Information Systems Audit and Control Association: Difference between revisions

Christiane (talk | contribs)
m Typo
 
(12 intermediate revisions by 2 users not shown)
Line 2: Line 2:
| logo            = ISACA.JPG‎
| logo            = ISACA.JPG‎
| type            = Non-Profit
| type            = Non-Profit
| industry        = Inernet
| industry        = Internet
| founded        = 1969
| founded        = 1969
| founders        =
| founders        =
Line 24: Line 24:


==History==
==History==
The beginnings of ISACA can be traced back to 1967 when a group of professionals working in the field of auditing controls in computer systems realized the importance of having an organization which serves as the primary source of information for the industry. Subsequently in 1969, a group of auditors from Southern California incorporated the '''Electronic Data Processing Auditors Association (EDPAA)'''. '''Stuart Tyrnauer''' was the association's founding chapter president.<ref>[http://www.isaca.org/About-ISACA/History/Pages/default.aspx History]</ref> <ref>[http://www.isaca.org/About-ISACA/Volunteering/Pages/Past-Presidents.aspx Past Presisdents]</ref>
The beginnings of ISACA can be traced back to 1967 when a group of professionals working in the field of auditing controls in computer systems realized the importance of having an organization to serve as the primary source of information for the industry. Subsequently, in 1969, a group of auditors from Southern California incorporated the '''Electronic Data Processing Auditors Association (EDPAA)'''. '''Stuart Tyrnauer''' was the association's founding chapter president.<ref>[http://www.isaca.org/About-ISACA/History/Pages/default.aspx History]</ref> <ref>[http://www.isaca.org/About-ISACA/Volunteering/Pages/Past-Presidents.aspx Past Presisdents]</ref>


In 1973, the association held its first conference and released its first regular publication, the '''EDP Auditor'''. '''EDPAA Foundation''' was established in 1976. By 1977, the a compilation of guidelines, procedures, best practices, and standards for conducting EDP audits entitled "Control Objectives" was published by the foundation.It was was updated four times between 1980-1992. Major revisions was made to the document from 1992 to 1996 and the title became '''CobiT (Control Objectives for Information and Related Technology).''' Today, Cobit serves as an internationally accepted standard for the daily use of business managers, users of IT and IS auditors for IT control objectives and it is available on CD-ROM or online. In 1978 EDPAA established the '''Certified Information Systems Auditor (CISA)''', a certification program intended for internal and external auditors who are interested in acquiring a  separate certification in Information Technology. The first CISA exam was conducted in 1981.<ref>
In 1973, the association held its first conference and released its first regular publication, the '''EDP Auditor'''. '''EDPAA Foundation''' was established in 1976. By 1977, the a compilation of guidelines, procedures, best practices, and standards for conducting EDP audits entitled "Control Objectives" was published by the foundation. It was updated four times between 1980-1992. Major revisions were made to the document from 1992 to 1996 and the title became '''CobiT (Control Objectives for Information and Related Technology)'''. Today, Cobit serves as an internationally accepted standard for daily use by business managers, users of IT and IS auditors for IT control objective; it is available on CD-ROM or online. In 1978, EDPAA established the '''Certified Information Systems Auditor (CISA)''', a certification program intended for internal and external auditors who are interested in acquiring a  separate certification in Information Technology. The first CISA exam was conducted in 1981.<ref>
[http://media.wiley.com/product_data/excerpt/90/04712811/0471281190.pdf Fundamentals of the Internal Auditing]</ref>
[http://media.wiley.com/product_data/excerpt/90/04712811/0471281190.pdf Fundamentals of the Internal Auditing]</ref>


Over the years, EDPAA's membership increased not just in the United States but also in different countries worldwide. The CISA exam and its other documents were translate different languages including Dutch, French, German, Italian, Japanese, Spanish,Chinese and Korean. In 1991, '''Deepak Sarup''', became the first international president of EDPAA who lives outside North America. The name of the association was formally changed to Information Systems Audit and Control Association (ISACA) in 1994.<ref>[http://media.wiley.com/product_data/excerpt/90/04712811/0471281190.pdf Fundamentals of the Internal Auditing]</ref> At present, the Association decided to officially use its acronym to represent its broad range of services.
Over the years, EDPAA's membership increased not just in the United States but also worldwide. The CISA exam and its other documents were translated into different languages including Dutch, French, German, Italian, Japanese, Spanish,Chinese and Korean. In 1991, '''Deepak Sarup''', became the first international president of EDPAA to outside North America. The name of the association was formally changed to '''Information Systems Audit and Control Association (ISACA)''' in 1994.<ref>[http://media.wiley.com/product_data/excerpt/90/04712811/0471281190.pdf Fundamentals of the Internal Auditing]</ref> The Association has decided to officially use its acronym to represent its broad range of services.


===Publication===
ISACA is currently publishing the '''ISACA Journal''', a technical journal in information and control industry.<ref>[http://www.isaca.org/About-ISACA/History/Pages/default.aspx Global Network]</ref>
==Certification Programs==
==Certification Programs==
ISACA's certification programs are well-known around the world. The programs include:<ref>[http://www.isaca.org/CERTIFICATION/Pages/default.aspx IT Audit, Security, Governance and Risk Certifications]</ref>
ISACA's certification programs are well-known around the world. The programs include:<ref>[http://www.isaca.org/CERTIFICATION/Pages/default.aspx IT Audit, Security, Governance and Risk Certifications]</ref>
* '''Certified Information Security Manager (CISM)'''-Currently over 85,000 professionals have been certified on assessment, auditing, control or security and monitoring information technology and business systems.
* '''Certified Information Security Manager (CISM)'''-Currently over 85,000 professionals have been certified on assessment, auditing, control or security and monitoring information technology and business systems.
* '''Certified Information Systems Manager'''- There were 16,000 professionals engaged in information security management have been certified by the program since its establishment in 2003.
* '''Certified Information Systems Manager'''- There are 16,000 professionals engaged in information security management that have been certified by the program since its establishment in 2003.
* '''Certified in the Governance of Enterprise IT (CGEIT)'''- The program was launched in 2007 for professionals whose responsibilities are focused on IT governance. Around 4,500 professionals were certified under this program.
* '''Certified in the Governance of Enterprise IT (CGEIT)'''- The program was launched in 2007 for professionals whose responsibilities are focused on IT governance. Around 4,500 professionals are certified under this program.
* '''Certified in Risk and Information Systems Control (CRISC)'''- This program was introduced in 2010 and it was specifically designed for IT professionals who are interested in acquiring knowledge about IT risks identification, management,development,  implementation and maintenance of information systems controls. Since its establishment, over 14,000 professionals have already been certified by the program.
* '''Certified in Risk and Information Systems Control (CRISC)'''- This program was introduced in 2010 and it was specifically designed for IT professionals who are interested in acquiring knowledge about IT risk identification, management,development,  implementation and maintenance of information systems controls. Since its establishment, over 14,000 professionals have already been certified by the program.


==IT Governance Institute==
==IT Governance Institute==
In 1998, ISACA founded the IT Governance Institute (ITGI) due to the heightened significance of information technology as one of the key factors towards the success of entities or companies. The institute's main objective is to help business owners enhance their governance on information technology and develop IT in accordance with international standards. ITGI also aims to support businesses in  able maximizing IT in achieving their business goals, enhance their business investments as well as appropriately and effectively manage the risks and opportunities associated with information technology. The main activity of the institute is conducting original research on IT governance. Its' recent publications include:<ref>
In 1998, ISACA founded the [[IT Governance Institute]] (ITGI) due to the heightened significance of information technology as one of the key success factors for entities or companies. The institute's main objective is to help business owners enhance their governance of information technology and develop IT in accordance with international standards. ITGI also aims to help businesses achieve their business goals, enhance their business investments, and as appropriately and effectively manage the risks and opportunities associated with information technology. The main activity of the institute is conducting original research on IT governance. Its' recent publications include:<ref>
[http://www.itgi.org/template_ITGI923a.html?Section=About_ITGI&Template=/ContentManagement/HTMLDisplay.cfm&ContentID=57434 About ITGI]</ref>
[http://www.itgi.org/template_ITGI923a.html?Section=About_ITGI&Template=/ContentManagement/HTMLDisplay.cfm&ContentID=57434 About ITGI]</ref>
* An Executive View on IT Governance
* An Executive View on IT Governance
* Global Status Report on the Governance of Enterprise IT (GEIT) series
* Global Status Report on the Governance of Enterprise IT (GEIT) series
* Board Briefing on IT Governance, 2nd Edition
* Board Briefing on IT Governance, 2nd Edition
==Publication==
ISACA is currently publishing the '''ISACA Journal''', a technical journal in information and control industry.<ref>[http://www.isaca.org/About-ISACA/History/Pages/default.aspx Global Network]</ref>


==ISACA and ICANN==
==ISACA and ICANN==
IN 2009, Peter Wood, member of ISACA’s Conference Committee and founder of First Base Technologies warned that [[ICANN]]'s plan to support non-Latin characters, including Mandarin, Arabic, Hindu and Cyrillic in implementing the Internationalized Domain Names ([[IDN]]s will increase consumer fraud and cyber security attacks such as phising. In his comments Wood explained, "Glyphs representing certain characters from different scripts might appear similar or even identical. For example, in many fonts, Cyrillic lowercase A ("a") is indistinguishable from Latin lowercase A ("a"). An unscrupulous host site can use this visual ambiguity to pretend to be another site and take advantage of site visitors.
In 2009, [[Peter Wood]], member of ISACA’s Conference Committee and founder of First Base Technologies warned that [[ICANN]]'s plan to support non-Latin characters, including Mandarin, Arabic, Hindu and Cyrillic by implementing the [[IDN|Internationalized Domain Names]] (IDNs) will increase consumer fraud and cyber security attacks such as phising. In his comments Wood explained, "Glyphs representing certain characters from different scripts might appear similar or even identical. For example, in many fonts, Cyrillic lowercase A ("a") is indistinguishable from Latin lowercase A ("a"). An unscrupulous host site can use this visual ambiguity to pretend to be another site and take advantage of site visitors”.<ref>[http://www.itbsoftware.com/pr/34177 ISACA Warns Increase in Web Site Characters Could Lead to More Phishing Attacks]</ref>
<ref>[http://www.itbsoftware.com/pr/34177 ISACA Warns Increase in Web Site Characters Could Lead to More Phishing Attacks]</ref>


==References==
==References==