|
|
 |
|
|
|
|
CISA:
CERTIFIED INFORMATION SYSTEMS AUDITOR
General Information
The Certified Information Systems Auditor (CISA)
designation is awarded to those individuals with an
interest in information systems auditing, control, and
security who have met and continue to meet the
following requirements regarding the CISA examination;
information systems auditing, control or security
experience; the continuing education program; and the
code of professional ethics.
The CISA Examination
The examination is open to all individuals who have an
interest in the information systems auditing, control,
and security field. All are encouraged to work toward
and take the examination. Successful examination
candidates will be sent documents required to apply
for certification with their notification of a passing
score.
Experience Requirement
A minimum of five years professional information
systems auditing, control, and security work
experience is required for certification.
Substitutions and waivers of such experience may be
obtained as follows:
 | A maximum of 1 year of
information systems experience OR 1 year of
auditing experience can be substituted for 1 year
of information systems auditing, control, or
security experience.
|
| 60 to 120 completed college
semester credit hours (the equivalent of an
Associate or Bachelor degree) can be substituted
for 1 or 2 years, respectively, of information
systems auditing, control, or security experience,
and
|
| 2 years as a full time university
instructor in a related field (e.g., computer
science, accounting, information systems auditing)
can be substituted for 1 year Information systems
auditing, control, or security experience.
|
| Experience must have been gained
within the 10 year period preceding the
application date for certification or within 5
years from the date of initial passing of the
examination. Retaking and successfully passing the
examination will be required if the application
for certification is not submitted within 5 years
from the passing date of the examination. All
experience will be verified independently with
employers.
|
Continuing Education Policy
The objectives of the continuing education program are
to:
| Maintain an individual's
competency by requiring the update of existing
knowledge and skills in the areas of information
systems auditing, management, accounting and
business areas related to specific industries
(e.g., finance, insurance, business law, etc.),
|
| Provide a means to differentiate
between qualified CISAs and those who have not met
the requirements for continuation of their
certification,
|
| Provide a mechanism for
monitoring information systems auditing, control,
and security expert's maintenance of their
competency, and
|
| Aid top management in developing
sound information systems auditing, control, and
security functions by providing criteria for
personnel selection and development.
|
| Maintenance fees and a minimum of
20 contact hours of continuing education are
required annually. In addition, a minimum of 120
contact hours is required during a fixed 3 year
period. Upon completing the requirements for
initial certification, the CISA will be provided
with the continuing education policy booklet for
detailed criteria to be used in developing a
personal continuing education program.
|
CISM:
CERTIFIED INFORMATION SECURITY MANAGER
CISM is ISACA's next generation
credential and is specifically geared toward
experienced information security managers and those
who have information security management
responsibilities. CISM is designed to provide
executive management with assurance that those earning
the designation have the required knowledge and
ability to provide effective security management and
consulting. It is business-oriented and focuses on
information risk management while addressing
management, design and technical security issues at a
conceptual level. While its central focus is security
management, all those in the IS profession with
security experience will certainly find value in CISM.
To Earn
the CISM Designation, Candidates will be Required to:
| Successfully complete the
Certified Information Security Manager (CISM) exam
| Adhere to a code of professional
ethics
| Submit verified evidence of a
minimum number of years of information security
work experience, with a minimum number in the
appropriate job analysis domains. |
| |
CISM will
Encompass the Following Areas:
The first exam (English only) was offered in June 2003. The exam is intended to be
available in every worldwide location in which the
CISA exam is conducted, which consists of 200 test
sites in more than 75 countries. Candidates may take
the CISM examination prior to meeting the experience
requirements. This practice is acceptable and
encouraged, although the credential will not be
awarded until all requirements are met.
For more information, please use the link below:
CISA
and CISM Certification
|
|
|
|
|
|
