Certified Information Systems Auditor (CISA)
Although it’s rather more tangentially aimed at information security in the context of systems audit rather than directly at the subject matter, the CISA is one of the oldest (around since 1978), biggest (over 30,000 certified CISAs around the world), and best-known certifications around. In fact, more than 10,000 individuals have already registered to take the CISA exam in 2003.
CISAs specialize in numerous topic areas related to systems audit and information security, including:
- The information systems audit process
- Management, planning and organization of information systems
- Analysis and review of technical infrastructure and operational practices
- Protection of information assets
- Disaster recovery and business continuity planning and implementation
- Development, acquisition, implementation and planning of business application systems
- Evaluation of business processes and risk management practices
Along the way, key information security topics like network security, firewalls, network infrastructures, risk management, and more are tested in detail. Candidates must fill out an application, and register for an exam date and a specific location well in advance of the exam (all 2003 seats are booked, new candidates will have to register for 2004 or later). The exam is four hours long, consists of 200 multiple choice questions, and costs from $295 to as much as $465 depending on the time at which registration occurs, and whether or not the candidate joins ISACA (members get substantial discounts).
For more information on this program, plus pointers to information about requirements, training materials, practice exams, and more, please visit www.isaca.org/cisa.htm (the certification FAQ on the site is particularly helpful).