@ISACA Volume 6: 13 March 2013 

@ISACA Relevant, Timely News

CISA: 35 Years and 100,000 Strong

In its 35th anniversary year, the Certified Information Systems Auditor (CISA) has reached another historic milestone, awarding the 100,000th certification since its inception. The CISA certification was established in 1978 and has become a globally recognized designation for IS audit, control, assurance and security professionals.

Being CISA-certified demonstrates that an individual has the skills, knowledge, audit experience and capabilities to manage vulnerabilities, ensure compliance and institute controls within an enterprise. CISA certification also requires the experience necessary to meet the dynamic challenges of a modern enterprise.

“I am proud to be part of such an elite international community,” said Frank Giebel, CISA, CISM, a GRC consultant based in Germany, who recently earned his CISA certification. “Many organizations, especially large international companies, specify in their requests for proposal that auditors must hold a CISA certification, so this credential gives me access to a wider base of potential clients.”

Becoming CISA-certified requires that the individual pass the CISA exam and possess a minimum of 5 years of verified work experience within the field of IS audit, control, assurance or security. Learn more on the How to Become CISA Certified page of the ISACA web site.

CISA certification can enhance your credibility and recognition with employers, peers and clients, as well as boost your earning potential. The next exam is scheduled for 8 June. Registration for the June exam is open until 12 April.


Three Tips for Maturing as an IT Risk Professional

Many organizations are, or are considering, rebranding security analysts as IT risk analysts. However, there is more to this change than title alone. The security analyst will have to learn to think like a risk professional and not necessarily like an auditor or a security architect. Here are tips to help excel in the IT risk profession:

  1. Become comfortable with uncertainty. Working as a risk professional means analyzing the probability of future events that may or may not happen. It is understood that there are no guarantees in life—the same goes for security and IT risk.
  2. Focus on the risk to the business. A lack of a control does not equal risk, as is often represented by those in the audit and security profession. For the IT risk professional, the goal is to understand and then clearly articulate to the decision makers in the organization what the lack of control means in terms of frequency and magnitude of future losses to the business.
  3. Be willing to be wrong. Humbleness is an asset in this profession. When making statements about the future, it helps to have a dearth of hubris. Consider the viewpoints of others, new facts, your own biases and assumptions, and do not become ensconced in any one viewpoint.

The soft skills of IT risk professionals are very important as they may spend half of their time talking and writing about risk in emails, meetings, reports and more. These tips are designed to help you excel at these activities and grow in this career.

Jack Freund, Ph.D., CISA, CISM, CRISC, CIPP, CISSP, PMP, manages a team of IT risk analysts for TIAA-CREF and chairs the CRISC Test Enhancement Subcommittee.


Big Data and COBIT 5 Solutions at North America CACS

Sharpen your skills by learning the latest on big data solutions and integrating the COBIT 5 framework into any organization by attending North America CACS in Dallas, Texas, 15-17 April.

The conference’s information track provides the knowledge required to help IT professionals understand big data, leverage visual analytics and use the new COBIT® assessment tool. You can also learn how to balance risk, understand payment card industry (PCI) standards and trends, and gain insights into emerging information security threats. A few of the sessions and presenters on these topics include:

  • Big Data and Information Governance: Applying Discipline to the Jungle, presented by Dirk DeRoos, IBM
  • Big Data, Big Questions, presented by Nimitt Desai, Deloitte Consulting LLP
  • Big Data: Analytics, presented by Norm Trujillo, Ernst & Young LLP
  • Using the New COBIT Assessment Program to Perform IT Process Assessments, presented by Barry Lewis, CISM, CGEIT, CRISC, Cerberus ISC Inc.
  • COBIT 5: An Overview, presented by Robert Johnson, CISA, CISM, CGEIT, CRISC, Bank of America
  • COBIT 5 for Security, presented by Ramses Gallego, CISM, CGEIT, Dell Software and international vice president of ISACA

Learn more and register on the North America CACS page of the ISACA web site.


Connect With COBIT Focus Authors in the Knowledge Center

Join the COBIT discussions in the Knowledge Center to learn about this globally respected framework and discuss the latest case studies with COBIT Focus authors who have implemented COBIT within their enterprises. COBIT Focus, the e-newsletter for professionals using or interested in COBIT, provides case studies and practical-use articles as well as the latest news on COBIT releases and training opportunities.

COBIT Focus authors often participate in the COBIT Knowledge Center communities to share insights and personal experiences and to answer your questions. Subscribe to COBIT Focus to discover how others are using COBIT, ask questions and grow your understanding of how to use COBIT.


Read More Articles in Our Archives