Information Systems Audit and Control Association

ISACA is an international professional association that deals with IT Governance. It is an affiliate member of IFAC.[1] Previously known as the Information Systems Audit and Control Association, ISACA now goes by its acronym only, to reflect the broad range of IT governance professionals it serves.[2][3]

Contents

History

The ISACA was founded in the USA in 1967,[4] when a group of individuals with jobs auditing controls in the computer systems, which were becoming increasingly critical to the operations of their organizations, recognized the need for a centralized source of information and guidance in the field. In 1969, Stuart Tyrnauer, employed by the (then) Douglas Aircraft Company, incorporated the entity as the EDP Auditors Association, serving as its founding Chairman for the first three years. In 1976 the association formed an education foundation to undertake large-scale research efforts to expand the knowledge and value of the IT governance and control field. 111

Current status

ISACA currently serves more than 95,000 constituents (members and professionals holding ISACA certifications) in more than 160 countries. The job titles of members are such as IS auditor, consultant, educator, IS security professional, regulator, chief information officer and internal auditor. They work in nearly all industry categories. There is a network of ISACA chapters with 170 chapters established in over 160 countries. Chapters provide education, resource sharing, advocacy, networking and other benefits.

Major publications

Certifications

Certified Information Systems Auditor(CISA)

Certified Information Security Manager (CISM)

Certified in the Governance of Enterprise IT (CGEIT)

Certified in Risk and Information Systems Control (CRISC)

Certified in Risk and Information Systems Control (CRISC) is a certification for information technology professionals with experience in managing IT risks, awarded by ISACA. To gain this certification, candidates must pass a written examination and have at least eight years of information technology or business experience, with a minimum of three years work experience in at least three CRISC domains.[7]
The intent of the certification is to provide a common body of knowledge for information technology / systems risk management, and to recognize the knowledge of enterprise and IT risk that a wide range of IT and Business practitioners have acquired, as well as the capability to: design, implement and maintain information system (IS) controls, to mitigate IS/IT risks.
The CRISC requires demonstrated knowledge in five functional areas or ‘’Domains’’ of IT risk management[8]:

References

  1. ^ http://www.ifac.org/About/MemberBodies.tmpl, IFAC: Member Bodies, Retrieved at 02 October 2007
  2. ^ http://www.isaca.org/Content/NavigationMenu/About_ISACA/Overview_and_History/Overview_and_History.htm, ISACA Overview and History, Retrieved 12 November 2007
  3. ^ Vacca, John (2009) Computer and Information Security Handbook Morgan Kaufmann Publications Elsevier Inc p. 600 ISBN 978-0-12-374354-1 
  4. ^ http://www.isaca.org/Content/NavigationMenu/About_ISACA/Overview_and_History/Overview_and_History.htm, ISACA Overview and History, Retrieved 02 October 2007
  5. ^ Standards, Guidelines and Procedures for information system auditing: http://www.isaca.org/Knowledge-Center/Standards/Documents/ALL-IT-Standards-Guidelines-and-Tools.pdf
  6. ^ Some ISACA standards in different languages: http://www.isaca.org/Knowledge-Center/Standards/Documents/Forms/AllItems.aspx
  7. ^ ISACA Website - How to Become CRISC Certified (retrieved 2011-07-01)
  8. ^ ISACA Website - CRISC Job Practice Areas (retrieved 2011-07-01)

External links