Information Systems Audit and Control Association


Information Systems Audit and Control Association
Website: www.isaca.org

ISACA is an international professional association that deals with IT Governance. It is an affiliate member of IFAC.[1] Previously known as the Information Systems Audit and Control Association, ISACA now goes by its acronym only, to reflect the broad range of IT governance professionals it serves.[2][3]

Contents

History

The ISACA was founded in the USA in 1967,[4] when a group of individuals with jobs auditing controls in the computer systems, which were becoming increasingly critical to the operations of their organizations, recognized the need for a centralized source of information and guidance in the field. In 1969, Stuart Tyrnauer, employed by the (then) Douglas Aircraft Company, incorporated the entity as the EDP Auditors Association, serving as its founding Chairman for the first three years. In 1976 the association formed an education foundation to undertake large-scale research efforts to expand the knowledge and value of the IT governance and control field. 111

Current status

ISACA currently serves more than 95,000 constituents (members and professionals holding ISACA certifications) in more than 160 countries. The job titles of members are such as IS auditor, consultant, educator, IS security professional, regulator, chief information officer and internal auditor. They work in nearly all industry categories. There is a network of ISACA chapters with 170 chapters established in over 160 countries. Chapters provide education, resource sharing, advocacy, networking and other benefits.

Major publications

Certifications

Certified Information Systems Auditor(CISA)

Certified Information Security Manager (CISM)

Certified in the Governance of Enterprise IT (CGEIT)

Certified in Risk and Information Systems Control (CRISC)

Certified in Risk and Information Systems Control (CRISC) is a certification for information technology professionals with experience in managing IT risks, awarded by ISACA. To gain this certification, candidates must pass a written examination and have at least eight years of information technology or business experience, with a minimum of three years work experience in at least three CRISC domains.[7]
The intent of the certification is to provide a common body of knowledge for information technology / systems risk management, and to recognize the knowledge of enterprise and IT risk that a wide range of IT and Business practitioners have acquired, as well as the capability to: design, implement and maintain information system (IS) controls, to mitigate IS/IT risks.
The CRISC requires demonstrated knowledge in five functional areas or ‘’Domains’’ of IT risk management[8]:

  • Risk Identification, Assessment and Evaluation
  • Risk Response
  • Risk Monitoring
  • Information Systems Control Design and Implementation
  • IS Control Monitoring and Maintenance

References

  1. ^ http://www.ifac.org/About/MemberBodies.tmpl, IFAC: Member Bodies, Retrieved at 02 October 2007
  2. ^ http://www.isaca.org/Content/NavigationMenu/About_ISACA/Overview_and_History/Overview_and_History.htm, ISACA Overview and History, Retrieved 12 November 2007
  3. ^ Vacca, John (2009) Computer and Information Security Handbook Morgan Kaufmann Publications Elsevier Inc p. 600 ISBN 978-0-12-374354-1 
  4. ^ http://www.isaca.org/Content/NavigationMenu/About_ISACA/Overview_and_History/Overview_and_History.htm, ISACA Overview and History, Retrieved 02 October 2007
  5. ^ Standards, Guidelines and Procedures for information system auditing: http://www.isaca.org/Knowledge-Center/Standards/Documents/ALL-IT-Standards-Guidelines-and-Tools.pdf
  6. ^ Some ISACA standards in different languages: http://www.isaca.org/Knowledge-Center/Standards/Documents/Forms/AllItems.aspx
  7. ^ ISACA Website - How to Become CRISC Certified (retrieved 2011-07-01)
  8. ^ ISACA Website - CRISC Job Practice Areas (retrieved 2011-07-01)

External links


Wikimedia Foundation. 2010.

Look at other dictionaries:

  • Information Systems Audit And Control Association — L Information Systems Audit and Control Association (ISACA) est une association internationale dont l objectif est d améliorer les processus et méthodologie des audits informatiques. Elle est aussi l organisme promoteur de la méthode COBIT et est …   Wikipédia en Français

  • Information systems audit and control association — L Information Systems Audit and Control Association (ISACA) est une association internationale dont l objectif est d améliorer les processus et méthodologie des audits informatiques. Elle est aussi l organisme promoteur de la méthode COBIT et est …   Wikipédia en Français

  • Information Systems Audit and Control Association — L ISACA est une association professionnelle internationale dont l objectif est d améliorer la gouvernance des systèmes d information, notamment par l amélioration des méthodes d audit informatique. Elle est aussi l organisme promoteur des… …   Wikipédia en Français

  • Information Systems Audit and Control Association — Die Information Systems Audit and Control Association (ISACA) ist der Berufsverband der EDV Prüfer (IT Auditoren) und hat in über 140 Ländern mehr als 70.000 Mitglieder. Die Mitglieder sind Mitarbeiter der Internen Revision oder von Prüfungs und… …   Deutsch Wikipedia

  • Information Systems Audit and Control Association — ISACA A U.S. based international organization dedicated to information systems auditing and security. Established in 1969, ISACA is headquartered at Rolling Meadows, IL. Its activities include conferences, education, and publication of the *… …   Auditor's dictionary

  • Information security audit — An information security audit is an audit on the level of information security in an organization. Within the broad scope of auditing information security there are multiple type of audits, multiple objectives for different audits, etc. Most… …   Wikipedia

  • Information Systems Control Journal — A U.S. magazine, published bimonthly by the *Information Systems Audit and Control Association. Available in print and hard copy formats, the journal’s Web site states that it aims to provide professional development information to those… …   Auditor's dictionary

  • Information technology audit — An information technology audit, or information systems audit, is an examination of the controls within an Information technology (IT) infrastructure. An IT audit is the process of collecting and evaluating evidence of an organization s… …   Wikipedia

  • Certified Information Systems Auditor — [1] Certified Information Systems Auditor (CISA) is a professional certification for Information Technology Audit professionals sponsored by ISACA, formerly the Information Systems Audit and Control Association. Candidates for the certification… …   Wikipedia

  • Certified Information Systems Auditor - CISA — A certification available for professionals who conduct audits of information systems. The CISA credential is sponsored by the Information Systems Audit and Control Association (ISACA) and is the global standard for information systems audit,… …   Investment dictionary