ISACA UPDATE

1
ISACA UPDATE

• Presented By Brian OBrien, CISA
• Melissa Justice, CISA
• Jotham Nyamari
• Board Members of the
• Central Ohio ISACA Chapter

2
Central Ohio Chapter Goals Educational
Programs Local Training Opportunities Profession
al Networking
3
Central Ohio Happenings

• Monthly luncheons on 2nd Thursday of month.
• Board meets monthly (10 CPEs for chapter
  involvement).
• Two (fall and spring) training seminars per year.
• Oracle Database Auditing on October 28-29.
• CISA / CISM Training Courses.
• Local Job Postings.
• Website / Newsletter (35 per month).
• Golf outing.
• Just occurred in August.
• Holiday Party / Beulah Park.
• Scheduled for Saturday, November 1st.
• Student Reduced Fees.

4
Central Ohio Chapter Whos Who?
5
International Update
6
Membership Benefits

• Publication
• Knowledge
• Community of Peers
• Downloads
• Career Center

• Membership
• K-NET
• COBIT
• Val IT
• ITAF

Access to ISACA Internationals website
http//www.isaca.org
7
(No Transcript)
8
Membership

• Total ISACA membership worldwide 77,093

9
K-NET

• ISACAs Knowledge Network
• Online database
• Peer reviewed
• More than 6,000 links
• Member access to 200 topics in 13 subject areas
• Fully searchable
• Personalized tracking

www.isaca.org/knet
10
COBIT
COBIT Family of Products

• COBIT 4.1
• COBIT Online
• COBIT Quickstart
• COBIT Foundation Course

www.isaca.org/cobit
11
COBIT
COBIT Downloads

• IT Assurance Guide Using COBIT
• IT Governance Implementation Guide Using COBIT
  and Val IT, 2nd Edition
• COBIT Security Baseline

www.isaca.org/downloads
12
COBIT Foundation Course

• Case Studies
• Real-world Examples
• Overview of COBIT Control Objectives, Control
  Practices, Management Guidelines, and Audit
  Guidelines
• 40 Sample Questions to Prepare for COBIT
  Foundation Exam
• 8 Hours 499

13
COBIT Foundation Course

• Consists of 5 Modules
• Responding to IT Challenges
• Introducing COBIT
• What COBIT Provides
• Applying COBIT in Practice
• Products and Support Available from ITGI

14
Val IT

• Provides guidance to
• Define relationships between IT and other
  functions with governance responsibilities
• Manage an organizations portfolio of IT
  investments
• Maximize the quality of business cases for IT
  investments

www.isaca.org/valit
15
ITAF
New!

• ITAFTM A Professional Practices Framework for IT
  Assurance
• Provides guidance on the design, conduct and
  reporting of IT audit and assurance assignments
• Defines terms and concepts specific to IT
  assurance
• Establishes standards that address IT audit and
  assurance professional roles and
  responsibilities, knowledge, skills and
  diligence, conduct, and reporting requirements

www.isaca.org/downloads
16
Publications

• Information Systems Control Journal
• Print and online versions
• www.isaca.org/journal
• Journal Online
• Articles that supplement the journal
• Online only
• www.isaca.org/JOnline
• Global Communiqué
• Member newsletter
• Online only
• www.isaca.org/gcomm

17
Knowledge

• ISACA Bookstore Discounts
• Listservs Discussion Forums
• Sarbanes-Oxley
• COBIT
• IT Governance
• Information Security Management
• General Topics

www.isaca.org/bookstore
18
Community of Peers
The Local Level Your Chapter

• Why you should get involved
• More than 170 chapters in 140 countries
• Leadership opportunities
• Networking
• Professional growth
• Positive impact on the local business community

www.isaca.org/chapters
19
Community of Peers
The International Level ISACA/ITGI

• Why you should get involved
• Impressive global network of peer contacts
• Shared expertise and learning
• A personal role in the future of the
  association, as well as the IT assurance,
  security and governance professions.

www.isaca.org/leadership
20
Downloads

• Standards, Statements and Guidelines for IS audit
  and control
• Audit Programs and Internal Control
  Questionnaires on more than 20 topics
• IT Governance Institute research documents and
  presentations
• Free ITGI research publication downloads
  including
• COBIT Security Baseline
• Securing the Network Perimeter

21
Career Centre

• ISACA Members Can Search for Jobs by
• Geography
• Professional Certification
• Experience Level
• ISACA Members Can Store Resume or/and Post for
  Employers
• Receive E-mail When New Jobs Post

22
Career Centre

• Employers Can Post Jobs
• 30 Day Listing for 295
• 60 Day Listing for 395
• Posting is Immediate
• Employers Can Search Resumes

http//jobs.isaca.org/
23
Comprehensive Student Program

• Reduction of student dues
• 25
• New member fee waived
• All benefits delivered electronically
• Many chapters reduce or waive chapter dues for
  students
• Student area of the web site
• Student membership application
• Eligibility and dues
• Benefits of membership
• IT Audit Basics articles

24
Education Around the World
25
CISA, CISM, and CGEIT Certifications
26
CISA Certification Current Facts

• Certified the 60,000th CISA earlier this year
• More than 45,000 current CISAs
• A 2007 survey of ISACA members who hold the CISA
  designation revealed
• 94 value their CISA certification
• 72 agreed that CISA has advanced their career

27
Current CISAs by ISACA Geographical Area
28
Current CISAs (more than 500) by Country

• 1,044 Australia
• 898 Germany
• 883 Singapore
• 870 Spain
• 597 China
• 541 South Africa

19,396 USA
2,369 Canada
2,291 India
2,205 Korea
1,794 Japan
1,719 UK
1,442 Hong Kong
573 Netherlands
29
Exam Registrations Past 12 Months

• CISA Exam Registration
• TOTAL
• Asia 11,700
• C/S America 750
• Europe/Africa 6,600
• N. America 7,100
• Oceania 300

30
CISAs in the Workplace

• More than
• 9,000 serve as IT audit practitioners
• 9,000 serve as IS/IT audit directors, managers,
  or hold senior positions
• 2,200 serve as chief audit executives (CAEs),
  audit partners or audit heads
• More than
• 11,000 hold managerial or consulting positions in
  IT operations or compliance
• 3,800 serve as CIOs, CISOs, security directors,
  security managers
• 1,400 serve as the CEO or CFO of their
  organizations

31
Recent CISA Program Recognition

• CIO Magazine, SC Magazine and Foote Partners
  research continually cite CISA as a credential
  that earns top pay compared with other
  credentials
• Certification Magazines 2007 salary survey
  ranked CISA in the top five highest paying
  certifications
• Salary for auditing certifications such as CISA
  continue to be boosted by compliance requirements
  and independent auditor control provisions

32
Recent Significant CISA Certification Board
Actions

• Moved to Item Response Theory (IRT) method of
  classifying and selecting exam items, beginning
  with the June 2008 exam (see next slide)
• Reduced the administrative exam to 170 items
  (graded) with additional blocks of 30 new items
  (ungraded) used to gather performance statistics

33
Recent Significant CISA Certification Board
Actions (continued)

• Approved to discontinue any exam language that
  averages less than 100 candidates annually over
  any successive three-year period
• Approved to allow a 1 year educational waiver for
  achievement of a Masters degree in Information
  Systems or IT from an accredited university
• Motion pending on approval of Polish as new CISA
  exam language

34
Item Response Theory (IRT) method

• The IRT method of classifying exam items allows
  the CISA Certification Board to
• Accumulate better statistics on item performance
• Score the exam more quickly
• Select items to produce a desired level of
  difficulty
• Move to computer-based testing in the future

35
ANSI Accreditation

• The American National Standards Institute (ANSI)
  has awarded accreditation under ISO/IEC 17024 to
  the CISA certification program in 2005.
• Accreditation by ANSI signifies that ISACAs
  procedures meet ANSIs requirements for openness,
  balance, consensus and due process.
• Reaccredited in 2006 and 2007.
• Currently being assessed for 2008.

36
CISA Preparation Related Education Activities

• Updated CISA Review instructor-led-training (ILT)
  course provided to ISACA chapters
• Updated topics and notes
• Added a course training guide
• Added 100 question sample exam (sorted by domain
  and scrambled)
• Introduced new CISA Online Review Course
• Serves both for exam preparation and as
  continuing professional education
• Chapter incentive program offered
• Converted sample questions on ISACA web site to
  on-line CISA self-assessment

37
Item Writing Program

• US50 per accepted question
• Earn 1 CPE hour for each accepted question
• US100 per accepted question offered when
  questions are accepted in areas of need for the
  exam

Continuing Education

• Did you knowActive participation on an ISACA
  and/or ITGI board, committee, task force or
  active participation as an officer of an ISACA
  chapter earns one continuing professional
  education hour for each hour of active
  participation. (10-hour annual limitation)

38
CISM Certification Facts

• 9,145 CISM Certifications have been awarded since
  2003
• Currently there are more than 8,000 active CISM
  members of ISACA
• This year the total number of CISMs awarded will
  exceed 10,000

39
Who are the CISMs?

• Most CISMs are consultants (37) or work in
  financial services (19).
• As expected most CISMs are directors(32) or
  managers (22).
• 16 of CISMs have a C level title.

40
Where CISMs Work

• CISMs primarily work in large organizations (34)
  with 15,000 or more employees.
• 30 of CISMs manage organizations whose security
  staff is larger than 25 individuals. 61 work in
  organizations having a security staff larger than
  5 individuals.

41
Years of Professional Experience

• A large number of CISMs have more than 14 years
  of professional experience (63). 84 report
  having 10 or more years of experience.

42
Geographic Representation

• Member CISMs by ISACA Region
• Asia
• Central / South America
• Europe / Africa
• North America
• Oceania

14.4
3.4
24.7
54.2
3.3
43
CISM Exam Registration by Region
December 07
June 08
Total
Asia
527
556
1083
Central South America
152
124
276
Europe Africa
686
801
1487
North America
825
838
1663
Oceania
64
65
129
44
Countries with more than 40 CISM Exam Takers
(June 08)
North America
Asia

• India
• Singapore
• United Arab Emirates

• Canada
• USA

Central / South America
Oceania

• Mexico

• Australia

Europe / Africa

• Germany
• Spain
• Nigeria
• United Kingdom

45
CISM Languages June 08

• This June the CISM Exam was offered in four
• languages. For the first time it was available in
• Korean.

English Spanish Japanese Korean
90.7 6.0 3.0 0.3
46
CISM in the News
IT professionals who obtained ISACA's information
security managers certification (CISM) are in a
better position to deal with the growing emphasis
on business needs over technology, according to a
recent survey of more than 1,400 CISMs in 83
countries. (CSO Magazine)
A report shows that formally certified security
professionals on average are commanding about 10
to 15 higher salaries than noncertified
individuals in comparable roles. Among the
certification programs commanding the highest
premiums were Certified Information Systems
Auditor (CISA) and Certified Information Security
Manager (CISM). (Computerworld)
CISM was listed as the 2nd highest paid
certification in Certification Magazines 2007
salary survey.
47
Recent Significant CISM Certification Board
Actions

• Approved to certify professors who pass the CISM
  Exam and who have a minimum of 6 years experience
  in security management research and teaching.

48
ANSI Accreditation

• The American National Standards Institute (ANSI)
  has awarded accreditation under ISO/IEC 17024 to
  the Certified Information Security Manager (CISM)
  in 2005.
• Accreditation by ANSI signifies that ISACAs
  procedures meet ANSIs essential requirements for
  openness, balance, consensus and due process.
• Reaccredited in 2006 and 2007. Currently being
  assessed for 2008.

49
CISM Preparation Related Education Activities

• Updated CISM Review instructor-led-training (ILT)
  course provided to ISACA chapters
• Updated topics and notes
• Added a course training guide
• Added 100 question sample exam (sorted by domain
  and scrambled)
• Recruited more than 100 CISM subject matter
  experts to participate in the development of the
  2009 CISM Review Manual
• Converted sample questions on ISACA web site to
  on-line CISM self-assessment

50
CISM Preparation Related Education Activities

• Modified the manner in which the CISM Questions,
  Answers and Explanations Manual and Supplement
  are developed to be more consistent with how the
  CISM Test Enhancement Committee develops
  questions
• Recruited experienced CISM TEC members to
  participate in QAE development

51
CGEIT Certification Current Facts

• 364 CGEITs as of 26 June 2008
• All certified via the grandfathering provision
• Grandfathering provision ends 31 October 2008

52
Requirements to Become a CGEIT under the
Grandfathering Provision

• Until 31 October 2008, can apply for
  certification as a CGEIT without being required
  to pass the CGEIT examination. Requires
• 1. Submit evidence of appropriate work experience
• 2. Agree to adhere to the ISACA Code of
  Professional Ethics
• 3. Agree to comply with the CGEIT Continuing
  Professional Education Policy
• Work Experience
• In order to qualify for the CGEIT certification
  under the grandfathering provision an applicant
  must provide evidence of management, advisory or
  oversight experience associated with the
  governance of the IT-related contribution to an
  enterprise. Eight (8) years of such experience is
  required and is defined and described
  specifically by the CGEIT job practice domains
  and task statements. Specifically, an applicant
  must have
• a minimum of one year experience related to the
  development and/or maintenance of an IT
  governance framework (CGEIT domain one (1) see
  page V1) and
• additional broad experience directly related to
  any two or more of the remaining domains (CGEIT
  domains two (2) through six (6) see page V2)

53
Requirements to Become a CGEIT under the
Grandfathering Provision

• Advanced (post-graduate) degrees and
  certificates, up to three (3) of the eight years
  of required experience can be substituted as
  follows
• Two-Year SubstitutionOther Management
  Experience Up to two (2) years of experience
  may be substituted for other management
  experience gained that is not specific to IT
  governance (e.g. consulting, auditing, assurance
  or security management role that is unrelated to
  the CGEIT domains).
• One-Year SubstitutionCredentials, Advanced
  (post-graduate) Degrees and Certificates One (1)
  year of experience may be substituted for each
  credential held (in good standing), advanced
  (post-graduate) degree or certificate program
  which includes an IT governance and/or management
  component or are specific to one or more of the
  CGEIT domains. These include
• Certified Information Systems Auditor (CISA)
  issued by ISACA
• Certified Information Security Manager (CISM)
  issued by ISACA
• Implementing IT Governance Using COBIT
  certificate issued by ISACA (available in 2008)
• ITIL Service Manager certification program
• Chartered Information Technology Professional
  (CITP) issued by the British Computer Society
• Certified Information Technology Professional
  (CITP) issued by the American Institute of CPAs
• Project Management Professional (PMP) issued by
  the Project Management Institute
• Information Systems Professional (I.S.P.) issued
  by the Canadian Information Processing Society
• Certified Internal Auditor (CIA) issued by the
  Institute of Internal Auditors
• Certified Business Manager (CBM) issued by The
  Association of Professionals in Business
  Management
• Advanced (post-graduate) degree from an
  accredited university in governance, information
  technology, information management or business
  administration
• Prince2Registered Practitioner certificate from
  the Office of Government Commerce
• Applicants who have earned/acquired other
  credentials, advanced degrees and/or certificates
  that include a significant IT governance and/or
  information management component and are not
  listed above are welcome to submit them to the
  CGEIT Certification Board for consideration.

54
Current CGEITs in the Workplace
55
CGEIT Job Roles
CONSTITUENT ROLES KEY RESPONSIBILITY
BUSINESS and IT MANAGEMENT Oversee the development maintenance of the IT strategic plan and develop control frameworks.
PROJECT MANAGEMENT Controlling the delivery of IT programs/projects to the business
AUDIT ASSURANCE RELATED POSITIONS Monitor review the enforcement of policy compliance, both internal and external.
SECURITY RELATED POSITIONS Oversee the development maintenance of the information security strategy, plan and program
IS/IT RELATED POSITIONS Managing enterprise architecture including infrastructure and applications.
RISK MANAGEMENT Oversee the development maintenance of the risk strategy, plan program.
56
Current CGEITs by ISACA Geographical Area
57
Current CGEITs (10 or more) by Country
188 USA
20 Canada
14 Japan
10 Belgium
10 UK
10 Spain
58
Current CGEITs Other Demographics

• 41 of CGEITs come from the technology
  services/consulting field
• 23 of CGEITs work in the financial services
  industry
• 82 of CGEITs have an Advanced Education Degree
• 44 have an Masters Degree
• 5 are Ph.Ds

59
CGEIT Grandfather Applications and Process

• 740 applications received as of 26 June 2008
• Approval rate is 94
• Approvals require review and approval of CGEIT
  Certification Board members
• Takes approximately 6-10 weeks to review

60
CGEIT Exam

• Exam will be 120 multiple choice questions. Many
  questions will be scenario based.
• Exam question emphasis based on CGEIT job
  practice survey
• Four hours provided to complete
• Offered at the same time and same test locations
  as CISA and CISM

61
CGEIT Exam Domain Percentages
62
CGEIT Preparation Materials

• Initially there will not be a CGEIT Review Manual
  or sample questions for exam preparation.
• Reference list of key publications and
  periodicals is available at www.isaca.org/cgeitref
  erences
• References divided into primary and other
• Primary references (should be used for study)
• publications that address the CGEIT domains and
  the use of an IT governance framework
• Other references (can be used for study)
• Often address an aspect or approach to IT
  governance

63
Trivia
64
ISACA is recognized as a worldwide leader in what
three areas?
65
ISACA is recognized as a worldwide leader in what
areas?

• IT Governance
• Information Security
• IT Assurance

66
What year was ISACA founded?
67
What year was ISACA founded?

• 1969

68
What was the original name of ISACA?
69
What was the original name of ISACA?

• EDP Auditors Association

70
What is the new ISACA slogan listed on the new
ISACA logo?
71
What is the new ISACA slogan listed on the new
ISACA logo?
Serving IT Governance Professionals.
72
What year was the Central Ohio chapter founded?
73
What year was the Central Ohio chapter founded?

• 1978

74
What is the name of the technical journal ISACA
publishes?
75
What is the name of the technical journal ISACA
publishes?

• Information Systems Control Journal

76
What is the new ISACA certification and what does
the acronym stand for?
77
What is the new ISACA certification and what does
the acronym stand for?CGEITCERTIFIED IN THE
GOVERNANCE OF ENTERPRISE IT
78
What is the name of the research foundation that
is funded by ISACA?
79
What is the name of the research foundation that
is funded by ISACA?

• IT Governance Institute (ITGI)

80
What is the name of the membership newsletter
distributed by ISACA?
81
What is the name of the membership newsletter
distributed by ISACA?

• Global Communiqué

82
How many members are currently on our chapters
board? (Extra for first names.)
83
How many members are currently on our chapters
board? (Extra for first names.)

• 11
• Brian Melissa
• Mike B Schlaine
• Chuck Chris
• Matt Ryan
• Rich Mike K
• Joseph