ISACA Security Certifications


ISACA is an international professional association focused on IT Governance. It is an affiliate member of IFAC. Previously known as the Information Systems Audit and Control Association, ISACA now goes by its acronym only, to reflect the broad range of IT governance professionals it serves.

ISACA Certifications

Certified Information Systems Auditor (CISA)
The CISA certification was established in 1978 for several reasons:
  • Develop and maintain a tool that could be used to evaluate an individual's competency in conducting information system audits.
  • Provide a motivational tool for information systems auditors to maintain their skills, and monitor the success of the maintenance programs.
  • Provide criteria to help aid management in the selection of personnel and development.
The first CISA examination was administered in 1981, and registration numbers have grown each year. As of 2010, over 79,000 candidates worldwide have earned the CISA designation since its inception. It is one of the few certifications formally approved by the US Department of Defense in their Information Assurance Technical category (DoD 8570.01-M). In 2009, SC Magazine named the CISA designation winner of the Best Professional Certification Prog
ram.
In 2011, the CISA examination underwent its most significant update in a decade. The exam was revised from 6 domains to 5. All domains were revised and updated in this process.




Certified Information Security Manager (CISM)
        Certified Information Security Manager (CISM) is a certification for information security managers awarded by ISACA (formerly the Information Systems Audit and Control Association). To gain the certifications, individuals must pass a written examination and have at least five years of information security experience with a minimum three years of information security management work experience in particular fields.

The intent of the certification is to provide a common body of knowledge for information security management. The CISM focuses on information risk management as the basis of information security. It also includes material on broader issues such as how to govern information security as well as on practical issues such as developing and managing an information security program and managing incidents.

The point of view in the certification is that of widely accepted cross-industry best practices, where information security gets its justification from business needs. The implementation includes information security as an autonomous function inside wider corporate governance.

The CISM certifications tends to be sought after by both CISA and CISSP certification communities. ISACA created the CISM to help foster a better fusion between IT auditing and information security perspectives.

In principle, the CISM certification is related in nature to the Information Systems Security Management Professional certification from the International Information Systems Security Certification Consortium.

In 2005, the United States Department of Defense listed CISM, CISA and CISSP as "approved" certifications for its "Information Assurance Workforce Improvement Program".

Certified in the Governance of Enterprise IT (CGEIT)
Certified in Risk and Information Systems Control (CRISC)

Certified in Risk and Information Systems Control (CRISC) is a certification for information technology professionals with experience in managing IT risks, awarded by ISACA. To gain this certification, candidates must pass a written examination and have at least eight years of information technology or business experience, with a minimum of three years work experience in at least three CRISC domains.

The intent of the certification is to provide a common body of knowledge for information technology/systems risk management, and to recognize the knowledge of enterprise and IT risk that a wide range of IT and Business practitioners have acquired, as well as the capability to: design, implement and maintain information system (IS) controls, to mitigate IS/IT risks.

The CRISC requires demonstrated knowledge in five functional areas or ‘domains’ of IT risk management:
  • Risk identification, assessment and evaluation
  • Risk response
  • Risk monitoring
  • Information systems control, design and implementation
  • IS control, monitoring and maintenance
Official Website : Click Here

Like it ? Share it.