Thursday, 26 January 2017

Value of ISACA Certifications in Business World: CISA, CISM, CGEIT, CRISC



ISACA offers certifications in systems auditing, security management and IT governance and risk. It's a professional association and previously known as Information Systems Audit and Control Association. ISACA certifications are vendor-neutral and job role specific having tasks and knowledge statements.

Apart from the four mainstream certifications ISACA also offers the Cybersecurity Nexus, a comprehensive set of resources for cybersecurity professionals, and COBIT, a business framework that helps enterprises govern and manage their IT.

ISACA Certification exam information CISA, CISM, CGEIT, CRISC:

Total Questions: 150 (from 2017 onwards all exams have 150 questions)
Maximum Exam Time: 4 hours

Minimum Passing score: 450 out of 800

Exam Format: Computer based testing (CBT) from 2017 onwards. Till Dec 2016 all ISACA exams were paper and pencil exam. You have to choose the best answer from all four options given in the question.

Exam Cost: ISACA Member: US $575 and Non-member: US $760.
Registering for exam as a ISACA member is more cheaper even after paying annual membership fees. Exam discount is also available for early registration.

Exam retake discount: ISACA usually provide discount code to encourage candidates to retake the certifications if they fail in earlier exam attempt.

Exam location: Worldwide testing centers

What do you need on the day of exam: Valid Photo ID card and exam ticket

Exam Reschedule: Exam can be rescheduled at least 72 hours before the scheduled exam date and time with valid justification.

Exam questions: Questions have multiple choices with four options. You have to choose the Best or Most likely answer.

Exam Result: Candidates will receive a preliminary test result after the completion of their exam. Same as in case of any computer based certification exam. Official exam result will come via email within 10 working days of the exam.

Benefit of becoming ISACA certified: It will give a major boost to your career and earning potential. It demonstrates your capability to assess vulnerabilities, IT Risks & Controls, Security threats, IT Governance issues, understand IS Programs and operations within the enterprise.

ISACA Journal - Free download 

Average Salary of ISACA certified: It varies according to the experience and level in the organization. You can see salary statistics from PayScale.com. Salary offering to certified candidates are one of the best in the industry. Average salary starting range is US$60000 and goes to USD 250000 per annum or higher. People with impeccable skill at the senior management level (CISO/Audit Directors) can get in the range of US $300K to $400K per annum. 

Jobs portal search results shows huge demand for ISACA certifications. You can search in any job portal like Indeed, SimplyHired, Monster, efiniancialCareers, jobstreet, TechCareer, Linkedin Jobs, CWjobs etc. Combined jobs for these portals will be somewhere around easily in the range of 50000 to 80000 for each ISACA certification at any point of time.

1. Certified Information Systems Auditor (CISA)

The CISA designation is a globally recognized certification for IS audit control, assurance, and security professionals.

Eligibility: Five (5) or more years of experience in IS audit, control, assurance, or security. Waivers are available for a maximum of three (3) years.

Domain 1— The Process of Auditing Information Systems (21%)
Domain 2— Governance and Management of IT (16%)
Domain 3— Information Systems Acquisition, Development and Implementation (18%)
Domain 4— Information Systems Operations, Maintenance and Service Management (20%)
Domain 5— Protection of Information Assets (25%)

Books and study Resource:
CISA David-L.-Cannon
CISA Review Manual 26th Edition
CISA Review Questions, Answers & Explanations Manual 11th Edition

2. Certified Information Security Manager (CISM)

CISM is a top most credential for IT security professionals responsible for managing, developing and overseeing information security systems and programs in enterprise-level applications and developing best organizational security practices.

Eligibility: Five (5) or more years of experience in information security management. Waivers are available for a maximum of two (2) years

Domain 1— Information Security Governance (24%)
Domain 2— Information Risk Management (30%)
Domain 3— Information Security Program Development and Management (27%)
Domain 4— Information Security Incident Management (19%)

Books and study Resource:
CISM Review Manual
CISM Review Questions, Answers & Explanations Manual
Complete Guide to CISM Certification
CISM Information Security Manager Flashcards - Free download

3. Certified in the Governance of Enterprise IT (CGEIT)
CGEIT recognizes a wide range of professionals for their knowledge and application of enterprise IT governance principles and practices.

Five (5) or more years of experience managing, serving in an advisory or oversight role, and/or otherwise supporting the governance of the IT-related contribution to an enterprise including a minimum of one year of experience relating to the definition, establishment and management of a Framework for the Governance of IT. There are no substitutions or experience waivers.

Domain 1— Framework for the Governance of Enterprise IT (25%)
Domain 2— Strategic Management (20%)
Domain 3— Benefits Realization (16%)
Domain 4— Risk Optimization (24%)
Domain 5— Resource Optimization (15%)

Books and Study Resource:
CGEIT Review Manual 7th Edition
CGEIT Review Questions, Answers & Explanations Manual 4th Edition
Easy Guide: CGEIT Certified in the Governance of Enterprise IT: Questions and Answers

4. Certified in Risk and Information Systems Control (CRISC)
CRISC certification is designed for those experienced in the management of IT risk, and the design, implementation, monitoring and maintenance of IS controls.

Three (3) years of work experience managing IT risk by designing and implementing IS controls, including experience across at least two (2) CRISC domains, of which one must be in Domain 1 or 2, is required for certification. There are no substitutions or experience waivers.

Domain 1— IT Risk Identification (27%)
Domain 2— IT Risk Assessment (28%)
Domain 3— Risk Response and Mitigation (23%)
Domain 4— Risk and Control Monitoring and Reporting (22%)

Books and Study Resource:
CRISC Review Manual 6th Edition
CRISC Review Questions, Answers & Explanations Manual 4th Edition
CRISC Certified in Risk and Information Systems Control All-in-One Exam Guide
CRISC Certified in Risk and Information Systems Control Certification Exam ExamFOCUS Study Notes & Review Questions

Final words...
ISACA certifications exams are very valuable for the career development, promotion, job change, salary hike and enhancing your creditability in the community. Remember these certifications are tough as well as costly so don't take chances in your preparation for exam. It highly recommended to study little extra than what you might have planned earlier to comfortably pass your exam.

It's not a rocket science. Just grab the books and start preparing.
BEST OF LUCK GUYS..