Anyone who is looking for a career in Information Technology related to system management, auditing, risk assessment, governance, auditing, or security should be highly skilled and also have some certifications like ISACA. As you already know, ISACA is a nonprofit body which is providing global certifications in IT governance and allied fields. It was known before as the Information Systems Audit and Control Association, which had been abbreviate to ISACA and now stands synonymous to one of the most reputable name among IT governance professionals.
Back in the year 1967, the initial form of ISACA was developed by a few similar-minded professionals who were trying to establish some centralized information in terms of auditing of computer systems. Now, ISACA has 200 membership chapters globally, spreading across 185 countries and about 140000 professional members of various designations. Apart from the active members, ISACA has about 15000 nonmembers also who holds the credentials. Now, ISACA offers many professional certifications of global value and also publishes a journal and hosting global conferences.
As of late, ISACA offers the below professional certifications as:
- CISA – Certified Information Systems Auditor
- CISM – Certified Information Security Manager
- CGEIT – Certified in the Governance of Enterprise IT
- CRISC – Certified in Risk and Information Systems Control
Along with these major four, there is also a fifth certification which is known as CSX-P (CSX Practitioner), which was announced in 2015. However, this new certification actually is out of the primary framework compared to the other credentials discussed above. CSX-P aims at those security practitioners who may be preparing to deal with security incidents.
ISACA needs the applicants to clear a written exam first to gain any of these primary certifications and the exams and held three times every year. You have to adhere to the Professional Ethics Code of ISACA and meet the continuing education need to maintain the credentials as the certified professionals need to further earn 120 CPE (continuing professional education) credits over the three year period after initial certification or after the renewals. There is also an annual maintenance fee to be paid by the credential holders, which is $45 for the ISACA members and $85 for others.
The concept of IT governance
So, why IT governance and ISACA Courses? In the changing world of technology and critical business environments, it is important for the enterprises to ensure optimum security of the IT systems and resources and also ensure that these are used at best to meet up with the business goals in a competitive marketplace. IT governance experts will have a fair understanding of how to properly align the business goals with the IT resources of the organization. It involves strategic resource management and optimization along with risk management and security administration, which all comes as a part of the CGEIT and CRISC credentials.
If you have some experience as an auditor of information systems and want to go up in the ladder, you may consider CISA certification to start the journey. This credential is recognizing the professionals who possess high-end skills in auditing and controlling enterprise-wide IT systems. CISA is considered to be one among the top popular certification in the ISACA line of certifications. There are about 115,000 credentials already granted as CISA since the initiation of this program.
In 2016, ISACA added these domains under CISA exam as the fields of professional practice as:
- Auditing information systems
- Acquisition, implantation, or development of information systems.
- IT governance and management
- Safeguarding information systems assets
- The operation, maintenance, and service support of information systems
In order to get the CISA credential, the applicants need to pass a comprehensive 150-question exam, which will mark their work experience as a minimum of five years in information system management and security. ISACA also allows the candidates to substitute primary education with their work experience. Say, for example, two-year work experience will be count as the same against a two-year degree.
The next certification of CISM or Certified Information Security Manager is another popular credential among the information security management professionals. There are about 27,000 CISM credentials awarded till date. CISM recognizes those individuals who are designing and developing enterprise information security systems and oversee their ongoing requirements.
This certification exam primarily focuses on the topics as risk management, governance of information security, risk management, compliance, incident management, and program development for information security. In order to gain CISM certification, one should clear an exam with 200 questions and also submit work experience of a minimum of 5 years.
The experience should be in information security, in which at least three years at a managerial role in security administration and two years in core practice areas. The experience also should be current as within 10 years preceding application or within five years of exam clearance. CISM exam covers.
- Information security governance
- Program development for information security
- Information compliance and risk management
- Incident management in information security
If someone falls short of core information security experience, having a live CISA, CISSP, or a PG degree in the same field can substitute about two years of work experience. A few other credentials can be considered as one year experience for CISM certification as below:
- SANS GIAC (Global Information Assurance Certification)
- MCSE (Microsoft Certified Systems Engineer)
- CompTIA Security+
- ESL IT Security Manager etc.
- CBCP (Certified Business Continuity Professional) by Disaster Recovery
The other two major certifications under ISACA are CGEIT and CRISC. For CGEIT, the major domains covered under the certification exam are:
- Strategic management
- IT governance framework
- Risk optimization
- Benefits realization
- Resource optimization
There is an exam consisting of 150 questions to pass CGEIT. For CRISC credential, the major four domains covered are:
- Risk identification
- Risk response and mitigation
- Risk assessment
- Risk monitoring/control monitoring, reporting
To clear CRISC, applicants need to clear an exam with 150 questions and also provide three-year work experience in professional-level risk management.
ISACA also offers an official curriculum for training to the certification aspirants and established training partnerships also with authorized training brands. There is also a bookstore operated by ISACA where you can get resources for various exams.