ISACA Security Certification

"ISACA Security Certification is Important for IT Security and Audit Professionals"

Type of ISACA Security certification for computer careers:

Independent

From:

Information Systems Audit and Control Association

With every publicized hacker attack on a major web site, with every virus and rumor of viruses, we become more and more aware of how important security is. If we were to stop and think about how much information on us is stored in company databases, we would be even more worried about security.

The problem is not new. Although the Internet has made it more pressing, companies have been concerned with security long before they had even heard of the Internet.

In 1969, the Information Systems Audit and Control Association was founded with the goal of increasing IT security. It now has over 22,000 members in over 100 countries.

The ISACA has a professional certification to promote their goals, the Certified Information Systems Auditor (CISA).

Worth it?

Standard disclaimer:

Whether or not any certification is "worth it" is an individual decision. You alone must decide what your career goals and needs are.

Look at certifications from a cost/benefit or Return On Investment (ROI) basis. If they help you get a better paying job or make more money at your current job, they are obviously "worth it."

The problem is, there is no real way of measuring how much you can expect your income to go up as a result of any given certification. It also depends on non-related job search skills such as how well you network.

Dating back to 1978, the CISA certification is the oldest and most well-known. It demonstrates skill and expertise in the areas of IT auditing, control and security.

The CISA certification has 4 requirements:

Five years experience in IS auditing, control and security
Passing the CISA test
Subscribe to ISACA Code of Professional Ethics
Continuing education

The test is given once a year, so you must register in time, or wait another year. The test consists of 7 sections. One section is labelled "Process" and tests your understand and knowledge of the process of an Information Systems Audit. This is 10% of the test.

The other six sections test your knowlege of the content of various areas. They are:

Management, Planning and Organization of IS -- 11%
Technical Infrastructure and Operational Practices -- 13%
Protection of Information Assets -- 25%
Disaster Recovery and Business Continuity -- 10%
Business Application System Development, Acquisition, Implementation and Maintenance -- 16%
Business Process Evaluation and Risk Management -- 15%

The ISACA site goes into a lot more detail about all these subjects. You should certainly check it all out if you are interested in becoming one of the over 24,000 IT audit and security professionals who have it.