This action might not be possible to undo. Are you sure you want to continue?
Trust in, and value from, information systems
2010 CISA® Review Course Introduction
Founded in 1969 as the EDP Auditors Association Since 1978, CISA has been a globally accepted standard of competency among IS audit, control, assurance and security professionals. More than 86,000 members in over 160 countries More than 185 chapters in over 75 countries worldwide
ANSI Accreditation • The American National Standards Institute (ANSI) has awarded accreditation under ISO/IEC 17024 to the Certified Information Systems Auditor (CISA) and Certified Information Security Manager (CISM) certification programs. and ISACA is currently under review for recertification. balance. • Accreditation by ANSI signifies that ISACA’s procedures meet ANSI’s essential requirements for openness. ANSI reaccredited these programs in 2008. consensus and due process. .
isaca.CISA Certification Details www.org/cisa .
000 other professionals who have gained the CISA designation worldwide .Why Become a CISA? Enhanced Knowledge and Skills • To demonstrate your willingness to improve your technical knowledge and skills • To demonstrate to management your proficiency toward organizational excellence Career Advancement • To obtain credentials that employers seek • To enhance your professional image Worldwide Recognition • To be included with over 73.
400 auditors (IS/IT and non-IS/IT) .500 are employed in managerial or consulting positions in IT operations or compliance • More than 15.000 serve as chief audit executives (CAEs). managers or consultants • Over 15.000 serve as audit directors. security directors.CISA in the Workplace • More than 2.400 are now employed in organizations as the CEO. CISO/CSO. security staff. security managers or consultants • More than 11. CFO or equivalent executive position • Over 2. audit partners or audit heads • More than 6.000 serve as CIOs/CTOs.
ISACA and other organizations whose credentials made the top 10 “obviously make a connection between their certifications and employers – that connection is value. The CISA certification program was awarded the “Best Professional Development Grand Award” and the “Best Professional Development (Scheme) Award” in the ‘Hong Kong ICT Awards 2009’ presentation ceremony. the academia and the Government. the 2009 SC Awards were the most competitive yet in the program’s 12-year history. CLO of Mile High Research. In a January 2010 study by Mile High Research. • • . With almost 700 entries submitted in 30 categories.Recent CISA Program Recognitions • SC Magazine has named CISA the winner of the Best Professional Certification Program. The Hong Kong ICT Awards were established in 2006 under a collaborative effort amongst the industry. ISACA’s CISA and CISM certifications made the top 10 in-demand IT certifications for new jobs posted over the last 14 days. The job descriptions specified one or more certifications as minimum or preferred credentials for the job posting." said Denny Schall.
In addition. industry recruitment experts and information security professionals noted CISA and CISM as two of the top five certifications for 2009 as they provide assurance that the holder has extensive experience in their fields above and beyond passing a test.Other CISA Program Recognitions • According to bankinfosecurity. . • The Securities Exchange Board of India requires biannual system audits of all mutual funds to be conducted by an independent auditor who is CISA/CISM-certified or equivalent. all CISAs are offered a 10% discount on DRII courses.com. • CISAs are provided an exemption from the CEH (Certified Ethical Hacker) exam and allowed to automatically take the EC-Council Certified Security Analyst (ECSA) exam which leads to the (LPT) Licensed Penetration Tester Certification. • CISAs qualify for the Disaster Recovery Institute International’s (DRII) CBLA (Certified Business Continuity Lead Auditor) certification and get a bypass for the corresponding reference (experience) requirement.
Other CISA Program Recognitions (continued) • The US Dept. of Defense includes CISA in its list of approved certifications for its information assurance professionals • The US Department of Veteran Affairs reimburses exam fees for the CISA exam • The Department of Information Technology has issued an empanelment of vendors for auditing the Reserve Bank's internal network and IT systems. . • The Payment Card Industry (PCI) data Security Standard (DSS) has named CISA and CISM certifications as validation requirements for qualified security assessors (OSA’s). organizations that validate an entity’s adherence to PCI DSS requirements. It was stipulated that the vendor should have a minimum of three CISA/CISSP certified professionals participating in the audit. CISA was listed as one of the pre-qualification criteria for bidding vendors.
T. of Delhi sent out an RFP for Website Security Audits of Delhi Government departments. has recognized CISA as one of the requirements to be empanelled to conduct security audits . CISA was named as one of the prequalification criteria for bidders.Other CISA Program Recognitions (continued) • All assistant examiners employed by the US Federal Reserve Banks must pass the CISA exam before they are eligible for commissioning • The Department of Information Technology of the Government of N. • The National Stock Exchange of India has recognized CISA as a requirement to conduct system audits • CERT-IN. This is the first large scale audit RFP issued by any state government in India.C. the Indian Computer Emergency Response Team.
• In Romania. banks desiring to implement distance or electronic payment instruments. such as Internet and home banking. • Article 58 of the Public Finance act in the Republic of Poland (passed in late 2006) acknowledges the CISA certification as one of three designations recognized by the act as an entitlement to be a public-sector auditor.Other CISA Program Recognitions (continued) • An information security law in Korea requires that highly skilled professionals. • The Peruvian government recognizes CISAs for their expertise and specialization which is required for practitioners in internal auditing. . such as CISAs perform information system audits and security services. are required by law to be certified by CISA certification-holding auditors.
as representatives of the IT category among the functional constituencies. the Department of Information Technology recognizes the CISA designation to assess the information security risks in public sector organizations. • In Hong Kong. . the Multimedia Development Corporation (MDEC) provides partial reimbursement for certain CISA and CISM certification and training fees. control and security. • India’s National Information Security Assurance Program. • The Canadian Institute of Chartered Accountants (CICA) accredits ISACA as the only body whose designation leads to recognition as a CA-designated specialist in information systems audit.Other CISA Program Recognitions (continued) • In Malaysia. ISACA members who have held a CISA certification for at least four years have the right to vote for the city’s legislative counselors.
CISAs by Area Oceania 2% North America 46% Asia/Mid-East 27% Central/South America 3% Europe/Africa 22% .
mechanisms.isaca.org/cisajpa • IS Audit Process – 10% Provide IS audit services in accordance with IS audit standards. IT Governance – 15 Provide assurance that the organization has the structure.CISA Job Practice Areas (Effective 2006) Note: A CISA job practice analysis is underway to reflect the vital and evolving responsibilities of IT auditors and stay current with the market. accountability. www. 2. maintenance. implementation. and best practices to assist the organization in ensuring that its information technology and business systems are protected and controlled. Systems and Infrastructure Lifecycle Management – 16% Provide assurance that the management practices for the development/acquisition. policies. Results of this analysis will be incorporated into the June 2011 exam. and monitoring practices in place to achieve the requirements of corporate governance of IT. 3. and disposal of systems and infrastructure will meet the organization’s objectives. guidelines. testing. .
5. Protection of Information Assets – 31% Provide assurance that the security architecture (policies.org/cisajobpractice . integrity. standards. IT Service Delivery and Support – 14% Provide assurance that the IT service management practices will ensure the delivery of the level of services required to meet the organization’s objectives. and availability of information assets. For complete details visit: www.isaca. procedures.CISA Job Practice Areas (Effective 2006) (continued) 4. Business Continuity and Disaster Recovery – 14% Provide assurance that in the event of a disruption the business continuity and disaster recovery processes will ensure the timely resumption of IT services while minimizing the business impact. and controls) ensures the confidentiality. 6.
control or security experience (substitutions available) • Submit the CISA application and receive approval • Adhere to the ISACA Code of Professional Ethics • Abide by IS Auditing Standards as adopted by ISACA • Comply with continuing professional education policy .CISA Certification Requirements • Earn a passing score on the CISA Exam • Submit verified evidence of a minimum of five years of verifiable IS audit.
Administration of the CISA Exam 2010 Exam Dates: Saturday 12 June 2010 Saturday 11 December 2010 – The CISA exam is offered in 12 languages and at over 240 locations – Offered in every city where there is an ISACA chapter or a large interest in individuals sitting for the exam – Passing mark of 450 on a common scale of 200 to 800 .
Those whose exam registration fees are not paid will not be sent an exam admission ticket and their registration will be cancelled.2010 Registration Fees Exam: 12 June 2010 Early Registration .00 Final Registration . but on or before 7 April 2010: • ISACA Member: US $465. .org/examreg • Online registration via the ISACA web site is encouraged. as candidates will save US $50.On or before 10 February 2010: • ISACA Member: US $415.00 Register Online at www.After 10 February.00 • Non-Member: US $545. Non-members can join ISACA at the same time. which maximizes their savings.00 • Non-Member: US $595. Exam registration fees must be paid in full to sit for the exams.isaca.
00 Final Registration . Non-members can join ISACA at the same time.After 18 August. . but on or before 6 October 2010: • ISACA Member: US $465. Those whose exam registration fees are not paid will not be sent an exam admission ticket and their registration will be cancelled.00 Register Online at www. as candidates will save US $50.isaca.On or before 18 August 2010: • ISACA Member: US $415.org/examreg • Online registration via the ISACA web site is encouraged. Exam registration fees must be paid in full to sit for the exams. which maximizes their savings.00 • Non-Member: US $595.2010 Registration Fees Exam: 11 December 2010 Early Registration .00 • Non-Member: US $545.
Bulletin of Information and Registration Form • • • • There is a Bulletin of Information for each exam administration for each exam. Bulletin includes: – – – – – – – Requirements for certification Exam description Registration instructions Test date procedures Score reporting Test center locations Registration forms . The CISA Bulletin of Information can be downloaded from the ISACA web site at: www.isaca.org/cisaboi Is available in 12 languages.
Types of Questions on the CISA Exam • • • • Exam consists of 200 multiple choice questions administered over a four-hour period Questions are designed to test practical knowledge and experience Questions require the candidate to choose one best answer Every question or statement has four options (answer choices) .
Quality of the Exam Ensured by: • • • • • Job Practice Analysis Study: Determines content Test Development Standards: Ensures high standards for the development and review of questions Review Process: Provides two reviews of questions by independent committees before acceptance into pool Periodic Pool Cleaning: Ensures that questions in the pool are up-to-date by continuously reviewing questions Statistical Analysis of Questions: Ensures quality questions and grading by analyzing exam statistics for each language .
00…….(US) $225.00……. Answers &………...2010 Study Materials ISACA Members Non-Members Candidate’s Guide to the CISA Exam……………. Answers &……….(US) $40.(US) $185.00 Explanations Manual 2010 Supplement CISA Practice Question Database V10……….00 .(US) $100.00…….(US) $105..00 Explanations Manual 2010 CISA Review Questions.(US) $135.free to each paid registrant CISA Review Manual 2010…………………..00 CISA Review Questions....(US) $130.00……..(US) $60..
.How to Develop a CISA Study Plan A proper study plan consists of several steps: Self-appraisal Determination of the type of study program Having an adequate amount of time to prepare Maintaining momentum Readiness review Become involved in your local chapter and explore networking opportunities and study groups.
study IS audit from the internal audit perspective and vice-versa • Join or organize study groups • Take the ISACA online review course. Answers & Explanations Manual.isaca.org/elearningcampus.How to Study for the CISA Exam • Read the Candidate’s Guide thoroughly • Study the CISA Review Manual • Work through the CISA Review Questions. Supplement and CD • Participate in an ISACA Chapter Review Course • Read literature in areas where you need to strengthen skills • Spend time studying the complement of your field: If external auditor. . available at www.
Translated instructions are also available at www.isaca. – Verification of work experience for applicant form – CISA application form .org/cisaapp • Is available in hard copy upon request to ISACA’s certification department • Contains: – Requirements for certification – Code of Professional Ethics – Instructions for completion of form.Application for Certification • Is available at www.isaca.org/cisaapp.
CISA Continuing Professional Education (CPE) Policy Details www.org/cisacpepolicy .isaca.
Continuing Professional Education (CPE) Requirements Certification is renewed for those who: • • • • • Report an annual minimum of 20 hours of continuing professional education Report a minimum of 120 hours of continuing education for each fixed three-year period Pay the annual certification maintenance fee Respond and submit required documentation of continuing education activities if selected for an annual audit Comply with the ISACA Code of Professional Ethics .
• Serve in the interest of stakeholders in a lawful and honest manner.ISACA Code of Professional Ethics Members and ISACA certification holders shall: • Support the implementation of. . • Perform their duties with objectivity. procedures and controls for information systems. while maintaining high standards of conduct and character. in accordance with professional standards and best practices. due diligence and professional care. appropriate standards. and encourage compliance with. and not engage in acts discreditable to the profession.
. revealing all significant facts known to them. which they can reasonably expect to complete with professional competence. • Inform appropriate parties of the results of work performed. • Maintain competency in their respective fields and agree to undertake only those activities. • Support the professional education of stakeholders in enhancing their understanding of information systems security and control.ISACA Code of Professional Ethics (continued) Members and ISACA certification holders shall: • Maintain the privacy and confidentiality of information obtained in the course of their duties unless disclosure is required by legal authority. Such information shall not be used for personal benefit or released to inappropriate parties.
660.253.847.1443 • E-mail: email@example.com .Want to know more? Please contact us at: ISACA 3701 Algonquin Road Suite 1010 Rolling Meadows. IL 60008 USA • Phone: +1.org • Web site: www.5660 • Fax: +1.isaca.847.
This action might not be possible to undo. Are you sure you want to continue?
We've moved you to where you read on your other device.
Get the full title to continue reading from where you left off, or restart the preview.