ISACA – Information Security Certifications, Benefits & Salary
ISACA, formerly known as the Information Systems Audit and Control Association is a non-profit security auditing firm focused on IT governance, risk assessment, systems auditing
ISACA’s certifications are job-specific and ttarget the key aspect of enterprise security i.e., systems auditing, IT governance, risk
ISACA offers four major IT Security Certifications. They are
one of the highly recognized IT security certifications around the world.
- Certified Information Systems Auditor (CISA)
- Certified Information Security Manager (CISM)
- Certification in the Governance of Enterprise IT (CGEIT) and
- Certified in Risk and Information Systems Control (CRISC)
Benefits of ISACA Certification
Certifications are great credentials to showcase your skills and talents to the outside world and employers. Certifications help employers to find the right candidate for the job and gives credibility to the candidate’s knowledge and experience.
- ISACA Certifications are one among the top IT security certifications
- Respected and recognized by the peers in Information Security field
- ISACA Certifications are vendor neutral and job specific
- Be a part of an active network of security professionals, SMEs and its s
ecurity leaders through ISACA membership network - Most-widely accepted by Employers for specific job roles and responsibilities involving IT governance, systems audit, risk management
and control
Certified Information Systems Auditor (CISA)
Certified Information Systems Auditor (CISA) is a globally recognized certification for Information security audit, control, and security professionals. CISA was introduced by ISACA in 1978 and is named the Best Professional Certification Program by SC Media in 2017. As of 2018, there are more than 140,000 active CISA certified professionals globally.
Certification is suitable for Information Security Auditors, IT Consultants, Security Professionals and IT Security Audit Managers. The CISA exam is four hours duration and consists of 150 questions. Pre-requisites: A minimum of five years of direct work experience on information systems auditing, control or security. You can substitute a two-year or four-year degree with 1 or 2 years of experience respectively.
CISA Exam Blueprint:
| Domain | Percentage |
|---|---|
| Process of Auditing Information Systems | 21% |
| Governance and Management of IT | 16% |
| Information Systems Acquisition, Development and Implementation | 18% |
| Information Systems Operations, Maintenance and Service Management | 20% |
| Protection of Information Assets | 25% |
Certified Information Security Manager (CISM)
Certified Information Security Manager (CISM) is one of the highest paying and sought-after IT Certification offered by ISACA. This certification makes you an expert in international security practices and is suitable for individual who manage, designs and overseas enterprise information security. Since the inception there more than 32,000 certified CISM professionals worldwide.
This Certification is designed for IT Security Manager. The CISM Certification is a four hours duration exam with 200 questions. Once the exam is passed, candidate must agree to the terms of ISACA that the candidate should earn five years of professional work experience in information security with at least 3 years as a security manager in at least 3 of the knowledge domains.
CISM Exam Blueprint:
| Domain | Percentage |
|---|---|
| Information Security Governance | 24% |
| Information Risk Management and Compliance | 30% |
| Information Security Program Development and Management | 27% |
| Information Security Incident Management | 19% |
Certification in the Governance of Enterprise IT (CGEIT)
Certification in the Governance of Enterprise IT (CGEIT) is for professionals who are at senior-level positions focused on enterprise governance and assurance. CGEIT professionals are highly skilled in good IT governance, avoiding unforeseen security issues and to tackle any threat that still arise. With little over 7000 certified CGEIT professionals worldwide it is one of the most demanding certifications in the information security industry.
CGEIT Certification is a four hours exam consists of 150 questions. Work requirements are specific in terms of CGEIT Certification. Candidate must possess five year of experience in professional-level enterprise management (1 year of enterprise IT governance framework and other years in any of the two knowledge domains: strategic management, benefits realization, risk optimization or resource optimization).
CGEIT Exam Blueprint:
| Domain | Percentage |
|---|---|
| IT Governance Framework | 25% |
| Strategic Management | 20% |
| Benefits Realization | 16% |
| Risk Optimization | 24% |
| Resource Optimization | 15% |
Certified in Risk and Information Systems Control (CRISC)
Certified in Risk and Information Systems Control (CRISC) professionals have a more active role in the risk management section. This certification prepares an individual for any challenges in enterprise risk management. CRISC Certification is designed for risk and information controls professionals and has more than 20000 certified professionals worldwide
CRISC Exam Blueprint:
| Domain | Percentage |
|---|---|
| Risk Identification | 27% |
| Risk Assessment | 28% |
| Risk Response and Mitigation | 23% |
| Risk and Control Monitoring and Reporting | 22% |
ISACA Certification Salaries
ISACA Certification holders are renowned for their knowledge and skills and are highly paid than other IT professionals. Each quarter Foote partners will release a report (ITSCPI) on IT skills and their approximate salary. Here is the average salary for all the four certifications offered by ISACA.
- Certified Information Systems Auditor (CISA): $97,117 USD (North America) & $75,300 USD (Worldwide Average)
- Certified Information Security Manager (CISM): $105,926 USD (North America) & $86,234 USD (Worldwide Average)
- Certification in the Governance of Enterprise IT (CGEIT): $117,544 USD (North America) & $92,821 USD (Worldwide Average)
- Certified in Risk and Information Systems Control (CRISC): $107,968 USD (North America) & $93,193 USD (Worldwide Average)
Source: 2018 IT Skills and Salary report by Global Knowledge
You may also like
What is Penetration Testing?
Login with Google