Your Passport
to Success.
Put yourself and your organization
certifications.
enough to ensure sound IT governance and By hiring or retaining the services of a CISA, an organization has invested in a
professional who:
provide business value. To benefit most from S Has met the stringent requirements of a globally recognized credential
S Demonstrates IT audit, security and control knowledge and skill
the information that is the lifeblood of your S Commits to ongoing professional development
organization, it is essential to have an IT The CISA program requires certified individuals to:
S Acquire five years of IT audit, security or control experience
S Pass a rigorous exam
governance strategy, assurance program and
S Comply with annual requirements for continuing professional education
information security program aligned with Individuals who have audit, control and/or security responsibilities will find the
CISA designation an enhancement to their current knowledge and skills. CISAs have
business goals and capable of effectively experience providing assurance that:
S IS audits are conducted in accordance with standards, guidelines
managing risk. Employing experienced IT and best practices
S The organization can achieve corporate governance of IT
audit and security professionals can help S Systems and infrastructure life cycle management meets the
organization’s objectives
ensure your organization’s success. S IT service management practices meet the organization’s objectives
S An organization’s security architecture ensures confidentiality, integrity and
availability of information assets
S Disaster recovery and business continuity plans will ensure timely resumption
of IT services while minimizing the business impact
The CISA program, global in scope and recognition, is the only certification program
devoted exclusively to IT audit, control and security. More than 55,000 individuals
worldwide have earned the highly prized and respected CISA designation.
CISAs Are Current and Future Leaders S In recognition of the specialized knowledge that CISAs have acquired, the Institute
of Internal Auditors (IIA) waives a part of the Certified Internal Auditor (CIA) exam
Many CISAs achieve certification early in their IT careers and continue to affirm its
for CISAs.
value by maintaining their certification as they advance within their organizations.
S Many enterprises require or highly encourage their staff to attain the CISA
A current profile of CISAs demonstrates the increasing managerial influence and
certification as a condition of employment.
authority achieved by CISAs within their organizations:
S More than 1,400 CISAs are now employed in organizations as the chief executive “CISAs represent an exclusive group of IT auditing professionals that
officer, chief financial officer or an equivalent executive position. desire to take IT to the highest standard possible. They are globally
S More than 2,300 serve as chief audit executives, audit partners or audit heads. accepted and highly regarded. It is truly an honor to be among them.”
S More than 3,500 serve as chief information officers, chief information security Susanna Chiu, CISA
Chief Operations Officer, Li & Fung (Trading) Ltd., Hong Kong
officers, security directors, security managers or consultants.
S More than 5,400 serve as audit directors, managers or consultants.
S Nearly 13,000 additional CISAs are currently employed in managerial or
CISA Complies With International Standards
consulting positions in IT operations or compliance. ISACA has earned the prestigious ISO/IEC 17024 accreditation
for its CISA credential program from the International
This strong representation in enterprise leadership is testimony to the importance of ANSI Accredited Program
the knowledge, skills and recognition achieved by CISA-certified professionals. Organization for Standardization (ISO) US representative, PERSONNEL CERTIFICATION
#0694
the American National Standards Institute (ANSI). ISO/IEC 17024
The Certified Information Security Manager® (CISM®) designation focuses on the CISMs Are Current and Future Leaders
management of information security. The CISM certification ensures that information
A true indication of the individual and industry importance placed on any credential is
security professionals, and specifically information security managers, have the
in those who value it by attaining it.
experience and knowledge necessary to provide effective management and consulting
services. CISM defines the core competencies and international performance standards A current profile of CISMs demonstrates the managerial influence and authority
that those who have information security management responsibilities are expected achieved by CISMs within their organizations:
to master. S More than 1,200 serve as a chief information officer, chief executive officer or serve
in another executive management position.
“The CISM designation signifies integrity, responsibility, knowledge
and experience...all of which I expect from a prospective employee.” S Nearly 2,400 serve as an information security director, manager or consultant.
S More than 1,600 serve as an IT director, manager or consultant.
William C. Boni, CISM
Corporate Vice President, Motorola, USA
This strong executive and managerial presence demonstrates the importance of the
By hiring or retaining the services of a CISM, an organization has invested in a credential and the quality of CISM professionals.
professional who:
S Has met the stringent requirements of a globally recognized credential Global Recognition
S Demonstrates information security management knowledge and skill
S Commits to ongoing professional development The CISM designation continues to grow in global stature and influence. Those who
hold this designation join a network of professionals known for their expertise in
The CISM program requires certified individuals to:
information security management, IT governance and risk management. More than
S Acquire five years (three as an information security manager) of experience in
7,000 individuals from more than 80 countries have earned the CISM designation.
information security
S Pass a rigorous exam
CISM Complies With International Standards
S Comply with annual requirements for continuing professional education
ISACA has earned the prestigious ISO/IEC 17024 accreditation
CISM is not an entry-level certification. It is specifically developed for the information
for its CISM credential program from the International
security professional who has acquired experience managing information security. ANSI Accredited Program
Organization for Standardization (ISO) US representative, PERSONNEL CERTIFICATION
Individuals with three years or more of experience managing the information security #0694
the American National Standards Institute (ANSI). ISO/IEC 10724
function of an enterprise or performing such duties will find the CISM designation
tailored to their knowledge and skills. ISO 17024 accreditation validates the global recognition of the CISM designation
by an independent, unbiased accreditation body and signifies that ISACA’s
CISMs have experience and knowledge:
credentialing procedures meet rigorous requirements for openness, balance,
S Aligning information security strategies with business objectives
consensus and due process.
S Identifying and managing information security risks to achieve business objectives
S Managing an information security program
S Overseeing and directing information security activities Encourage CISM Certification
S Developing and managing an incident response and recovery program More and more organizations are recognizing the value of certifications like CISM and
recommending or requiring that their employees be certified. The US Department of
Defense (DoD) mandates that information security personnel be certified with a
commercial accreditation approved by the DoD. CISM and CISA are both identified as
approved accreditations, signifying the DoD’s confidence in both ISACA credentials.
Exam Languages
The CISA exam is offered in English, Chinese Mandarin Traditional,
Chinese Mandarin Simplified, Dutch, French, German, Hebrew, Italian,
Japanese, Korean and Spanish. For information regarding CISA exam
terminology, visit www.isaca.org/cisaterminology.
All candidates can save US $50 on the exam registration fee by registering
online at www.isaca.org/examreg.
The 2008 CISA and CISM study aids are now available. For pricing and
www.isaca.org/certification language availability, please visit www.isaca.org/bookstore.
PRSRT STD
U.S. POSTAGE
PAID
KELMSCOTT PRESS