05/02/2013

ISACA
Trustin,andvaluefrom,informationsystems

www.isaca.org

2013CISA Course Introduction

www.isaca.org/cisa

05/02/2013

ISACAFacts

Foundedin1969astheEDPAuditors Association Since1978,CISAhasbeenaglobally acceptedstandardofcompetency amongISaudit,control,assurance andsecurityprofessionals. Morethan95,000membersinover 160countries Morethan190chaptersworldwide

ANSIAccreditation

TheAmericanNationalStandardsInstitute (ANSI)hasaccreditedtheCISAcertification underISO/IEC17024:2003. AccreditationbyANSIsignifiesthatISACAs proceduresmeetANSIsessentialrequirements foropenness,balance,consensusanddue process.

05/02/2013

CISACertificationDetails
www.isaca.org/cisa

WhyBecomeaCISA?

EnhancedKnowledgeandSkills Todemonstrateyourwillingnesstoimproveyourtechnical knowledgeandskills Todemonstratetomanagementyourproficiencytoward organizationalexcellence CareerAdvancement Toobtaincredentialsthatemployersseek Toenhanceyourprofessionalimage WorldwideRecognition Tobeincludedwithover90,000otherprofessionalswhohave gainedtheCISAdesignationworldwide

05/02/2013

CISAintheWorkplace
Nearly2,500areemployedinorganizationsastheCEO,CFOor equivalentexecutiveposition. Morethan2,000serveaschiefauditexecutives,auditpartnersor auditheads. Over2,200serveasCIOs,CISOs,orchiefcompliance,riskorprivacy officers. Almost8,200areemployedassecuritydirectors,managersor consultantsandrelatedstaff. Morethan10,400areemployedasITdirectors,managers, consultantsandrelatedstaff. Nearly27,000serveasauditdirectors,managersorconsultantsand auditors(ITandnonIT). Over7,800areemployedinmanagerial,consultingorrelated positionsinIToperationsorcompliance.

RecentCISAProgram Recognitions

SCMagazineselectedCISAagainasafinalistofthe2012Best ProfessionalCertificationProgramintheProfessionalAwards category.CISAwasnamedafinalistbyapanelof22chief informationsecurityofficers(CISOs)atmajorcorporationsand largepublicsectororganizations. CISAwasnamedinthetopfiveofFootePartners2011 semiannualHOTLISTForecastofITskillsandcertifications thatwillincreaseinvalueoverthenextsixmonths.

05/02/2013

RecentCISAProgram Recognitions
The WorldLotteryAssociation(WLA)hasrecognizedISACAs CISAandCISMascertificationsthatarerequiredforsomeone tobeaWLAauditor.TheWLAsGuidetoCertificationforthe WLASecurityControlStandarddetailsthatacertification auditorseekingaccreditationfromtheWLAtoconductWLA SCScertificationauditsshouldbeactivelyinvolvedinthe businessofinformationsystems,beeitherISO/IEC27001:2005 leadauditorcertified,oranITsecurityexpertorITauditor,as certifiedbyaninternationallyrecognizedcertificationbody, possessexperienceinthelotterysectorofreasonableduration andholdoneormoredesignationsofwhichtheCISAand CISMcertificationsqualify.

OtherCISAProgram Recognitions
TheUSDepartmentofDefenseincludesCISAinitslistofapproved certificationsforitsinformationassuranceprofessionals. InIndia,boththeNationalStockExchangeandtheIndianComputer EmergencyResponseTeam(CERTIN)requireCISAcertificationfor employeestocarryoutsecurityaudits. AllassistantexaminersemployedbytheFederalReserveBanksmust passtheCISAexaminationbeforetheyareeligibleforcommissioning. TheNationalAssociationofInsuranceCompanies(NAIC)includes CISAamongtheapprovedcertificationsforqualifiedITexaminers. Moreinformationmaybefoundatwww.isaca.org/recognitions

05/02/2013

CISAs by Area

CISAJobPracticeAreas
(Effective2011)

Domain1 TheProcessofAuditingInformationSystems(14%)
ProvideauditservicesinaccordancewithITauditstandardstoassistthe organizationinprotectingandcontrollinginformationsystems.

Domain2 GovernanceandManagementofIT(14%)
Provideassurancethatthenecessaryleadershipandorganizationstructureand processesareinplacetoachieveobjectivesandtosupporttheorganization's strategy.

Domain3 InformationSystemsAcquisition,Development,and Implementation (19%)

Provideassurancethatthepracticesfortheacquisition,development,testing, andimplementationofinformationsystemsmeettheorganizationsstrategies andobjectives.

05/02/2013

CISAJobPracticeAreas
(Effective2011) (continued)

Domain 4 Information Systems Operations, Maintenance and Support 23%

Provide assurance that the processes for information systems operations, maintenance and support meet the organizations strategies and objectives.

Domain 5 Protection of Information Assets 30%

Provide assurance that the organizations security policies, standards, procedures and controls ensure the confidentiality, integrity and availability of information assets.

www.isaca.org/cisajobpractice

CISACertification Requirements
EarnapassingscoreontheCISAExam Submitverifiedevidenceofaminimumoffiveyears ofverifiableISaudit,controlorsecurityexperience (substitutionsavailable) SubmittheCISAapplication(within5yearsof passingdate)andreceiveapproval AdheretotheISACACodeofProfessionalEthics AbidebyISAuditingStandards asadoptedbyISACA Complywithcontinuingprofessionaleducation policy

05/02/2013

Administrationof theCISAExam
2012ExamDates:
Saturday8June2013 Saturday14December2012 TheCISAexamisofferedin11languagesandatover240 locationsworldwide OfferedineverycitywherethereisanISACAchapterora largeinterestinindividualssittingfortheexam Passingmarkof450onacommonscaledscaleof200to 800

2013RegistrationFees Exam:8June2013
EarlyRegistration Onorbefore13February2013:
ISACAMember:US$485.00(less$75ifonlinereg.) NonMember:US$660.00(less$75ifonlinereg.)

FinalRegistration After13February,butonorbefore12April2013:
ISACAMember:US$535.00(less$75ifonlinereg.) NonMember:US$710.00(less$75ifonlinereg.)

RegisterOnlineatwww.isaca.org/examreg andsave$$
OnlineregistrationviatheISACAwebsiteisencouraged,as candidateswillsaveUS$75.NonmemberscanjoinISACAatthe sametime,whichmaximizestheirsavings.
Examregistrationfeesmustbepaidinfulltositfortheexams.Thosewhoseexam registrationfeesarenotpaidwillnotbesentanexamadmissionticketandtheir registrationwillbecancelled.

05/02/2013

2013RegistrationFees Exam:14December2013
EarlyRegistration Onorbefore21August2013:
ISACAMember:US$445.00(less$75ifonlinereg.) NonMember:US$595.00(less$75ifonlinereg.)

FinalRegistration After21August,butonorbefore25October2013:
ISACAMember:US$495.00(less$75ifonlinereg.) NonMember:US$645.00(less$75ifonlinereg.)

RegisterOnlineatwww.isaca.org/examreg andsave$$
OnlineregistrationviatheISACAwebsiteisencouraged,as candidateswillsaveUS$50.NonmemberscanjoinISACAatthe sametime,whichmaximizestheirsavings.
Examregistrationfeesmustbepaidinfulltositfortheexams.Thosewhoseexam registrationfeesarenotpaidwillnotbesentanexamadmissionticketandtheir registrationwillbecancelled.

BulletinofInformation andRegistrationForm
ThereisaBulletinofInformation foreachexam administrationforeachexam. TheCISABulletinofInformation canbedownloadedfromthe ISACAwebsiteat:www.isaca.org/cisaboi Isavailablein11languages. Bulletinincludes:
Requirementsforcertification Examdescription Registrationinstructions Testdateprocedures Scorereporting Testcenterlocations Registrationforms

05/02/2013

TypesofQuestionson theCISAExam

Examconsistsof200multiplechoicequestions administeredoverafourhourperiod Questionsaredesignedtotestpractical knowledgeandexperience Questionsrequirethecandidatetochooseone bestanswer Everyquestionorstatementhasfouroptions (answerchoices)

QualityoftheExam Ensuredby:
JobPracticeAnalysisStudy: Determinescontent TestDevelopmentStandards: Ensureshighstandardsforthe developmentandreviewofquestions ReviewProcess: Providestworeviewsofquestionsby independentcommitteesbeforeacceptanceintopool PeriodicPoolCleaning: Ensuresthatquestionsinthepoolare uptodatebycontinuouslyreviewingquestions StatisticalAnalysisofQuestions: Ensuresqualityquestions andgradingbyanalyzingexamstatisticsforeachlanguage

10

05/02/2013

2013StudyMaterials

ISACAMembers

NonMembers

CandidatesGuidetotheCISAExam.freetoeachpaidregistrant (canalsobedownloadedatwww.isaca.org/cisaguide) CISAReviewManual2013..(US)$105.00..(US)$135.00 CISAReviewQuestions,Answers&...........(US)$100.00.(US)$130.00 ExplanationsManual2013 CISAReviewQuestions,Answers&...........(US)$40.00(US)$60.00 ExplanationsManual2013Supplement CISAPracticeQuestionDatabaseV13.(US)$185.00.(US)$225.00

HowtoDevelopa CISAStudyPlan Aproperstudyplanconsistsofseveralsteps:

Selfappraisal Determinationofthetypeofstudyprogram Havinganadequateamountoftimetoprepare Maintainingmomentum Readinessreview Becomeinvolvedinyourlocalchapterandexplore networkingopportunitiesandstudygroups.

11

05/02/2013

HowtoStudyfor theCISAExam
ReadtheCandidatesGuidethoroughly StudytheCISAReviewManual WorkthroughtheCISAReviewQuestions,Answers& ExplanationsManual,SupplementandCD ParticipateinanISACAChapterReviewCourse Readliteratureinareaswhereyouneedtostrengthenskills Spendtimestudyingthecomplementofyourfield:Ifexternal auditor,studyISauditfromtheinternalauditperspectiveand viceversa Joinororganizestudygroups TaketheISACAonlinereviewcourse,availableat www.isaca.org/elearningcampus.

Applicationfor Certification
Isavailableatwww.isaca.org/cisaapp Contains:
Requirementsforcertification CodeofProfessionalEthics Instructionsforcompletionofform.Translatedinstructions arealsoavailableatwww.isaca.org/cisaapp. Verificationofworkexperienceforapplicantform CISAapplicationform

12

05/02/2013

CISAContinuingProfessional Education(CPE)PolicyDetails
www.isaca.org/cisacpepolicy

ContinuingProfessional Education(CPE)Requirements
Oncecertified,thecertificationmustberenewedannually.Maintainingthe certificationrequires: Earningandreportinganannualminimumof20hoursofcontinuing professionaleducation Earningandreportingaminimumof120hoursofcontinuingeducation foreachfixedthreeyearperiod(each3yearcycle) Paytheannualcertificationmaintenancefee Respondandsubmitrequireddocumentationofcontinuingeducation activitiesifselectedforanannualaudit ComplywiththeISACACodeofProfessionalEthics (www.isaca.org/ethics)

ISACAmembershipprovidesmanyCPEopportunitieswhichcanassistyou withmeetingthisrequirement.Formoredetailsvisitwww.isaca.org/cpe.

13

05/02/2013

ISACACodeof ProfessionalEthics
ISACAsetsforththisCodeofProfessionalEthicstoguidetheprofessionalandpersonal conductofmembersoftheassociationand/oritscertificationholders.Failuretocomply withthisCodeofProfessionalEthicscanresultinaninvestigationintoamember'sor certificationholder'sconductand,ultimately,indisciplinarymeasures.

Members and ISACA certification holders shall: 1. Supporttheimplementationof,andencouragecompliancewith, appropriatestandardsandproceduresfortheeffectivegovernanceand managementofenterpriseinformationsystemsandtechnology, including: audit,control,securityandriskmanagement. 2. Performtheirdutieswithobjectivity,duediligenceandprofessionalcare, inaccordancewithprofessionalstandards. 3. Serveintheinterestofstakeholdersinalawfulmanner,whilemaintaining highstandardsofconductandcharacter,andnot discreditingthe professionortheAssociation.

ISACACodeof ProfessionalEthics
(continued)

MembersandISACAcertificationholdersshall: 4.Maintaintheprivacyandconfidentialityofinformationobtainedinthe courseoftheiractivitiesunlessdisclosureisrequiredbylegalauthority. Suchinformationshallnotbeusedforpersonalbenefitorreleasedto inappropriateparties. 5.Maintaincompetencyintheirrespectivefieldsandagreetoundertakeonly thoseactivitiestheycanreasonablyexpecttocompletewiththenecessary skills,knowledgeandcompetence. 6. Informappropriatepartiesoftheresultsofworkperformed;revealingall significantfactsknowntothem. 7. Supporttheprofessionaleducationofstakeholdersinenhancingtheir understandingofthegovernanceandmanagementofenterprise informationsystemsandtechnology,including: audit,control,securityand riskmanagement. www.isaca.org/ethics

14

05/02/2013

Wanttoknowmore? Pleasecontactusat:

ISACA 3701AlgonquinRoad Suite1010 RollingMeadows,IL60008USA Phone:+1.847.660.5660 Fax:+1.847.253.1443 Email:certification@isaca.org Website:www.isaca.org

15