ISACA certification programme 2010


Published on

  • Be the first to comment

ISACA certification programme 2010

  1. 1. Information security - the appropriate certificates as a key to 9 th Regional Conference on Information Security and Storage Systems Information Security Melting Point Zdravko Stoychev, CISM ISACA – Sofia Certification Director October 7, 2010 - Sofia
  2. 2. Objectives <ul><li>ISACA </li></ul><ul><li>CISA and CISM Certificates </li></ul><ul><li>CGEIT Certificate </li></ul><ul><li>ISACA Certification Process </li></ul><ul><li>Newest CRISC Certificate </li></ul>
  3. 3.
  4. 4. ISACA Facts <ul><li>Founded in 1969 as the EDP Auditors Association </li></ul><ul><li>Formed affiliated IT Governance Institute (ITGI) </li></ul><ul><li>COBIT, Val IT and Risk IT governance frameworks </li></ul><ul><li>95,000 individuals are currently members of ISACA </li></ul><ul><li>187 chapters in over 75 countries worldwide </li></ul><ul><li>Members live and work in more than 160 countries </li></ul>
  5. 5. ISACA – Sofia Chapter <ul><li>Established 2006 in Sofia </li></ul><ul><li>80 members ( as of Sep 30, 2010 ): </li></ul><ul><ul><li>CISA - 41 </li></ul></ul><ul><ul><li>CISM - 11 </li></ul></ul><ul><ul><li>CGEIT - 6 </li></ul></ul><ul><ul><li>CRISC - 0 </li></ul></ul><ul><li>Sofia Chapter activities and events </li></ul><ul><li> </li></ul>
  6. 6.
  7. 7. CISA Certification Facts <ul><li>More than 75,000 CISAs worldwide since 1978 </li></ul><ul><li>A 2007 survey of ISACA members revealed that 89% of CISAs value their certification, and 72% of CISAs believe that the CISA certification has helped advance their career </li></ul><ul><li>Who might be interested in getting it </li></ul>
  8. 8. CISA in the Workplace <ul><li>Almost 2,400 are now employed in organizations as the CEO, CFO or equivalent executive position </li></ul><ul><li>More than 2,000 serve as chief audit executives (CAEs), audit partners or audit heads </li></ul><ul><li>Nearly 6,000 serve as CIOs, CISOs, security directors, security managers or consultants </li></ul><ul><li>More than 10,500 serve as audit directors, managers or consultants </li></ul><ul><li>More than 15,400 are employed in managerial or consulting positions in IT operations or compliance </li></ul><ul><li>More than 14,400 auditors (IS/IT and non-IS/IT) </li></ul>
  9. 9. CISA Job Practice Areas
  10. 10. CISAs by Area
  11. 11.
  12. 12. CISM Certification Facts <ul><li>More than 13,000 CISMs worldwide since 2002 </li></ul><ul><li>Designed exclusively for individuals who design, implement and manage an enterprise’s information security program: </li></ul><ul><ul><li>Security managers </li></ul></ul><ul><ul><li>Security directors </li></ul></ul><ul><ul><li>Security officers </li></ul></ul><ul><ul><li>Security consultants </li></ul></ul><ul><ul><li>Security auditors </li></ul></ul>
  13. 13. CISM Uniqueness <ul><li>What makes CISM Unique? </li></ul><ul><ul><li>Designed for information security managers exclusively </li></ul></ul><ul><ul><li>Criteria and exam developed from job practice analysis validated by information security managers </li></ul></ul><ul><ul><li>Experience requirement includes information security management </li></ul></ul>
  14. 14. CISM Job Practice Areas
  15. 15. CISMs by Job Title
  16. 16.
  17. 17. CGEIT: Who for? <ul><li>More than 4,000 CGEITs worldwide since 2007 </li></ul><ul><li>The certification is intended to promote the professionals who wish to be recognized for their IT governance-related experience and knowledge </li></ul><ul><li>Designed for professionals who have management, advisory, or assurance responsibilities as defined by the CGEIT Job Practice areas </li></ul>
  18. 18. CGEIT Benefits <ul><li>Individual - Recognizes professional knowledge and competencies; skill-sets; abilities and experiences </li></ul><ul><li>Enterprise - Supports through the demonstration of a visible commitment to excellence in IT governance practices </li></ul><ul><li>Profession - Supports those that provide IT governance management, advisory or assurance direction and strategy </li></ul><ul><li>Business - Increases the awareness of IT governance good practices and issues </li></ul>
  19. 19. CGEIT Job Practice Areas
  20. 20. CGEIT Domains <ul><li>IT Governance Framework </li></ul><ul><ul><li>Develop, or be part of the development of, an IT governance framework </li></ul></ul><ul><li>Strategic Alignment </li></ul><ul><ul><li>Develop, or be part of the development of, an enterprise’s IT strategy </li></ul></ul><ul><li>Value Delivery </li></ul><ul><ul><li>Develop, or be part of the development of, a systematic, analytical and continuous value governance process </li></ul></ul>
  21. 21. CGEIT Domains <ul><li>Risk Management </li></ul><ul><ul><li>Develop, enhance and maintain a systematic, analytical and continuous enterprise risk management process across the enterprise </li></ul></ul><ul><li>Resource Management </li></ul><ul><ul><li>Develop, or assist in the development of systematic and continuous resource planning, management and evaluation processes </li></ul></ul><ul><li>Performance Measurement </li></ul><ul><ul><li>Develop, or assist in the development of, systematic and continuous performance management and evaluation processes </li></ul></ul>
  22. 22. CGEITs by Job Title
  24. 24. ISACA Certification Requirements <ul><li>Earn a passing score on the Exam </li></ul><ul><li>Submit verified evidence of a minimum professional experience (substitutions available) </li></ul><ul><li>Submit the application and receive approval </li></ul><ul><li>Adhere to the ISACA Code of Professional Ethics </li></ul><ul><li>Abide by IS Auditing Standards as adopted by ISACA (does not apply for CISM) </li></ul><ul><li>Comply with Continuing Professional Education Policy </li></ul>
  25. 25. Administration of the Exam <ul><li>2010 Exam Dates: </li></ul><ul><li>Saturday, 12 June 2010 </li></ul><ul><li>Saturday, 11 December 2010 </li></ul><ul><li>More than 240 test sites offered for each exam administration </li></ul><ul><li>Sofia test-site available since 2003 </li></ul><ul><li>Passing mark of 450 on a common scale of 200 to 800 </li></ul>
  26. 26. 2010 Registration Fees <ul><li>Registration fees: </li></ul><ul><ul><li>ISACA Member: $465 </li></ul></ul><ul><ul><li>Non-ISACA Member: $595 </li></ul></ul><ul><ul><li>Early registration rebate: -$50 ( on or before Feb 10, 2010 ) </li></ul></ul><ul><ul><li>Final Registration Deadline: Oct 6, 2010 </li></ul></ul><ul><li>Online Registration: </li></ul>
  27. 27. Exam Questions <ul><li>The CISA and CISM exam consists of 200 multiple choice questions administered over a four-hour period </li></ul><ul><li>The CGEIT exam consists of 120 multiple choice questions administered over a four-hour period </li></ul><ul><li>Questions are designed to test practical knowledge and experience </li></ul><ul><li>Questions require the candidate to choose one best answer </li></ul><ul><li>Every question or statement has four options (answer choices) </li></ul>
  28. 28. Continuing Education Requirements <ul><li>Certification is granted annually to those who: </li></ul><ul><li>Report a minimum of 20 hours of continuing professional education </li></ul><ul><li>Report a minimum of 120 hours of continuing education for each fixed three-year period </li></ul><ul><li>Pay the continuing education maintenance fee </li></ul><ul><li>Respond and submit required documentation of continuing education activities if selected for an annual audit </li></ul><ul><li>Comply with the ISACA Code of Professional Ethics </li></ul>
  29. 29.
  30. 30. CRISC: Who for? <ul><li>Certified in Risk and Information Systems Control (CRISC), is the newest addition to the portfolio of recognized ISACA certifications, launched by ISACA in 2010 </li></ul><ul><li>CRISC serves IT and business professionals who identify and manage risks through the development and implementation of appropriate IS controls and comply with regulations that affect IS to help enterprises accomplish business objectives </li></ul><ul><li>Designed for professionals who are engaged at an operational level to mitigate risk as defined by the CRISC Job Practice areas </li></ul>
  31. 31. CRISC Job Practice Areas
  32. 32. CRISC Domains <ul><li>Risk Identification, Assessment and Evaluation </li></ul><ul><ul><li>Identify, assess and evaluate risk to enable the execution of the enterprise risk management strategy </li></ul></ul><ul><li>Risk Response </li></ul><ul><ul><li>Develop and implement risk responses to ensure that risk issues, opportunities and events are addressed in a cost-effective manner and in line with business objectives </li></ul></ul><ul><li>Risk Monitoring </li></ul><ul><ul><li>Monitor risk and communicate information to the relevant stakeholders to ensure the continued effectiveness of the enterprise’s risk management strategy </li></ul></ul>
  33. 33. CRISC Domains <ul><li>IS Control Design and Implementation </li></ul><ul><ul><li>Design and implement IS controls in alignment with the organization’s risk appetite and tolerance levels to support business objectives </li></ul></ul><ul><li>IS Control Monitoring and Maintenance </li></ul><ul><ul><li>Monitor and maintain IS controls to ensure they function effectively and efficiently </li></ul></ul><ul><ul><li>For a complete viewing of the job practice domains task and knowledge statements visit </li></ul></ul><ul><ul><li> </li></ul></ul>
  34. 34. CRISC Certification <ul><li>Grandfathering </li></ul><ul><li>Post-grandfathering (exam-based) </li></ul>
  35. 35. CRISC Grandfathering <ul><li>The grandfathering program enables professionals highly experienced in the CRISC job practice areas to apply for the CRISC certification without taking the exam </li></ul><ul><li>Grandfathering is available 1 April 2010 through 31 March 2011. The first CRISC exam will be administered in 2011 </li></ul><ul><li>To download a grandfathering application visit app </li></ul>
  36. 36. CRISC Grandfathering <ul><li>Professionals with eight or more years of IT or business experience can earn ISACA’s CRISC designation under its grandfathering program: </li></ul><ul><ul><li>Candidates must provide evidence that six of those eight years include responsibilities related to CRISC's domains </li></ul></ul><ul><ul><li>At least three of those years must include responsibilities for risk identification, assessment, evaluation, response and monitoring </li></ul></ul><ul><li>Pay the application fee: </li></ul><ul><ul><li>ISACA Member: $595 </li></ul></ul><ul><ul><li>Non-ISACA member: $725 </li></ul></ul><ul><ul><li>Early application rebate: -$100 (by 31 October 2010) </li></ul></ul>
  37. 37. CRISC Certification <ul><li>As of 1 September 2010 – Four months into its rigorous grandfathering program for the Certified in Risk and Information Systems Control (CRISC) designation, ISACA has issued the 1,000 th certificate </li></ul><ul><li>Since 1 April 2010 , candidates from more than 83 countries have applied for CRISC certification : </li></ul><ul><ul><li>The early-bird deadline for the grandfathering program is 31 October 2010, but </li></ul></ul><ul><ul><li>T he program will remain open through March 2011 </li></ul></ul><ul><ul><li>The first CRISC exam will be administered in June 2011 </li></ul></ul>
  38. 38. CRISC Relationship <ul><li>While CISA is designed for IT professionals who perform independent reviews of control design and operational effectiveness, CRISC is for IT and business professionals who design, implement and maintain IS controls. </li></ul><ul><li>While CISM is for individuals who manage, design, oversee and/or assess an enterprise’s information security, including the identification and management of information security risks, CRISC is for IT professionals whose roles encompass security, operational and compliance considerations. </li></ul><ul><li>While CGEIT is primarily for IT and business professionals who have a significant management, advisory or assurance role relating to the governance of IT, including risk management, CRISC is intended for IT and business professionals who are engaged at an operational level to mitigate risk. </li></ul>
  39. 39. Your Key to Success <ul><li>Résumés/CVs may list your experience and knowledge, but an ISACA® certification designation after your name proves it. </li></ul>
  40. 40. Your Key to Success
  41. 41. Want to know more? <ul><li>ISACA and ITGI </li></ul><ul><li>3701 Algonquin Road </li></ul><ul><li>Suite 1010 </li></ul><ul><li>Rolling Meadows, </li></ul><ul><li>IL 60008 USA </li></ul><ul><li>Phone: +1.847.660.5660 </li></ul><ul><li>Fax: +1.847.253.1443 </li></ul><ul><li>E-mail: [email_address] </li></ul><ul><li>Web site: </li></ul>ISACA – Sofia Chapter 7A Craf Ignatiev Str. 1000 Sofia Bulgaria Phone: +359.88.866.9490 E-mail: [email_address] Web site: Thank you!