The American National Standards Institute (ANSI), a nonprofit organization that promotes and facilitates criteria around openness, balance, consensus and due process in assessment programs, has accredited two certifications offered by the Information Systems Audit and Control Association (ISACA).
The Certified Information Systems Auditor (CISA) and Certified Information Security Manager (CISM) certification programs were evaluated under the ISO/IEC 17024 standard (general requirements for bodies operating certification of persons), a traditional benchmark that presents the requirements in education, knowledge, skills and experience a certificant in any field and industry would be expected to meet.
The CISA program, which was launched in 1978, covers audit, control and security issues involved with information systems. More than 40,000 people have attained the CISA certification since it was established, and over 19,000 registered for the June 2005 CISA exam, a 40 percent increase from 2004. The next CISA exam is scheduled for Dec. 10, 2005. The CISA exam has seven content areas: protection of information assets (the largest part of the test); management, planning and organization of IS; technical infrastructure and operational practices; disaster recovery and business continuity; business application system development, acquisition, implementation and maintenance; business process evaluation and risk management; and the IS audit process.
The CISM, which has been attained by more than 5,200 professionals in its first two years of existence, is specifically designed for experienced information security managers. To obtain the CISM, candidates must pass the exam, agree to follow ISACA’s code of professional ethics and validate that they have a minimum of five years of on-the-job experience in information security. Professional experience must include at least three years of information security management work in three or more of the job-practice analysis areas covered in the exam (certain work experience substitutions are available), which are information security management, information security program management, information security governance, risk management and response management.
For more information, see http://www.isaca.org.