In the past, the technology managers were more concerned with implementing strong password policy and felt that they were safe. Now-a-days threats are coming in the form of identification theft, corporate espionage through weak doors, viruses that shut down corporate communication, hackers who can damage records – the list goes on. Certifications provide a way to expand and/or demonstrate professional expertise. The profession of information security has seen an increased demand for professionals who are experienced in network security auditing, penetration testing and digital forensics investigation. The increased demand for security professionals is one of the reasons why many of the highest paying technical certifications have a security focus. A wide variety of certifications are available in security and related disciplines.
Certified Information Systems Auditor (CISA)
CISA exam is a professional certification for Information Technology Audit professionals sponsored by ISACA, formerly the Information Systems Audit and Control Association. Candidates for the certification must meet requirements set by ISACA on educational qualification and professional experience.
The CISA certification covers subject matter in a variety of Information Security topics. The CISA examination is based on a series of job practices. Effective from June 2011, ISACA has identified the new CISA job practice, which reflects the vital and evolving responsibilities of IT auditors to be:
• Domain 1 - The Process of Auditing Information Systems (14%)
• Domain 2 - Governance and Management of IT (14%)
• Domain 3 - Information Systems Acquisition, Development and Implementation (19%)
• Domain 4 - Information Systems Operations, Maintenance and Support (23%)
• Domain 5 - Protection of Information Assets (30%)
-Successfully complete the CISA Examination
-Adhere to the Information Systems Audit and Control Association's Code of Professional Ethics
-Submit evidence of a minimum of five (5) years of professional information systems (IS) auditing, control or security work experience. Substitution and waivers of such experience applies
-Adhere to a continuing education program."
For further information visit www.isaca.org
Control Objectives for Information and Related Technology (COBIT)
Control Objectives for Information and Related Technology (COBIT 2019) is a framework created by ISACA for information technology (IT) management and IT governance. It is a supporting toolset that allows managers to bridge the gap between control requirements, technical issues and business risks.
COBIT 5 was released in the year April 2012.COBIT 5 consolidates and integrates the COBIT 4.1, Val IT 2.0 and Risk IT frameworks and draws from ISACA's IT Assurance Framework (ITAF) and the Business Model for Information Security (BMIS). COBIT 5 is the only business framework for the governance and management of enterprise IT. This evolutionary version incorporates the latest thinking in enterprise governance and management techniques, and provides globally accepted principles, practices, analytical tools and models to help increase the trust in, and value from, information systems. COBIT 5 builds and expands on COBIT 4.1 by integrating other major frameworks, standards and resources, including ISACA’s Val IT and Risk IT, Information Technology Infrastructure Library (ITIL®) and related standards from the International Organization for Standardization (ISO).
The components of COBIT include the following:
• Framework: Organize IT governance objectives and good practices by IT domains and processes, and links them to business requirements
• Process descriptions: A reference process model and common language for everyone in an organization. The processes map to responsibility areas of plan, build, run and monitor.
• Control objectives: Provide a complete set of high-level requirements to be considered by management for effective control of each IT process.
• Management guidelines: Help assign responsibility, agree on objectives, measure performance and illustrate interrelationship with other processes
• Maturity models: Assess maturity and capability per process and helps to address gaps.
COBIT 5 is based on the following five key principles for governance and management of enterprise IT:
• Principle 1: Meeting Stakeholder Needs
• Principle 2: Covering the Enterprise End-to- End
• Principle 3: Applying a Single, Integrated Framework
• Principle 4: Enabling a Holistic Approach
• Principle 5: Separating Governance From Management
For further information visit http://www.isaca.org/COBIT/Pages/default.aspx.