ISACA

ISACA is an international professional association focused on IT governance. On its IRS filings, it is known
as the Information Systems Audit and Control Association, although ISACA now goes by its acronym
only.

History[edit]

ISACA originated in United States in 1967,[2] when a group of individuals working on auditing controls in
computer systems started to become increasingly critical of the operations of their organizations. They
identified a need for a centralized source of information and guidance in the field. In 1969, Stuart
Tyrnauer, an employee of the (then) Douglas Aircraft Company, incorporated the group as the EDP
Auditors Association (EDPAA).[4] Tyrnauer served as the body's founding chairman for the first three
years. In 1976 the association formed an education foundation to undertake large-scale research efforts
to expand the knowledge of and value accorded to the fields of governance and control of information
technology.

The association became the Information Systems Audit and Control Association in 1994.[5]

By 2008 the organization had dropped its long title and branded itself as ISACA.[6]

In March 2016, ISACA bought the CMMI Institute who is behind the Capability Maturity Model
Integration.[7]

Current status[edit]

ISACA currently serves more than 110,000 constituents (members and professionals holding ISACA
certifications) in more than 180 countries. The job titles of members are such as IS auditor, consultant,
educator, IS security professional, regulator, chief information officer, chief information security officer
and internal auditor. They work in nearly all industry categories. There is a network of ISACA chapters
with more than 200 chapters established in over 80 countries. Chapters provide education, resource
sharing, advocacy, networking and other benefits.

Major publications[edit]

COBIT

Information System Control Journal

Risk IT
Standards, Guidelines and Procedures for information system auditing[8][9] (Guideline co-developed
with the International Federation of Accountants)

Security, Audit and Control Features SAP ERP[10]

Val IT (Getting best value from IT investments)

Certifications[edit]

Certified Information Systems Auditor (CISA)

Certified Information Security Manager (CISM)

Certified in the Governance of Enterprise IT (CGEIT)

Control Objectives for Information and Related Technology (COBIT) 5

Certified in Risk and Information Systems Control (CRISC)

Cybersecurity Nexus Practitioner (CSX-P)

The CSX-P, ISACA's first cybersecurity certification, was introduced in the summer of 2015. It is one of
the few certifications that require the individual to work in a live environment, with real problems, to
obtain a certification. Specifically, the exam puts test takers in a live network with a real incident taking
place. The student's efforts to respond to the incident and fix the problem results in the type of score
awarded.[11]