security <br />Cryptography <br />Security architecture and design <br />Operations security <br />Business continuity and disaster recovery planning <br />Legal, regulations, compliance and investigations <br />Physical (environmental) security<br />
  33. 33. CISSP: Value to Employers<br /><ul><li>Focus on the improvement of processes through the optimal design and governing of security controls and procedures - both intellectual and practical in nature
  34. 34. Understand prevailing security laws, and know how to execute specific regulations
  35. 35. Technisource and Robert Half Technology, CIO Survey in April 2009: CISSP is a certification in popular demand by employers due to its high level of specialization</li></li></ul><li>Summary of Findings<br /><ul><li>CISA - audit and control assessment on IT systems
  36. 36. Audit manager or a Chief Information Officer (CIO)
  37. 37. CISM - management perspective; bridges the gap between strategic management and application of information security
  38. 38. IT directors or managers
  39. 39. CGEIT - focus on risk management and security controls; for experienced candidates
  40. 40. Chief Information Security Officers (CISOs) or equivalent
  41. 41. CISSP - highly specialized knowledge in the optimal design and governing of security controls and procedures
  42. 42. Back office and IT security analyst roles within an enterprise</li></li></ul><li>Works Cited<br /> <br />“Career Path Brochure”. International Information Systems Security Certification Consortium. 2009. Web. Accessed June 27, 2011. <https://www.isc2.org/uploadedFiles/Industry_Resources/CareerPathBrochure.pdf>.<br />“Certified in the Governance of Enterprise IT (CGEIT) Fact Sheet”. Information Systems Audit and Control Association. 2011. Web. Accessed June 26, 2011. <http://www.isaca.org/About-ISACA/Press-room/Pages/CGEIT-Fact-Sheet.aspx>.<br />“Certified Information Systems Auditor (CISA) Fact Sheet”. Information Systems Audit and Control Association. 2011. Web. Accessed June 26, 2011. <http://www.isaca.org/About-ISACA/Press-room/Pages/CISA-Fact-Sheet.aspx>.<br />“Certified Information Security Manager (CISM) Fact Sheet”. Information Systems Audit and Control Association. 2011. Web. Accessed June 26, 2011. <http://www.isaca.org/About-ISACA/Press-room/Pages/CISM-Fact-Sheet.aspx>.<br />Gregory, Peter. “CISSP Certification Can Serve as Introduction to Regulatory Compliance”. Global Knowledge Training LLC. 2011. Web. Accessed June 26, 2011. <http://www.globalknowledge.com/training/generic.asp?pageid=1562>.<br />Hunter, Richard and Westerman, George. The Real Business of IT: How CIOs Create and Communicate Value. Harvard Business Press, 2009. <http://media.techtarget.com/searchCIO/downloads/Ch_5_1.pdf>.<br />“ISACA Fact Sheet”. Information Systems Audit and Control Association. 2011. Web. Accessed June 26, 2011. <http://www.isaca.org/About-ISACA/Press-room/Pages/ISACA-Fact-Sheet.aspx>.<br />Leung, Linda. “Top IT Certifications in Demand Today”. Global Knowledge Training LLC. 2009. Web. Accessed June 27, 2011. <http://www.globalknowledge.com/training/generic.asp?pageid=2416&country=United+States>.<br />Puttick, G. et al. The Principles and Practice of Auditing. Juta & Co. Ltd., 2007.<br /> ”Security Certifications”. Ruskwig. Web. Accessed June 26, 2011. <http://www.ruskwig.com/security_certifications.htm>.<br /> “Teaching employers about certification may be way forward”. SC Magazine. 2008. Web. Accessed June 26, 2011. <http://www.scmagazineuk.com/teaching-employers-about-certification-may-be-way-forward/article/120662>.<br />

×