ISACA

From Wikipedia, the free encyclopedia
Jump to: navigation, search


ISACA is an international professional association focused on IT Governance. Previously known as the Information Systems Audit and Control Association, ISACA now goes by its acronym only, to reflect the broad range of IT governance professionals it serves.[1][2]

History[edit]

ISACA logo

The ISACA originated in the USA in 1967,[3] when a group of individuals working on auditing controls in computer systems started to become increasingly critical of the operations of their organizations. They identified a need for a centralized source of information and guidance in the field. In 1969, Stuart Tyrnauer, an employee of the (then) Douglas Aircraft Company, incorporated the group as the EDP Auditors Association (EDPAA).[4] Tyrnauer served as the body's founding chairman for the first three years. In 1976 the association formed an education foundation to undertake large-scale research efforts to expand the knowledge of and value accorded to the fields of governance and control of information technology.

The association became the Information Systems Audit and Control Association in 1994.[5]

By 2008 the organization had dropped its long title and branded itself as ISACA.[6]

Current status[edit]

ISACA currently serves more than 110,000 constituents (members and professionals holding ISACA certifications) in more than 180 countries. The job titles of members are such as IS auditor, consultant, educator, IS security professional, regulator, chief information officer and internal auditor. They work in nearly all industry categories. There is a network of ISACA chapters with more than 200 chapters established in over 180 countries. Chapters provide education, resource sharing, advocacy, networking and other benefits.

Major publications[edit]

Certifications[edit]

Certified Information Systems Auditor (CISA)[edit]

Certified Information Security Manager (CISM)[edit]

Certified in the Governance of Enterprise IT (CGEIT)[edit]

Certified in Risk and Information Systems Control (CRISC)[edit]

Certified in Risk and Information Systems Control (CRISC) is a certification for information technology professionals with experience in managing IT risks, awarded by ISACA. To gain this certification, candidates must pass a written examination and have at least eight years of information technology or business experience, with a minimum of three years work experience in at least three CRISC domains.[9]

The intent of the certification is to provide a common body of knowledge for information technology/systems risk management, and to recognize the knowledge of enterprise and IT risk that a wide range of IT and Business practitioners have acquired, as well as the capability to: design, implement and maintain information system (IS) controls, to mitigate IS/IT risks.

The CRISC requires demonstrated knowledge in five functional areas or ‘domains’ of IT risk management:[10]

  • Risk identification, assessment and evaluation
  • Risk response
  • Risk monitoring
  • Information systems control, design and implementation
  • IS control, monitoring and maintenance

See also[edit]

References[edit]

  1. ^ http://www.isaca.org/Content/NavigationMenu/About_ISACA/Overview_and_History/Overview_and_History.htm, ISACA Overview and History, Retrieved 12 November 2007
  2. ^ Vacca, John (2009). Computer and Information Security Handbook. Morgan Kaufmann Publications. Elsevier Inc. p. 600. ISBN 978-0-12-374354-1. 
  3. ^ http://www.isaca.org/Content/NavigationMenu/About_ISACA/Overview_and_History/Overview_and_History.htm, ISACA Overview and History, Retrieved 2 October 2007
  4. ^ Katsikas, Sokratis K. (2000). "A Postgraduate Programme on Information and Communication Systems Security". In Qing, Sihan; Eloff, Jan H. P. Information Security for Global Information Infrastructures. IFIP Advances in Information and Communication Technology 47. Springer. p. 50. ISBN 9780792379140. Retrieved 2013-05-23. "[...] the Information Systems Audit and Control Association (ISACA - formerly EDPAA) [...]" 
  5. ^ Gleim, Irvin N.; Hillison, William A.; Irwin, Grady M. (June 1995). Auditing & systems: objective questions and explanations. 1 6 (6 ed.). Gainesville, Florida: Accounting Publications. p. 37. ISBN 9780917537745. Retrieved 2013-05-24. "In 1994, the association changed its name to the Information Systems Audit and Control Association." 
  6. ^ Verschoor, Curtis C. (2008). Audit Committee Essentials. John Wiley & Sons. p. 205. ISBN 9780470337073. Retrieved 2013-05-24. "[...] ISACA - previously known as the Information Systems Audit and Control Association [...]" 
  7. ^ Standards, Guidelines and Procedures for information system auditing: http://www.isaca.org/Knowledge-Center/Standards/Documents/ALL-IT-Standards-Guidelines-and-Tools.pdf
  8. ^ Some ISACA standards in different languages: http://www.isaca.org/Knowledge-Center/Standards/Documents/Forms/AllItems.aspx
  9. ^ ISACA Website - How to Become CRISC Certified (retrieved 2011-07-01)
  10. ^ ISACA Website - CRISC Job Practice Areas (retrieved 2011-07-01)

External links[edit]