Post on 10-May-2015
transcript
Information security - the Information security - the appropriate certificates as a key toappropriate certificates as a key to
99thth Regional Conference on Information Security and Storage Systems Regional Conference on Information Security and Storage Systems
Information Security Melting PointInformation Security Melting Point
Zdravko Stoychev, CISMISACA – Sofia Certification Director
October 7, 2010 - Sofia
Objectives
ISACA
CISA and CISM Certificates
CGEIT Certificate
ISACA Certification Process
Newest CRISC Certificate
www.isaca.orgwww.isaca.org
ISACA Facts
• Founded in 1969 as the EDP Auditors Association
• Formed affiliated IT Governance Institute (ITGI)
• COBIT, Val IT and Risk IT governance frameworks
• 95,000 individuals are currently members of ISACA
• 187 chapters in over 75 countries worldwide
• Members live and work in more than 160 countries
ISACA – Sofia Chapter
• Established 2006 in Sofia
• 80 members (as of Sep 30, 2010): CISA - 41 CISM - 11 CGEIT - 6 CRISC - 0
• Sofia Chapter activities and events
• www.isaca-sofia.org
www.isaca.org/cisawww.isaca.org/cisa
CISA Certification Facts
• More than 75,000 CISAs worldwide since 1978
• A 2007 survey of ISACA members revealed that 89% of CISAs value their certification, and 72% of CISAs believe that the CISA certification has helped advance their career
• Who might be interested in getting it
CISA in the Workplace
• Almost 2,400 are now employed in organizations as the CEO, CFO or equivalent executive position
• More than 2,000 serve as chief audit executives (CAEs), audit partners or audit heads
• Nearly 6,000 serve as CIOs, CISOs, security directors, security managers or consultants
• More than 10,500 serve as audit directors, managers or consultants
• More than 15,400 are employed in managerial or consulting positions in IT operations or compliance
• More than 14,400 auditors (IS/IT and non-IS/IT)
CISA Job Practice Areas
CISAs by Area
Oceania2% Asia/Mid-East
27%
Europe/Africa22%
Central/South America
3%North America
46%
www.isaca.org/cismwww.isaca.org/cism
CISM Certification Facts
• More than 13,000 CISMs worldwide since 2002
• Designed exclusively for individuals who design, implement and manage an enterprise’s information security program:
– Security managers– Security directors– Security officers– Security consultants– Security auditors
CISM Uniqueness
• What makes CISM Unique?– Designed for information security managers
exclusively– Criteria and exam developed from job practice
analysis validated by information security managers– Experience requirement includes information security
management
CISM Job Practice Areas
CISMs by Job Title
Executive Level17.4%
Other4.4%
Compliance& Risk
10%
IT Directors, Managers,
Consultants16.2%
IS Security39%
IS/IT Audit13%
www.isaca.org/cgeitwww.isaca.org/cgeit
CGEIT: Who for?
• More than 4,000 CGEITs worldwide since 2007
• The certification is intended to promote the professionals who wish to be recognized for their IT governance-related experience and knowledge
• Designed for professionals who have management, advisory, or assurance responsibilities as defined by the CGEIT Job Practice areas
CGEIT Benefits
• Individual - Recognizes professional knowledge and competencies; skill-sets; abilities and experiences
• Enterprise - Supports through the demonstration of a visible commitment to excellence in IT governance practices
• Profession - Supports those that provide IT governance management, advisory or assurance direction and strategy
• Business - Increases the awareness of IT governance good practices and issues
CGEIT Job Practice Areas
CGEIT Domains
• IT Governance FrameworkDevelop, or be part of the development of, an IT governance framework
• Strategic Alignment Develop, or be part of the development of, an enterprise’s IT strategy
• Value DeliveryDevelop, or be part of the development of, a systematic, analytical and continuous value governance process
CGEIT Domains
• Risk Management Develop, enhance and maintain a systematic, analytical and continuous enterprise risk management process across the enterprise
• Resource ManagementDevelop, or assist in the development of systematic and continuous resource planning, management and evaluation processes
• Performance MeasurementDevelop, or assist in the development of, systematic and continuous performance management and evaluation processes
CGEITs by Job Title
Other5% Executive Level
23%
IS Security Professionals
14%
IT Directors, Managers and Consultants
24%
Compliance and Risk
12%
IS/IT Audit22%
CERTIFICATION
ISACA Certification Requirements
• Earn a passing score on the Exam
• Submit verified evidence of a minimum professional experience (substitutions available)
• Submit the application and receive approval
• Adhere to the ISACA Code of Professional Ethics
• Abide by IS Auditing Standards as adopted by ISACA (does not apply for CISM)
• Comply with Continuing Professional Education Policy
Administration of the Exam
• 2010 Exam Dates:Saturday, 12 June 2010
Saturday, 11 December 2010
• More than 240 test sites offered for each exam administration
• Sofia test-site available since 2003
• Passing mark of 450 on a common scale of 200 to 800
2010 Registration Fees
• Registration fees:
– ISACA Member: $465
– Non-ISACA Member: $595
– Early registration rebate: -$50(on or before Feb 10, 2010)
– Final Registration Deadline: Oct 6, 2010
• Online Registration: www.isaca.org/examreg
Exam Questions
• The CISA and CISM exam consists of 200 multiple choice questions administered over a four-hour period
• The CGEIT exam consists of 120 multiple choice questions administered over a four-hour period
• Questions are designed to test practical knowledge and experience
• Questions require the candidate to choose one best answer
• Every question or statement has four options (answer choices)
Continuing Education Requirements
Certification is granted annually to those who:• Report a minimum of 20 hours of continuing professional
education• Report a minimum of 120 hours of continuing education
for each fixed three-year period• Pay the continuing education maintenance fee• Respond and submit required documentation of
continuing education activities if selected for an annual audit
• Comply with the ISACA Code of Professional Ethics
www.isaca.org/criscwww.isaca.org/crisc
CRISC: Who for?
• Certified in Risk and Information Systems Control (CRISC),is the newest addition to the portfolio of recognized ISACA certifications, launched by ISACA in 2010
• CRISC serves IT and business professionals who identify and manage risks through the development and implementation of appropriate IS controls and comply with regulations that affect IS to help enterprises accomplish business objectives
• Designed for professionals who are engaged at an operational level to mitigate risk as defined by the CRISC Job Practice areas
CRISC Job Practice Areas
CRISC Domains
• Risk Identification, Assessment and EvaluationIdentify, assess and evaluate risk to enable the execution of the enterprise risk management strategy
• Risk ResponseDevelop and implement risk responses to ensure that risk issues, opportunities and events are addressed in a cost-effective manner and in line with business objectives
• Risk MonitoringMonitor risk and communicate information to the relevant stakeholders to ensure the continued effectiveness of the enterprise’s risk management strategy
CRISC Domains
• IS Control Design and ImplementationDesign and implement IS controls in alignment with the organization’s risk appetite and tolerance levels to support business objectives
• IS Control Monitoring and MaintenanceMonitor and maintain IS controls to ensure they function effectively and efficiently
For a complete viewing of the job practice domainstask and knowledge statements visit
www.isaca.org/criscjobpractice
CRISC Certification
• Grandfathering
• Post-grandfathering (exam-based)
CRISC Grandfathering
• The grandfathering program enables professionals highly experienced in the CRISC job practice areas to apply for the CRISC certification without taking the exam
• Grandfathering is available 1 April 2010 through 31 March 2011. The first CRISC exam will be administered in 2011
• To download a grandfathering application visit www.isaca.org/criscapp
CRISC Grandfathering
Professionals with eight or more years of IT or business experience can earn ISACA’s CRISC designation under its grandfathering program:
– Candidates must provide evidence that six of those eight years include responsibilities related to CRISC's domains
– At least three of those years must include responsibilities for risk identification, assessment, evaluation, response and monitoring
Pay the application fee: – ISACA Member: $595– Non-ISACA member: $725– Early application rebate: -$100 (by 31 October 2010)
CRISC Certification
As of 1 September 2010 – Four months into its rigorous grandfathering program for the Certified in Risk and Information Systems Control (CRISC) designation, ISACA has issued the 1,000th certificate
Since 1 April 2010, candidates from more than 83 countries have applied for CRISC certification:
– The early-bird deadline for the grandfathering program is 31 October 2010, but
– The program will remain open through March 2011– The first CRISC exam will be administered in June 2011
CRISC Relationship
• While CISA is designed for IT professionals who perform independent reviews of control design and operational effectiveness, CRISC is for IT and business professionals who design, implement and maintain IS controls.
• While CISM is for individuals who manage, design, oversee and/or assess an enterprise’s information security, including the identification and management of information security risks, CRISC is for IT professionals whose roles encompass security, operational and compliance considerations.
• While CGEIT is primarily for IT and business professionals who have a significant management, advisory or assurance role relating to the governance of IT, including risk management, CRISC is intended for IT and business professionals who are engaged at an operational level to mitigate risk.
Your Key to Success
Résumés/CVs may list your experience and knowledge, but an ISACA® certification designation after your name proves it.
Your Key to Success
Want to know more?
ISACA and ITGI3701 Algonquin RoadSuite 1010Rolling Meadows, IL 60008 USA
Phone: +1.847.660.5660Fax: +1.847.253.1443E-mail: certification@isaca.orgWeb site: www.isaca.org
ISACA – Sofia Chapter7A Craf Ignatiev Str.1000 SofiaBulgaria
Phone: +359.88.866.9490
E-mail: mail@isaca-sofia.orgWeb site: www.isaca-sofia.org
Thank you!