slide1 n.
Skip this Video
Loading SlideShow in 5 Seconds..
ISACA UPDATE PowerPoint Presentation
Download Presentation

Loading in 2 Seconds...

play fullscreen
1 / 83

ISACA UPDATE - PowerPoint PPT Presentation

  • Uploaded on

Presented By: Brian O’Brien, CISA Melissa Justice, CISA Jotham Nyamari Board Members of the Central Ohio ISACA Chapter. ISACA UPDATE. Central Ohio Chapter Goals Educational Programs Local Training Opportunities Professional Networking. Central Ohio Happenings.

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about 'ISACA UPDATE' - Thomas

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Presented By: Brian O’Brien, CISA

Melissa Justice, CISA

Jotham Nyamari

Board Members of the

Central Ohio ISACA Chapter


Central Ohio Chapter Goals Educational Programs Local Training Opportunities Professional Networking
central ohio happenings
Central Ohio Happenings
  • Monthly luncheons on 2nd Thursday of month.
      • Board meets monthly (10 CPEs for chapter involvement).
  • Two (fall and spring) training seminars per year.
      • Oracle Database Auditing on October 28-29.
  • CISA / CISM Training Courses.
  • Local Job Postings.
      • Website / Newsletter ($35 per month).
  • Golf outing.
      • Just occurred in August.
  • Holiday Party / Beulah Park.
      • Scheduled for Saturday, November 1st.
  • Student Reduced Fees.
membership benefits
Membership Benefits
  • Membership
  • K-NET
  • Val IT
  • ITAF
  • Publication
  • Knowledge
  • Community of Peers
  • Downloads
  • Career Center

Access to ISACA International’s website:



  • Total ISACA membership worldwide: 77,093


  • ISACA’s Knowledge Network
  • Online database
  • Peer reviewed
  • More than 6,000 links
  • Member access to 200+ topics in 13 subject areas
  • Fully searchable
  • Personalized tracking



  • COBIT 4.1
  • COBIT Online
  • COBIT Quickstart
  • COBIT Foundation Course

COBIT Family of Products



  • IT Assurance Guide: Using COBIT
  • IT Governance Implementation Guide: Using COBIT and Val IT, 2nd Edition
  • COBIT Security Baseline

COBIT Downloads

c obi t foundation course
COBIT® Foundation Course
  • Case Studies
  • Real-world Examples
  • Overview of COBIT Control Objectives, Control Practices, Management Guidelines, and Audit Guidelines
  • 40 Sample Questions to Prepare for COBIT Foundation Exam
  • 8 Hours; $499
c obi t foundation course1
COBIT® Foundation Course

Consists of 5 Modules:

  • Responding to IT Challenges
  • Introducing COBIT
  • What COBIT Provides
  • Applying COBIT in Practice
  • Products and Support Available from ITGI

Val IT

Provides guidance to:

  • Define relationships between IT and other functions with governance responsibilities
  • Manage an organization’s portfolio of IT investments
  • Maximize the quality of business cases for IT investments



  • ITAFTM: A Professional Practices Framework for IT Assurance
    • Provides guidance on the design, conduct and reporting of IT audit and assurance assignments
    • Defines terms and concepts specific to IT assurance
    • Establishes standards that address IT audit and assurance professional roles and responsibilities, knowledge, skills and diligence, conduct, and reporting requirements



  • Information Systems Control Journal
    • Print and online versions
  • Journal Online
    • Articles that supplement the journal
    • Online only
  • Global Communiqué
    • Member newsletter
    • Online only


  • ISACA Bookstore Discounts
  • Listservs Discussion Forums
    • Sarbanes-Oxley
    • COBIT
    • IT Governance
    • Information Security Management
    • General Topics


Community of Peers

The Local Level: Your Chapter

  • Why you should get involved:
    • More than 170 chapters in 140 countries
    • Leadership opportunities
    • Networking
    • Professional growth
    • Positive impact on the local business community


Community of Peers

The International Level: ISACA/ITGI

  • Why you should get involved:
    • Impressive global network of peer contacts
    • Shared expertise and learning
    • A personal role in the future of the association, as well as the IT assurance, security and governance professions.



  • Standards, Statements and Guidelines for IS audit and control
  • Audit Programs and Internal Control Questionnaires on more than 20 topics
  • IT Governance Institute research documents and presentations
  • Free ITGI research publication downloads including:
    • COBIT Security Baseline
    • Securing the Network Perimeter
career centre
Career Centre
  • ISACA Members Can Search for Jobs by
      • Geography
      • Professional Certification
      • Experience Level
  • ISACA Members Can Store Resume or/and Post for Employers
  • Receive E-mail When New Jobs Post
career centre1
Career Centre
  • Employers Can Post Jobs
      • 30 Day Listing for $295
      • 60 Day Listing for $395
      • Posting is Immediate
  • Employers Can Search Resumes

comprehensive student program
Comprehensive Student Program
  • Reduction of student dues
    • $25
    • New member fee waived
    • All benefits delivered electronically
    • Many chapters reduce or waive chapter dues for students
  • Student area of the web site
    • Student membership application
    • Eligibility and dues
    • Benefits of membership
    • IT Audit Basics articles
cisa certification current facts
CISA Certification Current Facts

Certified the 60,000th CISA earlier this year

More than 45,000 current CISAs

A 2007 survey of ISACA members who hold the CISA designation revealed:

94% value their CISA certification

72% agreed that CISA has advanced their career

current cisas more than 500 by country
Current CISAs (more than 500) by Country

1,044 Australia

898 Germany

883 Singapore

870 Spain

597 China

541 South Africa

exam registrations past 12 months
Exam Registrations Past 12 Months

CISA Exam Registration


Asia 11,700

C/S America 750

Europe/Africa 6,600

N. America 7,100

Oceania 300

cisas in the workplace
CISAs in the Workplace

More than:

9,000 serve as IT audit practitioners

9,000 serve as IS/IT audit directors, managers, or hold senior positions

2,200 serve as chief audit executives (CAEs), audit partners or audit heads

More than:

11,000 hold managerial or consulting positions in IT operations or compliance

3,800 serve as CIOs, CISOs, security directors, security managers

1,400 serve as the CEO or CFO of theirorganizations

recent cisa program recognition
Recent CISA Program Recognition

CIO Magazine, SC Magazine and Foote Partners research continually cite CISA as a credential that earns top pay compared with other credentials

Certification Magazine’s 2007 salary survey ranked CISA in the top five highest paying certifications

Salary for auditing certifications such as CISA continue to be boosted by compliance requirements and independent auditor control provisions

recent significant cisa certification board actions
Recent Significant CISA Certification Board Actions
  • Moved to Item Response Theory (IRT) method of classifying and selecting exam items, beginning with the June 2008 exam (see next slide)
  • Reduced the administrative exam to 170 items (graded) with additional blocks of 30 new items (ungraded) used to gather performance statistics
recent significant cisa certification board actions continued
Recent Significant CISA Certification Board Actions (continued)
  • Approved to discontinue any exam language that averages less than 100 candidates annually over any successive three-year period
  • Approved to allow a 1 year educational waiver for achievement of a Master’s degree in Information Systems or IT from an accredited university
  • Motion pending on approval of Polish as new CISA exam language
item response theory irt method
Item Response Theory (IRT) method

The IRT method of classifying exam items allows the CISA Certification Board to:

  • Accumulate better statistics on item performance
  • Score the exam more quickly
  • Select items to produce a desired level of difficulty
  • Move to computer-based testing in the future
ansi accreditation
ANSI Accreditation

The American National Standards Institute (ANSI) has awarded accreditation under ISO/IEC 17024 to the CISA certification program in 2005.

Accreditation by ANSI signifies that ISACA’s procedures meet ANSI’s requirements for openness, balance, consensus and due process.

Reaccredited in 2006 and 2007.

Currently being assessed for 2008.

cisa preparation related education activities
CISA Preparation Related Education Activities
  • Updated CISA Review instructor-led-training (ILT) course provided to ISACA chapters
    • Updated topics and notes
    • Added a course training guide
    • Added 100 question sample exam (sorted by domain and scrambled)
  • Introduced new CISA Online Review Course
    • Serves both for exam preparation and as continuing professional education
    • Chapter incentive program offered
  • Converted sample questions on ISACA web site to on-line CISA self-assessment
item writing program
Item Writing Program
  • US$50 per accepted question
  • Earn 1 CPE hour for each accepted question
  • US$100 per accepted question offered when questions are accepted in areas of need for the exam

Continuing Education

  • Did you know…Active participation on an ISACA and/or ITGI board, committee, task force or active participation as an officer of an ISACA chapter earns one continuing professional education hour for each hour of active participation. (10-hour annual limitation)
cism certification facts
CISM Certification Facts

9,145 CISM Certifications have been awarded since 2003

Currently there are more than 8,000 active CISM members of ISACA

This year the total number of CISMs awarded will exceed 10,000

who are the cisms
Who are the CISMs?
  • Most CISMs are consultants (37%) or work in financial services (19%).
  • As expected most CISMs are directors(32%) or managers (22%).
  • 16% of CISMs have a “C” level title.
where cisms work
Where CISMs Work
  • CISMs primarily work in large organizations (34%) with 15,000 or more employees.
  • 30% of CISMs manage organizations whose security staff is larger than 25 individuals. 61% work in organizations having a security staff larger than 5 individuals.
years of professional experience
Years of Professional Experience
  • A large number of CISMs have more than 14 years of professional experience (63%). 84% report having 10 or more years of experience.
geographic representation
Geographic Representation

Member CISMs by ISACA Region


Central / South America

Europe / Africa

North America







cism exam registration by region
CISM Exam Registration by Region

December 07

June 08







South America


















countries with more than 40 cism exam takers june 08
Countries with more than 40 CISM Exam Takers (June 08)


North America

  • India
  • Singapore
  • United Arab Emirates
  • Canada
  • USA

Central / South America


  • Mexico
  • Australia

Europe / Africa

  • Germany
  • Spain
  • Nigeria
  • United Kingdom
cism languages june 08
CISM Languages June 08

This June the CISM Exam was offered in four

languages. For the first time it was available in










cism in the news
CISM in the News

IT professionals who obtained ISACA's information security managers certification (CISM) are in a better position to deal with the growing emphasis on business needs over technology, according to a recent survey of more than 1,400 CISMs in 83 countries. (CSO Magazine)

A report shows that formally certified security professionals on average are commanding about 10% to 15% higher salaries than noncertified individuals in comparable roles. Among the certification programs commanding the highest premiums were Certified Information Systems Auditor (CISA) and Certified Information Security Manager (CISM). (Computerworld)

CISM was listed as the 2nd highest paid certification in Certification Magazine’s 2007 salary survey.

recent significant cism certification board actions
Recent Significant CISM Certification Board Actions
  • Approved to certify professors who pass the CISM Exam and who have a minimum of 6 years experience in security management research and teaching.
ansi accreditation1
ANSI Accreditation

The American National Standards Institute (ANSI) has awarded accreditation under ISO/IEC 17024 to the Certified Information Security Manager (CISM) in 2005.

Accreditation by ANSI signifies that ISACA’s procedures meet ANSI’s essential requirements for openness, balance, consensus and due process.

Reaccredited in 2006 and 2007. Currently being assessed for 2008.

cism preparation related education activities
CISM Preparation Related Education Activities
  • Updated CISM Review instructor-led-training (ILT) course provided to ISACA chapters
    • Updated topics and notes
    • Added a course training guide
    • Added 100 question sample exam (sorted by domain and scrambled)
  • Recruited more than 100 CISM subject matter experts to participate in the development of the 2009 CISM Review Manual
  • Converted sample questions on ISACA web site to on-line CISM self-assessment
cism preparation related education activities1
CISM Preparation Related Education Activities
  • Modified the manner in which the CISM Questions, Answers and Explanations Manual and Supplement are developed to be more consistent with how the CISM Test Enhancement Committee develops questions
  • Recruited experienced CISM TEC members to participate in QAE development
cgeit certification current facts
CGEIT Certification Current Facts

364 CGEITs as of 26 June 2008

All certified via the grandfathering provision

Grandfathering provision ends 31 October 2008

requirements to become a cgeit under the grandfathering provision
Requirements to Become a CGEIT under the Grandfathering Provision

Until 31 October 2008, can apply for certification as a CGEIT without being required to pass the CGEIT examination. Requires:

  • 1. Submit evidence of appropriate work experience
  • 2. Agree to adhere to the ISACA Code of Professional Ethics
  • 3. Agree to comply with the CGEIT Continuing Professional Education Policy

Work Experience

In order to qualify for the CGEIT certification under the grandfathering provision an applicant must provide evidence of management, advisory or oversight experience associated with the governance of the IT-related contribution to an enterprise. Eight (8) years of such experience is required and is defined and described specifically by the CGEIT job practice domains and task statements. Specifically, an applicant must have:

  • a minimum of one year experience related to the development and/or maintenance of an IT governance framework (CGEIT domain one (1) see page V1) and;
  • additional broad experience directly related to any two or more of the remaining domains (CGEIT domains two (2) through six (6) see page V2)

Requirements to Become a CGEIT under the Grandfathering Provision

Advanced (post-graduate) degrees and certificates, up to three (3) of the eight years of required experience can be substituted as follows:

  • Two-Year Substitution—Other Management Experience: Up to two (2) years of experience may be substituted for other management experience gained that is not specific to IT governance (e.g. consulting, auditing, assurance or security management role that is unrelated to the CGEIT domains).
  • One-Year Substitution—Credentials, Advanced (post-graduate) Degrees and Certificates: One (1) year of experience may be substituted for each credential held (in good standing), advanced (post-graduate) degree or certificate program which includes an IT governance and/or management component or are specific to one or more of the CGEIT domains. These include:
    • Certified Information Systems Auditor (CISA) issued by ISACA
    • Certified Information Security Manager (CISM) issued by ISACA
    • Implementing IT Governance Using COBIT certificate issued by ISACA (available in 2008)
    • ITIL Service Manager certification program
    • Chartered Information Technology Professional (CITP) issued by the British Computer Society
    • Certified Information Technology Professional (CITP) issued by the American Institute of CPAs
    • Project Management Professional (PMP) issued by the Project Management Institute
    • Information Systems Professional (I.S.P.) issued by the Canadian Information Processing Society
    • Certified Internal Auditor (CIA) issued by the Institute of Internal Auditors
    • Certified Business Manager (CBM) issued by The Association of Professionals in Business Management
    • Advanced (post-graduate) degree from an accredited university in governance, information technology, information management or business administration
    • Prince2—Registered Practitioner certificate from the Office of Government Commerce
  • Applicants who have earned/acquired other credentials, advanced degrees and/or certificates that include a significant IT governance and/or information management component and are not listed above are welcome to submit them to the CGEIT Certification Board for consideration.

Current CGEITs

by ISACA Geographical Area

current cgeits other demographics
Current CGEITs – Other Demographics
  • 41% of CGEITs come from the technology services/consulting field
  • 23% of CGEITs work in the financial services industry
  • 82% of CGEITs have an Advanced Education Degree
    • 44% have an Masters Degree
    • 5% are Ph.D’s
cgeit grandfather applications and process
CGEIT Grandfather Applications and Process
  • 740 applications received as of 26 June 2008
  • Approval rate is 94%
  • Approvals require review and approval of CGEIT Certification Board members
  • Takes approximately 6-10 weeks to review
cgeit exam
  • Exam will be 120 multiple choice questions. Many questions will be scenario based.
  • Exam question emphasis based on CGEIT “job practice” survey”
  • Four hours provided to complete
  • Offered at the same time and same test locations as CISA and CISM
cgeit preparation materials
CGEIT Preparation Materials
  • Initially there will not be a CGEIT Review Manual or sample questions for exam preparation.
  • Reference list of key publications and periodicals is available at
  • References divided into primary and other
    • Primary references (should be used for study)
      • publications that address the CGEIT domains and the use of an IT governance framework
    • Other references (can be used for study)
      • Often address an aspect or approach to IT governance
isaca is recognized as a worldwide leader in what areas
ISACA is recognized as a worldwide leader in what areas?
  • IT Governance
  • Information Security
  • IT Assurance
what was the original name of isaca1
What was the original name of ISACA?

EDP Auditors Association

What is the new ISACA certification and what does the acronym stand for?CGEITCERTIFIED IN THE GOVERNANCE OF ENTERPRISE IT
what is the name of the research foundation that is funded by isaca1
What is the name of the research foundation that is funded by ISACA?

IT Governance Institute (ITGI)

how many members are currently on our chapter s board extra for first names1
How many members are currently on our chapter’s board? (Extra for first names.)


Brian Melissa

Mike B Schlaine

Chuck Chris

Matt Ryan

Rich Mike K