Upload
faisal
View
212
Download
0
Embed Size (px)
Citation preview
8/4/2019 ISACA Certifications 21 Jul 11
1/3
Page 1 of3
CERTIFIED INFORMATION SYSTEMS AUDITOR
The CISA exam is offered each year and consists of 200 multiple-choice questions that cover the
five job practice domains created from the most recent CISA job practice analysis. The practice
domains and percentages below indicate the emphasis of questions that will appear on the
exam. The job practice analysis was developed and validated using prominent industry leaders,
subject matter experts and industry practitioners.
Job Practice Domains; The domains and their definitions are as follows:
1. T he Process of Auditing Information Systems (14 percent)Provide audit services inaccordance with IT audit standards to assist the organization with protecting and
controlling information systems.
2. Governance and Management of IT (14 percent)Provide assurance that the necessaryleadership and organizational structures and processes are in place to achieve objectives
and to support the organizations strategy.
3. Information Systems Acquisition, Development and Implementation (19 percent)Provide assurance that the practices for the acquisition, development, testing, and
implementation of information systems meet the organizations strategies and
objectives.
4. Information Systems Operations, Maintenance and Support (23 percent)Provideassurance that the processes for information systems operations, maintenance and
support meet the organizations strategies and objectives.
5. Protection of Information Assets (30 percent)Provide assurance that theorganizations security policies, standards, procedures and controls ensure the
confidentiality, integrity and availability of information assets.
CERTIFIED INFORMATION SECURITY MANAGER
The CISM exam is offered each year and consists of 200 multiple-choice questions that cover the
five information security management job practice domains created from the most recent CISM
job practice analysis. The percentages below indicate the emphasis of questions that will appear
on the exam from each domain. The job practice analysis was developed and validated using
prominent industry leaders, subject matter experts and industry practitioners.
Notice: The current CISM job practice is in the process of being updated to capture the changes
that have occurred within the ever evolving field of information security management. Please be
aware that the December 2011 CISM exam administration will be the last time that the current
CISM job practice (identified below) will be tested as the revised job practice will be tested
beginning in June 2012.
Job Practice Domains; The domains and their definitions are as follows:
1.
Information security governance (23 percent)
Establish and maintain a framework toprovide assurance that information security strategies are aligned with the business
objectives and consistent with applicable laws and regulations.
8/4/2019 ISACA Certifications 21 Jul 11
2/3
Page 2 of3
2. Information risk management (22 percent)Identify and manage information securityrisks to achieve business objectives.
3. Information security program development (17 percent)Create and maintain aprogram to implement the information security strategy.
4. Information security program management (24 percent)Oversee and directinformation security activities to execute the information security program.
5. Incident management and response (14 percent)Plan, develop and manage acapability to detect, respond to and recover from information security incidents.
CERTIFIED IN THE GOVERNANCE OF ENTERPRISE IT
Supported by the IT Governance Institute (ITGITM) and built on ITGIs intellectual property and
input from subject-matter experts from around the world, the CGEIT designation is designed for
professionals who have a significant management, advisory or assurance role relating to the
governance of IT.
The CGEIT exam consists of 120 multiple-choice questions that cover six job practice domains.
The task and knowledge statements within each domain are intended to depict the tasks
performed by individuals who have a significant management, advisory, or assurance role
relating to the governance of IT and the knowledge requirements to perform these tasks. They
are also intended to define the roles and responsibilities of the professionals performing IT
governance work. The job practice domains and percentages below indicate the emphasis of
questions that will appear on the exam.
Job Practice Domains; The job practice consists of task and knowledge statements, organized bydomains. The domains and their definitions are as follows:
1. IT Governance Framework (25 percent)Define, establish and maintain an ITgovernance framework (leadership, organizational structures and processes) to: ensure
alignment with enterprise governance; control the business information and information
technology environment through the implementation of good practices; and ensure
compliance with external requirements.
2. Strategic Alignment (15 percent)Ensure that IT enables and supports the achievementof business objectives through the integration of IT strategic plans with business strategicplans and the alignment of IT services with enterprise operations to optimize business
processes.
3. Value Delivery (15 percent)Ensure that IT and the business fulfill their valuemanagement responsibilities: IT-enabled business investments achieve the benefits as
promised and deliver measurable business value both individually and collectively, that
required capabilities (solutions and services) are delivered on time and within budget,
and that IT services and other IT assets continue to contribute to business value.
4.
Risk Management (20 percent)Ensure that appropriate frameworks exist and arealigned with relevant standards to identify, assess, mitigate, manage, communicate and
monitor IT-related business risks as an integral part of an enterprises governance
environment.
8/4/2019 ISACA Certifications 21 Jul 11
3/3
Page 3 of3
5. Resource Management (13 percent)Ensure that IT has sufficient, competent andcapable resources to execute current and future strategic objectives, and keep up with
business demands by optimizing the investment, use and allocation of IT assets.
6. Performance Measurement (12 percent)Ensure that business-supporting ITgoals/objectives and measures are established in collaboration with key stakeholders,
and that measurable targets are set, monitored and evaluated.
CERTIFIED IN RISK AND INFORMATION SYSTEMS CONTROL
CRISC exam is offered twice each year and consists of 200 multiple-choice questions that cover
five domains defined by the CRISC job practice. The domains and percentages below indicate
content and the emphasis of questions that will appear on the exam. The job practice is based
on ISACAs global research and frameworks including Risk IT and COBIT 4.1, independent
market research, and input from thousands of subject matter experts (SMEs) from around the
world. The statements within each domain are intended to define the roles and responsibilities
of the CRISC professional.
Domains: The job practice consists of task and knowledge statements, organized by domains.
These statements and domains were the result of extensive research and feedback from risk and
control SMEs around the world. The domains and their definitions are as follows:
1. Domain 1Risk Identification, Assessment and Evaluation (31 percent): Identify, assessand evaluate risk factors to enable the execution of the enterprise risk management
strategy.
2. Domain 2Risk Response (17 percent): Develop and implement risk responses to ensurethat risk factors and events are addressed in a cost-effective manner and in line with
business objectives.
3. Domain 3Risk Monitoring (17 percent): Monitor risk and communicate information tothe relevant stakeholders to ensure the continued effectiveness of the enterprises risk
management strategy.
4. Domain 4Information Systems Control Design and Implementation (17 percent):Design and implement information systems controls in alignment with the organizations
risk appetite and tolerance levels to support business objectives.
5. Domain 5Information Systems Control Monitoring and Maintenance (18 percent):Monitor and maintain information systems controls to ensure that they function
effectively and efficiently.