880 likes | 1.75k Views
Presented By: Brian O’Brien, CISA Melissa Justice, CISA Jotham Nyamari Board Members of the Central Ohio ISACA Chapter. ISACA UPDATE. Central Ohio Chapter Goals Educational Programs Local Training Opportunities Professional Networking. Central Ohio Happenings.
E N D
Presented By: Brian O’Brien, CISA Melissa Justice, CISA Jotham Nyamari Board Members of the Central Ohio ISACA Chapter ISACA UPDATE
Central Ohio Chapter Goals Educational Programs Local Training Opportunities Professional Networking
Central Ohio Happenings • Monthly luncheons on 2nd Thursday of month. • Board meets monthly (10 CPEs for chapter involvement). • Two (fall and spring) training seminars per year. • Oracle Database Auditing on October 28-29. • CISA / CISM Training Courses. • Local Job Postings. • Website / Newsletter ($35 per month). • Golf outing. • Just occurred in August. • Holiday Party / Beulah Park. • Scheduled for Saturday, November 1st. • Student Reduced Fees.
Membership Benefits • Membership • K-NET • COBIT • Val IT • ITAF • Publication • Knowledge • Community of Peers • Downloads • Career Center Access to ISACA International’s website: http://www.isaca.org
Membership • Total ISACA membership worldwide: 77,093
K-NET • ISACA’s Knowledge Network • Online database • Peer reviewed • More than 6,000 links • Member access to 200+ topics in 13 subject areas • Fully searchable • Personalized tracking www.isaca.org/knet
COBIT • COBIT 4.1 • COBIT Online • COBIT Quickstart • COBIT Foundation Course COBIT Family of Products www.isaca.org/cobit
COBIT • IT Assurance Guide: Using COBIT • IT Governance Implementation Guide: Using COBIT and Val IT, 2nd Edition • COBIT Security Baseline COBIT Downloads www.isaca.org/downloads
COBIT® Foundation Course • Case Studies • Real-world Examples • Overview of COBIT Control Objectives, Control Practices, Management Guidelines, and Audit Guidelines • 40 Sample Questions to Prepare for COBIT Foundation Exam • 8 Hours; $499
COBIT® Foundation Course Consists of 5 Modules: • Responding to IT Challenges • Introducing COBIT • What COBIT Provides • Applying COBIT in Practice • Products and Support Available from ITGI
Val IT Provides guidance to: • Define relationships between IT and other functions with governance responsibilities • Manage an organization’s portfolio of IT investments • Maximize the quality of business cases for IT investments www.isaca.org/valit
ITAF New! • ITAFTM: A Professional Practices Framework for IT Assurance • Provides guidance on the design, conduct and reporting of IT audit and assurance assignments • Defines terms and concepts specific to IT assurance • Establishes standards that address IT audit and assurance professional roles and responsibilities, knowledge, skills and diligence, conduct, and reporting requirements www.isaca.org/downloads
Publications • Information Systems Control Journal • Print and online versions • www.isaca.org/journal • Journal Online • Articles that supplement the journal • Online only • www.isaca.org/JOnline • Global Communiqué • Member newsletter • Online only • www.isaca.org/gcomm
Knowledge • ISACA Bookstore Discounts • Listservs Discussion Forums • Sarbanes-Oxley • COBIT • IT Governance • Information Security Management • General Topics www.isaca.org/bookstore
Community of Peers The Local Level: Your Chapter • Why you should get involved: • More than 170 chapters in 140 countries • Leadership opportunities • Networking • Professional growth • Positive impact on the local business community www.isaca.org/chapters
Community of Peers The International Level: ISACA/ITGI • Why you should get involved: • Impressive global network of peer contacts • Shared expertise and learning • A personal role in the future of the association, as well as the IT assurance, security and governance professions. www.isaca.org/leadership
Downloads • Standards, Statements and Guidelines for IS audit and control • Audit Programs and Internal Control Questionnaires on more than 20 topics • IT Governance Institute research documents and presentations • Free ITGI research publication downloads including: • COBIT Security Baseline • Securing the Network Perimeter
Career Centre • ISACA Members Can Search for Jobs by • Geography • Professional Certification • Experience Level • ISACA Members Can Store Resume or/and Post for Employers • Receive E-mail When New Jobs Post
Career Centre • Employers Can Post Jobs • 30 Day Listing for $295 • 60 Day Listing for $395 • Posting is Immediate • Employers Can Search Resumes http://jobs.isaca.org/
Comprehensive Student Program • Reduction of student dues • $25 • New member fee waived • All benefits delivered electronically • Many chapters reduce or waive chapter dues for students • Student area of the web site • Student membership application • Eligibility and dues • Benefits of membership • IT Audit Basics articles
CISA Certification Current Facts Certified the 60,000th CISA earlier this year More than 45,000 current CISAs A 2007 survey of ISACA members who hold the CISA designation revealed: 94% value their CISA certification 72% agreed that CISA has advanced their career
Current CISAs (more than 500) by Country 1,044 Australia 898 Germany 883 Singapore 870 Spain 597 China 541 South Africa
Exam Registrations Past 12 Months CISA Exam Registration TOTAL Asia 11,700 C/S America 750 Europe/Africa 6,600 N. America 7,100 Oceania 300
CISAs in the Workplace More than: 9,000 serve as IT audit practitioners 9,000 serve as IS/IT audit directors, managers, or hold senior positions 2,200 serve as chief audit executives (CAEs), audit partners or audit heads More than: 11,000 hold managerial or consulting positions in IT operations or compliance 3,800 serve as CIOs, CISOs, security directors, security managers 1,400 serve as the CEO or CFO of theirorganizations
Recent CISA Program Recognition CIO Magazine, SC Magazine and Foote Partners research continually cite CISA as a credential that earns top pay compared with other credentials Certification Magazine’s 2007 salary survey ranked CISA in the top five highest paying certifications Salary for auditing certifications such as CISA continue to be boosted by compliance requirements and independent auditor control provisions
Recent Significant CISA Certification Board Actions • Moved to Item Response Theory (IRT) method of classifying and selecting exam items, beginning with the June 2008 exam (see next slide) • Reduced the administrative exam to 170 items (graded) with additional blocks of 30 new items (ungraded) used to gather performance statistics
Recent Significant CISA Certification Board Actions (continued) • Approved to discontinue any exam language that averages less than 100 candidates annually over any successive three-year period • Approved to allow a 1 year educational waiver for achievement of a Master’s degree in Information Systems or IT from an accredited university • Motion pending on approval of Polish as new CISA exam language
Item Response Theory (IRT) method The IRT method of classifying exam items allows the CISA Certification Board to: • Accumulate better statistics on item performance • Score the exam more quickly • Select items to produce a desired level of difficulty • Move to computer-based testing in the future
ANSI Accreditation The American National Standards Institute (ANSI) has awarded accreditation under ISO/IEC 17024 to the CISA certification program in 2005. Accreditation by ANSI signifies that ISACA’s procedures meet ANSI’s requirements for openness, balance, consensus and due process. Reaccredited in 2006 and 2007. Currently being assessed for 2008.
CISA Preparation Related Education Activities • Updated CISA Review instructor-led-training (ILT) course provided to ISACA chapters • Updated topics and notes • Added a course training guide • Added 100 question sample exam (sorted by domain and scrambled) • Introduced new CISA Online Review Course • Serves both for exam preparation and as continuing professional education • Chapter incentive program offered • Converted sample questions on ISACA web site to on-line CISA self-assessment
Item Writing Program • US$50 per accepted question • Earn 1 CPE hour for each accepted question • US$100 per accepted question offered when questions are accepted in areas of need for the exam Continuing Education • Did you know…Active participation on an ISACA and/or ITGI board, committee, task force or active participation as an officer of an ISACA chapter earns one continuing professional education hour for each hour of active participation. (10-hour annual limitation)
CISM Certification Facts 9,145 CISM Certifications have been awarded since 2003 Currently there are more than 8,000 active CISM members of ISACA This year the total number of CISMs awarded will exceed 10,000
Who are the CISMs? • Most CISMs are consultants (37%) or work in financial services (19%). • As expected most CISMs are directors(32%) or managers (22%). • 16% of CISMs have a “C” level title.
Where CISMs Work • CISMs primarily work in large organizations (34%) with 15,000 or more employees. • 30% of CISMs manage organizations whose security staff is larger than 25 individuals. 61% work in organizations having a security staff larger than 5 individuals.
Years of Professional Experience • A large number of CISMs have more than 14 years of professional experience (63%). 84% report having 10 or more years of experience.
Geographic Representation Member CISMs by ISACA Region Asia Central / South America Europe / Africa North America Oceania 14.4% 3.4% 24.7% 54.2% 3.3%
CISM Exam Registration by Region December 07 June 08 Total Asia 527 556 1083 Central South America 152 124 276 Europe Africa 686 801 1487 North America 825 838 1663 Oceania 64 65 129
Countries with more than 40 CISM Exam Takers (June 08) Asia North America • India • Singapore • United Arab Emirates • Canada • USA Central / South America Oceania • Mexico • Australia Europe / Africa • Germany • Spain • Nigeria • United Kingdom
CISM Languages June 08 This June the CISM Exam was offered in four languages. For the first time it was available in Korean. English Spanish Japanese Korean 90.7% 6.0% 3.0% 0.3%
CISM in the News IT professionals who obtained ISACA's information security managers certification (CISM) are in a better position to deal with the growing emphasis on business needs over technology, according to a recent survey of more than 1,400 CISMs in 83 countries. (CSO Magazine) A report shows that formally certified security professionals on average are commanding about 10% to 15% higher salaries than noncertified individuals in comparable roles. Among the certification programs commanding the highest premiums were Certified Information Systems Auditor (CISA) and Certified Information Security Manager (CISM). (Computerworld) CISM was listed as the 2nd highest paid certification in Certification Magazine’s 2007 salary survey.
Recent Significant CISM Certification Board Actions • Approved to certify professors who pass the CISM Exam and who have a minimum of 6 years experience in security management research and teaching.
ANSI Accreditation The American National Standards Institute (ANSI) has awarded accreditation under ISO/IEC 17024 to the Certified Information Security Manager (CISM) in 2005. Accreditation by ANSI signifies that ISACA’s procedures meet ANSI’s essential requirements for openness, balance, consensus and due process. Reaccredited in 2006 and 2007. Currently being assessed for 2008.
CISM Preparation Related Education Activities • Updated CISM Review instructor-led-training (ILT) course provided to ISACA chapters • Updated topics and notes • Added a course training guide • Added 100 question sample exam (sorted by domain and scrambled) • Recruited more than 100 CISM subject matter experts to participate in the development of the 2009 CISM Review Manual • Converted sample questions on ISACA web site to on-line CISM self-assessment
CISM Preparation Related Education Activities • Modified the manner in which the CISM Questions, Answers and Explanations Manual and Supplement are developed to be more consistent with how the CISM Test Enhancement Committee develops questions • Recruited experienced CISM TEC members to participate in QAE development