Get documents about "Central Ohio ISACA 20080911.ppt
Document Sample
ISACA UPDATE
Presented By: Brian O’Brien, CISA
Melissa Justice, CISA
Jotham Nyamari
Board Members of the
Central Ohio ISACA Chapter
Central Ohio Chapter Goals
Educational Programs
Local Training Opportunities
Professional Networking
Central Ohio Happenings
Monthly luncheons on 2nd Thursday of month.
• Board meets monthly (10 CPEs for chapter involvement).
Two (fall and spring) training seminars per year.
• Oracle Database Auditing on October 28-29.
CISA / CISM Training Courses.
Local Job Postings.
• Website / Newsletter ($35 per month).
Golf outing.
• Just occurred in August.
Holiday Party / Beulah Park.
• Scheduled for Saturday, November 1st.
Student Reduced Fees.
Central Ohio Chapter
Who’s Who?
International Update
Membership Benefits
Membership Publication
K-NET Knowledge
COBIT Community of Peers
Val IT Downloads
ITAF Career Center
Access to ISACA International’s website: http://www.isaca.org
Membership
Total ISACA membership worldwide: 77,093
3%
21%
Asia
4% Latin America
47% Europe/Africa
North America
25% Oceania
K-NET
ISACA’s Knowledge Network
Online database
Peer reviewed
More than 6,000 links
Member access to 200+ topics
in 13 subject areas
Fully searchable
Personalized tracking
www.isaca.org/knet
COBIT
COBIT Family of Products
COBIT 4.1
COBIT Online
COBIT Quickstart
COBIT Foundation Course
www.isaca.org/cobit
COBIT
COBIT Downloads
IT Assurance Guide: Using COBIT
IT Governance Implementation
Guide: Using COBIT and Val IT,
2nd Edition
COBIT Security Baseline
www.isaca.org/downloads
COBIT® Foundation
Course
Case Studies
Real-world Examples
Overview of COBIT Control Objectives, Control
Practices, Management Guidelines, and Audit
Guidelines
40 Sample Questions to Prepare for COBIT
Foundation Exam
8 Hours; $499
COBIT® Foundation
Course
Consists of 5 Modules:
Responding to IT Challenges
Introducing COBIT
What COBIT Provides
Applying COBIT in Practice
Products and Support Available from ITGI
Val IT
Provides guidance to:
Define relationships between IT and other
functions with governance responsibilities
Manage an organization’s portfolio of IT
investments
Maximize the quality of business cases for IT
investments
www.isaca.org/valit
ITAF
ITAFTM: A Professional Practices Framework for IT
Assurance
Provides guidance on the design, conduct and reporting of IT audit
and assurance assignments
Defines terms and concepts specific to IT assurance
Establishes standards that address IT audit and assurance
professional roles and responsibilities, knowledge, skills and
diligence, conduct, and reporting requirements
www.isaca.org/downloads
Publications
Information Systems Control Journal
Print and online versions
www.isaca.org/journal
Journal Online
Articles that supplement the journal
Online only
www.isaca.org/JOnline
Global Communiqué
Member newsletter
Online only
www.isaca.org/gcomm
Knowledge
ISACA Bookstore Discounts
Listservs Discussion Forums
Sarbanes-Oxley
COBIT
IT Governance
Information Security Management
General Topics
www.isaca.org/bookstore
Community of Peers
The Local Level: Your Chapter
Why you should get involved:
More than 170 chapters in 140
countries
Leadership opportunities
Networking
Professional growth
Positive impact on the local
business community
www.isaca.org/chapters
Community of Peers
The International Level: ISACA/ITGI
Why you should get involved:
Impressive global network of peer contacts
Shared expertise and learning
A personal role in the future of the association, as well as the
IT assurance, security and governance professions.
www.isaca.org/leadership
Downloads
Standards, Statements and Guidelines for IS
audit and control
Audit Programs and Internal Control
Questionnaires on more than 20 topics
IT Governance Institute research documents
and presentations
Free ITGI research publication downloads
including:
COBIT Security Baseline
Securing the Network Perimeter
Career Centre
ISACA Members Can Search for Jobs by
• Geography
• Professional Certification
• Experience Level
ISACA Members Can Store Resume or/and Post for
Employers
Receive E-mail When New Jobs Post
Career Centre
Employers Can Post Jobs
30 Day Listing for $295
60 Day Listing for $395
Posting is Immediate
Employers Can Search Resumes
http://jobs.isaca.org/
Comprehensive Student
Program
Reduction of student dues
$25
New member fee waived
All benefits delivered electronically
Many chapters reduce or waive chapter dues for
students
Student area of the web site
Student membership application
Eligibility and dues
Benefits of membership
IT Audit Basics articles
Education Around the World
CISA, CISM, and CGEIT
Certifications
CISA Certification
Current Facts
Certified the 60,000th CISA earlier this year
More than 45,000 current CISAs
A 2007 survey of ISACA members who hold the CISA
designation revealed:
94% value their CISA certification
72% agreed that CISA has advanced their career
Current CISAs by ISACA
Geographical Area
Oceania
3% Asia/Mid-East
25%
Central/South
America
4%
Europe/Africa
North America 21%
48%
Current CISAs (more than 500) by Country
19,396 USA 1,044 Australia
2,369 Canada 898 Germany
2,291 India 883 Singapore
2,205 Korea
870 Spain
1,794 Japan
1,719 UK 597 China
1,442 Hong Kong 541 South Africa
573 Netherlands
Exam Registrations
Past 12 Months
CISA Exam Registration
TOTAL
Asia 11,700
C/S America 750
Europe/Africa 6,600
N. America 7,100
Oceania 300
CISAs in the Workplace
More than:
9,000 serve as IT audit practitioners
9,000 serve as IS/IT audit directors, managers, or hold senior
positions
2,200 serve as chief audit executives (CAEs), audit partners
or audit heads
More than:
11,000 hold managerial or consulting positions in IT
operations or compliance
3,800 serve as CIOs, CISOs, security directors, security
managers
1,400 serve as the CEO or CFO of their organizations
Recent CISA Program
Recognition
CIO Magazine, SC Magazine and Foote Partners
research continually cite CISA as a credential that
earns top pay compared with other credentials
Certification Magazine’s 2007 salary survey ranked
CISA in the top five highest paying certifications
Salary for auditing certifications such as CISA
continue to be boosted by compliance requirements
and independent auditor control provisions
Recent Significant
CISA Certification Board Actions
Moved to Item Response Theory (IRT) method
of classifying and selecting exam items,
beginning with the June 2008 exam (see next
slide)
Reduced the administrative exam to 170 items
(graded) with additional blocks of 30 new
items (ungraded) used to gather performance
statistics
Recent Significant
CISA Certification Board Actions (continued)
Approved to discontinue any exam language that
averages less than 100 candidates annually over any
successive three-year period
Approved to allow a 1 year educational waiver for
achievement of a Master’s degree in Information
Systems or IT from an accredited university
Motion pending on approval of Polish as new CISA
exam language
Item Response
Theory (IRT) method
The IRT method of classifying exam items
allows the CISA Certification Board to:
Accumulate better statistics on item
performance
Score the exam more quickly
Select items to produce a desired level of
difficulty
Move to computer-based testing in the future
ANSI Accreditation
The American National Standards Institute
(ANSI) has awarded accreditation under
ISO/IEC 17024 to the CISA certification
program in 2005.
Accreditation by ANSI signifies that ISACA’s
procedures meet ANSI’s requirements for
openness, balance, consensus and due process.
Reaccredited in 2006 and 2007.
Currently being assessed for 2008.
CISA Preparation
Related Education Activities
Updated CISA Review instructor-led-training (ILT)
course provided to ISACA chapters
Updated topics and notes
Added a course training guide
Added 100 question sample exam (sorted by domain and
scrambled)
Introduced new CISA Online Review Course
Serves both for exam preparation and as continuing
professional education
Chapter incentive program offered
Converted sample questions on ISACA web site to
on-line CISA self-assessment
Item Writing Program
US$50 per accepted question
Earn 1 CPE hour for each accepted question
US$100 per accepted question offered when
questions are accepted in areas of need for the
exam
Continuing Education
Did you know…Active participation on an ISACA
and/or ITGI board, committee, task force or active
participation as an officer of an ISACA chapter earns
one continuing professional education hour for each
hour of active participation. (10-hour annual
limitation)
CISM
Certification Facts
9,145 CISM Certifications have been awarded
since 2003
Currently there are more than 8,000 active
CISM members of ISACA
This year the total number of CISMs awarded
will exceed 10,000
Who are the CISMs?
Most CISMs are consultants (37%) or work in
financial services (19%).
As expected most CISMs are directors(32%)
or managers (22%).
16% of CISMs have a “C” level title.
Where CISMs Work
CISMs primarily work in large organizations
(34%) with 15,000 or more employees.
30% of CISMs manage organizations whose
security staff is larger than 25 individuals.
61% work in organizations having a security
staff larger than 5 individuals.
Years of Professional
Experience
A large number of CISMs have more than 14
years of professional experience (63%). 84%
report having 10 or more years of experience.
Geographic
Representation
Member CISMs by ISACA Region
Asia 14.4%
Central / South America 3.4%
Europe / Africa 24.7%
North America 54.2%
Oceania 3.3%
CISM Exam
Registration by
Region
December 07 June 08 Total
Asia 527 556 1083
Central 152 124 276
South America
Europe 686 801 1487
Africa
North 825 838 1663
America
Oceania 64 65 129
Countries with more
than 40 CISM Exam
Takers (June 08)
Asia North America
•India •Canada
•Singapore •USA
•United Arab Emirates
Central / South America Oceania
•Mexico •Australia
Europe / Africa
•Germany
•Spain
•Nigeria
•United Kingdom
CISM Languages
June 08
This June the CISM Exam was offered in four
languages. For the first time it was available in
Korean.
English 90.7%
Spanish 6.0%
Japanese 3.0%
Korean 0.3%
CISM in the News
IT professionals who obtained ISACA's information security managers
certification (CISM) are in a better position to deal with the growing emphasis on
business needs over technology, according to a recent survey of more than
1,400 CISMs in 83 countries. (CSO Magazine)
A report shows that formally certified security professionals on average are
commanding about 10% to 15% higher salaries than noncertified individuals in
comparable roles. Among the certification programs commanding the highest
premiums were Certified Information Systems Auditor (CISA) and Certified
Information Security Manager (CISM). (Computerworld)
CISM was listed as the 2nd highest paid certification in Certification
Magazine’s 2007 salary survey.
Recent Significant
CISM Certification Board Actions
Approved to certify professors who pass the
CISM Exam and who have a minimum of 6
years experience in security management
research and teaching.
ANSI Accreditation
The American National Standards Institute (ANSI)
has awarded accreditation under ISO/IEC 17024 to
the Certified Information Security Manager (CISM)
in 2005.
Accreditation by ANSI signifies that ISACA’s
procedures meet ANSI’s essential requirements for
openness, balance, consensus and due process.
Reaccredited in 2006 and 2007. Currently being
assessed for 2008.
CISM Preparation
Related Education Activities
Updated CISM Review instructor-led-training (ILT)
course provided to ISACA chapters
Updated topics and notes
Added a course training guide
Added 100 question sample exam (sorted by domain and
scrambled)
Recruited more than 100 CISM subject matter
experts to participate in the development of the 2009
CISM Review Manual
Converted sample questions on ISACA web site to
on-line CISM self-assessment
CISM Preparation
Related Education
Activities
Modified the manner in which the CISM
Questions, Answers and Explanations Manual
and Supplement are developed to be more
consistent with how the CISM Test
Enhancement Committee develops questions
Recruited experienced CISM TEC members to
participate in QAE development
CGEIT
Certification Current Facts
364 CGEITs as of 26 June 2008
All certified via the grandfathering
provision
Grandfathering provision ends 31 October
2008
Requirements to Become a
CGEIT under the Grandfathering Provision
Until 31 October 2008, can apply for certification as a CGEIT without being required to
pass the CGEIT examination. Requires:
1. Submit evidence of appropriate work experience
2. Agree to adhere to the ISACA Code of Professional Ethics
3. Agree to comply with the CGEIT Continuing Professional Education Policy
Work Experience
In order to qualify for the CGEIT certification under the grandfathering provision an
applicant must provide evidence of management, advisory or oversight experience
associated with the governance of the IT-related contribution to an enterprise. Eight (8)
years of such experience is required and is defined and described specifically by the
CGEIT job practice domains and task statements. Specifically, an applicant must
have:
a minimum of one year experience related to the development and/or maintenance
of an IT governance framework (CGEIT domain one (1) see page V1) and;
additional broad experience directly related to any two or more of the remaining
domains (CGEIT domains two (2) through six (6) see page V2)
Requirements to Become a
CGEIT under the Grandfathering Provision
Advanced (post-graduate) degrees and certificates, up to three (3) of the eight years of required experience can be substituted as
follows:
Two-Year Substitution—Other Management Experience: Up to two (2) years of experience may be substituted for other
management experience gained that is not specific to IT governance (e.g. consulting, auditing, assurance or security
management role that is unrelated to the CGEIT domains).
One-Year Substitution—Credentials, Advanced (post-graduate) Degrees and Certificates: One (1) year of experience may be
substituted for each credential held (in good standing), advanced (post-graduate) degree or certificate program which includes
an IT governance and/or management component or are specific to one or more of the CGEIT domains. These include:
Certified Information Systems Auditor (CISA) issued by ISACA
Certified Information Security Manager (CISM) issued by ISACA
Implementing IT Governance Using COBIT certificate issued by ISACA (available in 2008)
ITIL Service Manager certification program
Chartered Information Technology Professional (CITP) issued by the British Computer Society
Certified Information Technology Professional (CITP) issued by the American Institute of CPAs
Project Management Professional (PMP) issued by the Project Management Institute
Information Systems Professional (I.S.P.) issued by the Canadian Information Processing Society
Certified Internal Auditor (CIA) issued by the Institute of Internal Auditors
Certified Business Manager (CBM) issued by The Association of Professionals in Business Management
Advanced (post-graduate) degree from an accredited university in governance, information technology, information
management or business administration
Prince2—Registered Practitioner certificate from the Office of Government Commerce
Applicants who have earned/acquired other credentials, advanced degrees and/or certificates that include a significant IT
governance and/or information management component and are not listed above are welcome to submit them to the CGEIT
Certification Board for consideration.
Current CGEITs in the
Workplace
C-Suite
16% 21%
IT Dir/Man/Cons
9% IT Audit
Dir/Man/Cons
Sec
12% Dir/Man/Cons
28% Compl/Risk
Dir/Man/Cons
14% Other
CGEIT Job Roles
CONSTITUENT ROLES KEY RESPONSIBILITY
BUSINESS and IT MANAGEMENT Oversee the development & maintenance of
the IT strategic plan and develop control
frameworks.
PROJECT MANAGEMENT Controlling the delivery of IT
programs/projects to the business
AUDIT & ASSURANCE RELATED Monitor & review the enforcement of policy
POSITIONS compliance, both internal and external.
SECURITY RELATED POSITIONS Oversee the development & maintenance of
the information security strategy, plan and
program
IS/IT RELATED POSITIONS Managing enterprise architecture including
infrastructure and applications.
RISK MANAGEMENT Oversee the development & maintenance of
the risk strategy, plan & program.
Current CGEITs
by ISACA Geographical Area
Oceania Asia/Mid-East
1% 15% Cen/South
America
5%
North America Europe/Africa
58% 21%
Current CGEITs
(10 or more) by
Country
188 USA
20 Canada
14 Japan
10 Belgium
10 UK
10 Spain
Current CGEITs –
Other Demographics
41% of CGEITs come from the technology
services/consulting field
23% of CGEITs work in the financial services industry
82% of CGEITs have an Advanced Education Degree
44% have an Masters Degree
5% are Ph.D’s
CGEIT
Grandfather Applications and Process
740 applications received as of 26 June 2008
Approval rate is 94%
Approvals require review and approval of
CGEIT Certification Board members
Takes approximately 6-10 weeks to review
CGEIT Exam
Exam will be 120 multiple choice questions. Many
questions will be scenario based.
Exam question emphasis based on CGEIT “job
practice” survey”
Four hours provided to complete
Offered at the same time and same test locations as
CISA and CISM
CGEIT Exam
Domain Percentages
25% IT Gov Framework
12%
Strategic
Alignment
13%
Value Delivery
Risk Management
15%
Resource
20% Management
Performance
15% Measurement
CGEIT Preparation
Materials
Initially there will not be a CGEIT Review Manual
or sample questions for exam preparation.
Reference list of key publications and periodicals is
available at www.isaca.org/cgeitreferences
References divided into primary and other
Primary references (should be used for study)
• publications that address the CGEIT domains and the
use of an IT governance framework
Other references (can be used for study)
• Often address an aspect or approach to IT governance
Trivia
ISACA is recognized as a
worldwide leader in what three
areas?
ISACA is recognized as a worldwide
leader in what areas?
IT Governance
Information Security
IT Assurance
What year was ISACA founded?
What year was ISACA founded?
1969
What was the original name of
ISACA?
What was the original name of
ISACA?
EDP Auditors Association
What is the new ISACA slogan
listed on the new ISACA logo?
What is the new ISACA slogan
listed on the new ISACA logo?
Serving IT Governance Professionals.
What year was the Central Ohio
chapter founded?
What year was the Central Ohio
chapter founded?
1978
What is the name of the technical
journal ISACA publishes?
What is the name of the technical
journal ISACA publishes?
Information Systems Control Journal
What is the new ISACA certification and
what does the acronym stand for?
What is the new ISACA certification and what
does the acronym stand for?
CGEIT
CERTIFIED IN THE GOVERNANCE OF
ENTERPRISE IT
What is the name of the research
foundation that is funded by ISACA?
What is the name of the research
foundation that is funded by ISACA?
IT Governance Institute (ITGI)
What is the name of the membership
newsletter distributed by ISACA?
What is the name of the membership
newsletter distributed by ISACA?
Global Communiqué
How many members are currently on our
chapter’s board? (Extra for first names.)
How many members are currently on our chapter’s
board? (Extra for first names.)
11
Brian Melissa
Mike B Schlaine
Chuck Chris
Matt Ryan
Rich Mike K
Joseph
