Download - CISA 2010 Overview
8/8/2019 CISA 2010 Overview
http://slidepdf.com/reader/full/cisa-2010-overview 1/32
ISACA ISACA®®
Trust in, and value from, information systemsTrust in, and value from, information systems
www.isaca.orgwww.isaca.org
8/8/2019 CISA 2010 Overview
http://slidepdf.com/reader/full/cisa-2010-overview 2/32
2010 CISA2010 CISA® Review CourseReview Course
IntroductionIntroductionwww.isaca.org/cisawww.isaca.org/cisa
8/8/2019 CISA 2010 Overview
http://slidepdf.com/reader/full/cisa-2010-overview 3/32
ISACA Facts
• Founded in 1969 as the EDP Auditors
Association
• Since 1978, CISA has been a globally
accepted standard of competency
among IS audit, control, assurance andsecurity professionals.
• More than 86,000 members in over
160 countries
• More than 185 chapters in over 75
countries worldwide
8/8/2019 CISA 2010 Overview
http://slidepdf.com/reader/full/cisa-2010-overview 4/32
ANSI Accreditation
• The American National Standards Institute (ANSI) hasawarded accreditation under ISO/IEC 17024 to the
Certified Information Systems Auditor (CISA) andCertified Information Security Manager (CISM)certification programs. ANSI reaccredited these
programs in 2008, and ISACA is currently under reviewfor recertification.
• Accreditation by ANSI signifies that ISACA’s
procedures meet ANSI’s essential requirements foropenness, balance, consensus and due process.
8/8/2019 CISA 2010 Overview
http://slidepdf.com/reader/full/cisa-2010-overview 5/32
CISA Certification DetailsCISA Certification Details
www.isaca.org/cisawww.isaca.org/cisa
8/8/2019 CISA 2010 Overview
http://slidepdf.com/reader/full/cisa-2010-overview 6/32
Why Become a CISA?
Enhanced Knowledge and Skills
• To demonstrate your willingness to improve your technical
knowledge and skills• To demonstrate to management your proficiency toward
organizational excellence
Career Advancement• To obtain credentials that employers seek
• To enhance your professional image
Worldwide Recognition• To be included with over 73,000 other professionals who havegained the CISA designation worldwide
8/8/2019 CISA 2010 Overview
http://slidepdf.com/reader/full/cisa-2010-overview 7/32
CISA in the Workplace
• More than 2,400 are now employed in organizations as theCEO, CFO or equivalent executive position
• Over 2,000 serve as chief audit executives (CAEs), auditpartners or audit heads
• More than 6,000 serve as CIOs/CTOs, CISO/CSO, security
directors, security managers or consultants• More than 11,000 serve as audit directors, security staff,
managers or consultants
• Over 15,500 are employed in managerial or consultingpositions in IT operations or compliance
• More than 15,400 auditors (IS/IT and non-IS/IT)
R CISA P
8/8/2019 CISA 2010 Overview
http://slidepdf.com/reader/full/cisa-2010-overview 8/32
Recent CISA ProgramRecognitions
• SC Magazine has named CISA the winner of the Best Professional CertificationProgram. With almost 700 entries submitted in 30 categories, the 2009 SC
Awards were the most competitive yet in the program’s 12-year history.• The CISA certification program was awarded the “Best Professional
Development Grand Award” and the “Best Professional Development (Scheme)Award” in the ‘Hong Kong ICT Awards 2009’ presentation ceremony. The
Hong Kong ICT Awards were established in 2006 under a collaborative effortamongst the industry, the academia and the Government.
• In a January 2010 study by Mile High Research, ISACA’s CISA and CISMcertifications made the top 10 in-demand IT certifications for new jobs postedover the last 14 days. The job descriptions specified one or more certifications
as minimum or preferred credentials for the job posting. ISACA and otherorganizations whose credentials made the top 10 “obviously make a connectionbetween their certifications and employers – that connection is value," saidDenny Schall, CLO of Mile High Research.
8/8/2019 CISA 2010 Overview
http://slidepdf.com/reader/full/cisa-2010-overview 9/32
Other CISA ProgramRecognitions
• According to bankinfosecurity.com, industry recruitment experts andinformation security professionals noted CISA and CISM as two of thetop five certifications for 2009 as they provide assurance that the holder
has extensive experience in their fields above and beyond passing a test.• CISAs qualify for the Disaster Recovery Institute International’s (DRII)
CBLA (Certified Business Continuity Lead Auditor) certification and geta bypass for the corresponding reference (experience) requirement. In
addition, all CISAs are offered a 10% discount on DRII courses.• The Securities Exchange Board of India requires biannual system audits
of all mutual funds to be conducted by an independent auditor who isCISA/CISM-certified or equivalent.
• CISAs are provided an exemption from the CEH (Certified EthicalHacker) exam and allowed to automatically take the EC-CouncilCertified Security Analyst (ECSA) exam which leads to the (LPT)Licensed Penetration Tester Certification.
8/8/2019 CISA 2010 Overview
http://slidepdf.com/reader/full/cisa-2010-overview 10/32
Other CISA ProgramRecognitions
(continued)
• The US Dept. of Defense includes CISA in its list of approvedcertifications for its information assurance professionals
• The US Department of Veteran Affairs reimburses exam fees for theCISA exam
• The Department of Information Technology has issued an empanelmentof vendors for auditing the Reserve Bank's internal network and IT
systems. CISA was listed as one of the pre-qualification criteria forbidding vendors. It was stipulated that the vendor should have aminimum of three CISA/CISSP certified professionals participating inthe audit.
• The Payment Card Industry (PCI) data Security Standard (DSS) hasnamed CISA and CISM certifications as validation requirements forqualified security assessors (OSA’s); organizations that validate anentity’s adherence to PCI DSS requirements.
Oth CISA P
8/8/2019 CISA 2010 Overview
http://slidepdf.com/reader/full/cisa-2010-overview 11/32
Other CISA ProgramRecognitions
(continued)
• All assistant examiners employed by the US Federal Reserve Banksmust pass the CISA exam before they are eligible for commissioning
• The Department of Information Technology of the Government of N.C.T. of Delhi sent out an RFP for Website Security Audits of DelhiGovernment departments. This is the first large scale audit RFP issuedby any state government in India. CISA was named as one of the pre-qualification criteria for bidders.
• The National Stock Exchange of India has recognized CISA as arequirement to conduct system audits
• CERT-IN, the Indian Computer Emergency Response Team, hasrecognized CISA as one of the requirements to be empanelled toconduct security audits
Oth CISA P
8/8/2019 CISA 2010 Overview
http://slidepdf.com/reader/full/cisa-2010-overview 12/32
Other CISA ProgramRecognitions
(continued)
• An information security law in Korea requires that highly skilledprofessionals, such as CISAs perform information system audits and
security services.• In Romania, banks desiring to implement distance or electronic payment
instruments, such as Internet and home banking, are required by law tobe certified by CISA certification-holding auditors.
• Article 58 of the Public Finance act in the Republic of Poland (passed inlate 2006) acknowledges the CISA certification as one of threedesignations recognized by the act as an entitlement to be a public-sectorauditor.
• The Peruvian government recognizes CISAs for their expertise andspecialization which is required for practitioners in internal auditing.
Other CISA Program
8/8/2019 CISA 2010 Overview
http://slidepdf.com/reader/full/cisa-2010-overview 13/32
Other CISA ProgramRecognitions
(continued)
• In Malaysia, the Multimedia Development Corporation (MDEC)provides partial reimbursement for certain CISA and CISM certificationand training fees.
• The Canadian Institute of Chartered Accountants (CICA) accreditsISACA as the only body whose designation leads to recognition as aCA-designated specialist in information systems audit, control andsecurity.
• In Hong Kong, ISACA members who have held a CISA certification forat least four years have the right to vote for the city’s legislativecounselors, as representatives of the IT category among the functionalconstituencies.
• India’s National Information Security Assurance Program, theDepartment of Information Technology recognizes the CISAdesignation to assess the information security risks in public sectororganizations.
8/8/2019 CISA 2010 Overview
http://slidepdf.com/reader/full/cisa-2010-overview 14/32
CISAs by Area
Europe/Africa22%
Central/South
America
3%
Asia/Mid-East
27%
Oceania
2%
North America
46%
CISA J b P i A
8/8/2019 CISA 2010 Overview
http://slidepdf.com/reader/full/cisa-2010-overview 15/32
Note: A CISA job practice analysis is underway to reflect the vital and evolvingresponsibilities of IT auditors and stay current with the market. Results of this analysiswill be incorporated into the June 2011 exam. www.isaca.org/cisajpa
• IS Audit Process – 10%
Provide IS audit services in accordance with IS audit standards, guidelines, andbest practices to assist the organization in ensuring that its informationtechnology and business systems are protected and controlled.
2. IT Governance – 15
Provide assurance that the organization has the structure, policies,accountability, mechanisms, and monitoring practices in place to achieve therequirements of corporate governance of IT.
3. Systems and Infrastructure Lifecycle Management – 16%
Provide assurance that the management practices for thedevelopment/acquisition, testing, implementation, maintenance, and disposal of systems and infrastructure will meet the organization’s objectives.
CISA Job Practice Areas(Effective 2006)
8/8/2019 CISA 2010 Overview
http://slidepdf.com/reader/full/cisa-2010-overview 16/32
4. IT Service Delivery and Support – 14%
Provide assurance that the IT service management practices will ensure the delivery of
the level of services required to meet the organization’s objectives.
5. Protection of Information Assets – 31%
Provide assurance that the security architecture (policies, standards, procedures, andcontrols) ensures the confidentiality, integrity, and availability of information assets.
6. Business Continuity and Disaster Recovery – 14%
Provide assurance that in the event of a disruption the business continuity and disasterrecovery processes will ensure the timely resumption of IT services while minimizing thebusiness impact.
For complete details visit: www.isaca.org/cisajobpractice
CISA Job Practice Areas(Effective 2006) (continued)
CISA Certification
8/8/2019 CISA 2010 Overview
http://slidepdf.com/reader/full/cisa-2010-overview 17/32
CISA CertificationRequirements
• Earn a passing score on the CISA Exam
• Submit verified evidence of a minimum of five years of verifiable IS audit, control or security experience(substitutions available)
• Submit the CISA application and receive approval• Adhere to the ISACA Code of Professional Ethics
• Abide by IS Auditing Standards as adopted by ISACA
• Comply with continuing professional education policy
Administration of
8/8/2019 CISA 2010 Overview
http://slidepdf.com/reader/full/cisa-2010-overview 18/32
Administration of
the CISA Exam
2010 Exam Dates:Saturday 12 June 2010
Saturday 11 December 2010
– The CISA exam is offered in 12 languages and at over 240
locations
– Offered in every city where there is an ISACA chapter or a
large interest in individuals sitting for the exam
– Passing mark of 450 on a common scale of 200 to 800
2010 Registration Fees
8/8/2019 CISA 2010 Overview
http://slidepdf.com/reader/full/cisa-2010-overview 19/32
Early Registration - On or before 10 February 2010:• ISACA Member: US $415.00
• Non-Member: US $545.00
Final Registration - After 10 February, but on or before 7 April 2010:• ISACA Member: US $465.00
• Non-Member: US $595.00
Register Online at www.isaca.org/examreg• Online registration via the ISACA web site is encouraged, as candidates
will save US $50. Non-members can join ISACA at the same time,which maximizes their savings.
2010 Registration FeesExam: 12 June 2010
Exam registration fees must be paid in full to sit for the exams. Those whose examregistration fees are not paid will not be sent an exam admission ticket and theirregistration will be cancelled.
2010 Registration Fees
8/8/2019 CISA 2010 Overview
http://slidepdf.com/reader/full/cisa-2010-overview 20/32
2010 Registration FeesExam: 11 December 2010
Early Registration - On or before 18 August 2010:• ISACA Member: US $415.00
• Non-Member: US $545.00
Final Registration - After 18 August, but on or before 6 October 2010:• ISACA Member: US $465.00
• Non-Member: US $595.00
Register Online at www.isaca.org/examreg• Online registration via the ISACA web site is encouraged, as candidates
will save US $50. Non-members can join ISACA at the same time,which maximizes their savings.
Exam registration fees must be paid in full to sit for the exams. Those whose examregistration fees are not paid will not be sent an exam admission ticket and theirregistration will be cancelled.
Bulletin of Information
8/8/2019 CISA 2010 Overview
http://slidepdf.com/reader/full/cisa-2010-overview 21/32
• There is a Bulletin of Information for each examadministration for each exam.
• The CISA Bulletin of In formation can be downloaded fromthe ISACA web site at: www.isaca.org/cisaboi
• Is available in 12 languages.
• Bulletin includes:– Requirements for certification
– Exam description
– Registration instructions
– Test date procedures
– Score reporting
– Test center locations
– Registration forms
Bulletin of Informationand Registration Form
Types of Questions on
8/8/2019 CISA 2010 Overview
http://slidepdf.com/reader/full/cisa-2010-overview 22/32
• Exam consists of 200 multiple choice questions
administered over a four-hour period• Questions are designed to test practical
knowledge and experience
• Questions require the candidate to choose one
best answer
• Every question or statement has four options(answer choices)
Types of Questions onthe CISA Exam
Quality of the Exam
8/8/2019 CISA 2010 Overview
http://slidepdf.com/reader/full/cisa-2010-overview 23/32
Quality of the ExamEnsured by:
• Job Practice Analysis Study: Determines content
• Test Development Standards: Ensures high standards for thedevelopment and review of questions
• Review Process: Provides two reviews of questions byindependent committees before acceptance into pool
• Periodic Pool Cleaning: Ensures that questions in the pool areup-to-date by continuously reviewing questions
• Statistical Analysis of Questions: Ensures quality questionsand grading by analyzing exam statistics for each language
2010 St d M t i l
8/8/2019 CISA 2010 Overview
http://slidepdf.com/reader/full/cisa-2010-overview 24/32
ISACA Members Non-Members
Candidate’s Guide to the CISA Exam……………. free to each paid registrant
CISA Review Manual 2010…………………..(US) $105.00……..(US) $135.00
CISA Review Questions, Answers &………...(US) $100.00……..(US) $130.00Explanations Manual 2010
CISA Review Questions, Answers &………....(US) $40.00…….(US) $60.00Explanations Manual 2010 Supplement
CISA Practice Question Database V10………..(US) $185.00…….(US) $225.00
2010 Study Materials
How to Develop a
8/8/2019 CISA 2010 Overview
http://slidepdf.com/reader/full/cisa-2010-overview 25/32
A proper study plan consists of several steps:
Self-appraisal
Determination of the type of study program
Having an adequate amount of time to prepareMaintaining momentum
Readiness review
Become involved in your local chapter and explore
networking opportunities and study groups.
How to Develop aCISA Study Plan
How to Study for
8/8/2019 CISA 2010 Overview
http://slidepdf.com/reader/full/cisa-2010-overview 26/32
• Read the Candidate’s Guide thoroughly
• Study the CISA Review Manual
• Work through the CISA Review Questions, Answers &Explanations Manual, Supplement and CD
• Participate in an ISACA Chapter Review Course
• Read literature in areas where you need to strengthen skills• Spend time studying the complement of your field: If external
auditor, study IS audit from the internal audit perspective andvice-versa
• Join or organize study groups
• Take the ISACA online review course, available atwww.isaca.org/elearningcampus.
ythe CISA Exam
Application for
8/8/2019 CISA 2010 Overview
http://slidepdf.com/reader/full/cisa-2010-overview 27/32
• Is available at www.isaca.org/cisaapp
• Is available in hard copy upon request to ISACA’s
certification department• Contains:
– Requirements for certification
– Code of Professional Ethics
– Instructions for completion of form. Translated instructionsare also available at www.isaca.org/cisaapp.
– Verification of work experience for applicant form
– CISA application form
Application for
Certification
8/8/2019 CISA 2010 Overview
http://slidepdf.com/reader/full/cisa-2010-overview 28/32
CISA Continuing ProfessionalEducation (CPE) Policy Details
www.isaca.org/cisacpepolicywww.isaca.org/cisacpepolicy
Continuing Professional
8/8/2019 CISA 2010 Overview
http://slidepdf.com/reader/full/cisa-2010-overview 29/32
Certification is renewed for those who:
• Report an annual minimum of 20 hours of continuingprofessional education
• Report a minimum of 120 hours of continuing education foreach fixed three-year period
• Pay the annual certification maintenance fee
• Respond and submit required documentation of continuingeducation activities if selected for an annual audit
• Comply with the ISACA Code of Professional Ethics
Co t u g o ess o a
Education (CPE) Requirements
ISACA Code of
8/8/2019 CISA 2010 Overview
http://slidepdf.com/reader/full/cisa-2010-overview 30/32
Members and ISACA certification holders shall:
• Support the implementation of, and encourage compliance with,
appropriate standards, procedures and controls for informationsystems.
• Perform their duties with objectivity, due diligence and
professional care, in accordance with professional standards andbest practices.
• Serve in the interest of stakeholders in a lawful and honest
manner, while maintaining high standards of conduct and
character, and not engage in acts discreditable to the profession.
Professional Ethics
ISACA Code of
8/8/2019 CISA 2010 Overview
http://slidepdf.com/reader/full/cisa-2010-overview 31/32
Members and ISACA certification holders shall:
• Maintain the privacy and confidentiality of information obtained
in the course of their duties unless disclosure is required by legalauthority. Such information shall not be used for personal benefitor released to inappropriate parties.
• Maintain competency in their respective fields and agree to
undertake only those activities, which they can reasonably expectto complete with professional competence.
• Inform appropriate parties of the results of work performed;
revealing all significant facts known to them.• Support the professional education of stakeholders in enhancing
their understanding of information systems security and control.
Professional Ethics(continued)
8/8/2019 CISA 2010 Overview
http://slidepdf.com/reader/full/cisa-2010-overview 32/32
Want to know more?
Please contact us at:
ISACA
3701 Algonquin Road
Suite 1010Rolling Meadows, IL 60008 USA
• Phone: +1.847.660.5660
• Fax: +1.847.253.1443
• E-mail: [email protected]
• Web site: www.isaca.org