Information Systems Audit and Control Association

ISACA also known as Information Systems Audit and Control Association is a non profit, independent membership association providing advocacy, certifications, and information about information systems assurance, control and security, Information Technology (IT) enterprise governance and other IT-related risk and compliance.The association has 190 chapters within 175 countries and 95,000 members around the world.[1]

Type: Non-Profit
Industry: Inernet
Founded: 1969
Headquarters: 3701 Algonquin Road, Suite 1010

Rolling Meadows, IL 60008

Country: USA
Website: www.isaca.org
Facebook: ISACA
LinkedIn: ISACA
Twitter: @ISACANews
Key People
Emil D’Angelo,CISA, CISM, International President ISACA 2010-2011

History

The beginnings of ISACA can be traced back to 1967 when a group of professionals working in the field of auditing controls in computer systems realized the importance of having an organization to serve as the primary source of information for the industry. Subsequently, in 1969, a group of auditors from Southern California incorporated the Electronic Data Processing Auditors Association (EDPAA). Stuart Tyrnauer was the association's founding chapter president.[2] [3]

In 1973, the association held its first conference and released its first regular publication, the EDP Auditor. EDPAA Foundation was established in 1976. By 1977, the a compilation of guidelines, procedures, best practices, and standards for conducting EDP audits entitled "Control Objectives" was published by the foundation. It was updated four times between 1980-1992. Major revisions were made to the document from 1992 to 1996 and the title became CobiT (Control Objectives for Information and Related Technology). Today, Cobit serves as an internationally accepted standard for daily use by business managers, users of IT and IS auditors for IT control objective; it is available on CD-ROM or online. In 1978, EDPAA established the Certified Information Systems Auditor (CISA), a certification program intended for internal and external auditors who are interested in acquiring a separate certification in Information Technology. The first CISA exam was conducted in 1981.[4]

Over the years, EDPAA's membership increased not just in the United States but also worldwide. The CISA exam and its other documents were translated into different languages including Dutch, French, German, Italian, Japanese, Spanish,Chinese and Korean. In 1991, Deepak Sarup, became the first international president of EDPAA to outside North America. The name of the association was formally changed to Information Systems Audit and Control Association (ISACA) in 1994.[5] The Association has decided to officially use its acronym to represent its broad range of services.

Publication

ISACA is currently publishing the ISACA Journal, a technical journal in information and control industry.[6]

Certification Programs

ISACA's certification programs are well-known around the world. The programs include:[7]

  • Certified Information Security Manager (CISM)-Currently over 85,000 professionals have been certified on assessment, auditing, control or security and monitoring information technology and business systems.
  • Certified Information Systems Manager- There are 16,000 professionals engaged in information security management that have been certified by the program since its establishment in 2003.
  • Certified in the Governance of Enterprise IT (CGEIT)- The program was launched in 2007 for professionals whose responsibilities are focused on IT governance. Around 4,500 professionals are certified under this program.
  • Certified in Risk and Information Systems Control (CRISC)- This program was introduced in 2010 and it was specifically designed for IT professionals who are interested in acquiring knowledge about IT risk identification, management,development, implementation and maintenance of information systems controls. Since its establishment, over 14,000 professionals have already been certified by the program.

IT Governance Institute

In 1998, ISACA founded the IT Governance Institute (ITGI) due to the heightened significance of information technology as one of the key success factors for entities or companies. The institute's main objective is to help business owners enhance their governance of information technology and develop IT in accordance with international standards. ITGI also aims to help businesses achieve their business goals, enhance their business investments, and as appropriately and effectively manage the risks and opportunities associated with information technology. The main activity of the institute is conducting original research on IT governance. Its' recent publications include:[8]

  • An Executive View on IT Governance
  • Global Status Report on the Governance of Enterprise IT (GEIT) series
  • Board Briefing on IT Governance, 2nd Edition

ISACA and ICANN

In 2009, Peter Wood, member of ISACA’s Conference Committee and founder of First Base Technologies warned that ICANN's plan to support non-Latin characters, including Mandarin, Arabic, Hindu and Cyrillic by implementing the Internationalized Domain Names (IDNs) will increase consumer fraud and cyber security attacks such as phising. In his comments Wood explained, "Glyphs representing certain characters from different scripts might appear similar or even identical. For example, in many fonts, Cyrillic lowercase A ("a") is indistinguishable from Latin lowercase A ("a"). An unscrupulous host site can use this visual ambiguity to pretend to be another site and take advantage of site visitors”.[9]

References