For someone who wants to get into infosec auditing, the
Requires Free Membership to View
Certified
Information
System
Auditor (CISA) program tops the list. This
program is sponsored by the Information Systems Audit and Control
Association (ISACA). It has its own distinct niche when it comes to
security certifications. "The CISA
program is essentially based on the audit of information systems
and the assurance of information security, so as such there is no
equivalent for a CISA program," says Pushpa Redkar, the head of
business development for MIEL e-Security's education division.
| |||||||||||||||||
To get a CISA program certification, you have to pass the exam, adhere to ISACA's code of professional ethics, and present proof that supports a work experience of at least five years in professional information systems auditing, control or security. However, you can substitute a part of the work experience required for the CISA program in the following ways.
According to the CISA program, you can substitute one year of the required work experience by having:
• At least one year experience in either information systems, or financial or operational auditing, or
• 60 credit hours of a completed college semester equivalent of a bachelor degree, or
• A bachelor's or master's degree from a university that implements model curricula that is sponsored by ISACA, or
• Experience of two years as a full-time university instructor in any field such as computer science, accounting, or information systems auditing.
Two years of the required work experience for CISA program can be substituted with 120 credit hours of a completed college semester of a bachelor degree. This experience should have been garnered in a 10-year span before appearing for the exam. The CISA program exam is offered twice a year in June and December.
According to KK Mookhey, the founder and principal consultant of NII Consulting, a CISA program certified professional can look at various job opportunities including IT head, audit & risk advisory manager, information security risk analyst, information security officer, information security auditor or as a senior IT consultant. As a result, the CISA program is in much demand in India, and there is a significantly higher demand for CISA program certified professionals than supply. Adds Redkar, "Currently, the CISA program clubbed with the Certified Internal Auditor, and the CISA program with Cisco Certified Network Associate are also very much in demand in the Indian market."
Assurance, audit and information security professionals are sought after, but it does not mean that finishing any of these certifications (including the CISA program) will lead to guaranteed employment. At the end of the day, your information security career also depends on other skills such as communication, practical experience and attitude.