ISACA

Lua error in package.lua at line 80: module 'strict' not found.

ISACA is an international professional association focused on IT Governance. Previously known as the Information Systems Audit and Control Association, ISACA now goes by its acronym only, to reflect the broad range of IT governance professionals it serves.^[1][2]

History

ISACA logo

ISACA originated in the USA in 1967,^[1] when a group of individuals working on auditing controls in computer systems started to become increasingly critical of the operations of their organizations. They identified a need for a centralized source of information and guidance in the field. In 1969, Stuart Tyrnauer, an employee of the (then) Douglas Aircraft Company, incorporated the group as the EDP Auditors Association (EDPAA).^[3] Tyrnauer served as the body's founding chairman for the first three years. In 1976 the association formed an education foundation to undertake large-scale research efforts to expand the knowledge of and value accorded to the fields of governance and control of information technology.

The association became the Information Systems Audit and Control Association in 1994.^[4]

By 2008^[update] the organization had dropped its long title and branded itself as ISACA.^[5]

Current status

ISACA currently serves more than 110,000 constituents (members and professionals holding ISACA certifications) in more than 180 countries. The job titles of members are such as IS auditor, consultant, educator, IS security professional, regulator, chief information officer and internal auditor. They work in nearly all industry categories. There is a network of ISACA chapters with more than 200 chapters established in over 180 countries. Chapters provide education, resource sharing, advocacy, networking and other benefits.

Major publications

• COBIT
• Information System Control Journal
• Risk IT
• Standards, Guidelines and Procedures for information system auditing^[6][7] (Guideline co-developed with the International Federation of Accountants)
• Security, Audit and Control Features SAP ERP^[8][9]
• Val IT (Getting best value from IT investments)

Certifications

Certified Information Systems Auditor (CISA)

<templatestyles src="Module:Hatnote/styles.css"></templatestyles>

Certified Information Security Manager (CISM)

<templatestyles src="Module:Hatnote/styles.css"></templatestyles>

Certified in the Governance of Enterprise IT (CGEIT)

Control Objectives for Information and Related Technology (COBIT) 5

Certified in Risk and Information Systems Control (CRISC)

Certified in Risk and Information Systems Control (CRISC) is a certification for information technology professionals with experience in managing IT risks, awarded by ISACA. To gain this certification, candidates must pass a written examination and have a minimum of three years work experience in at least three CRISC domains.^[10]

The intent of the certification is to provide a common body of knowledge for information technology/systems risk management, and to recognize the knowledge of enterprise and IT risk that a wide range of IT and Business practitioners have acquired, as well as the capability to: design, implement and maintain information system (IS) controls, to mitigate IS/IT risks.

The CRISC requires demonstrated knowledge in five functional areas or ‘domains’ of IT risk management:^[11]

• Risk identification, assessment and evaluation
• Risk response
• Risk monitoring
• Information systems control, design and implementation
• IS control, monitoring and maintenance

See also

• Information Systems Security Association

References

External links

• ISACA official webpage