This book is designed for anyone interested in taking the Certified Information Systems Auditor (CISA) exam. The CISA certification is one of the hottest in the market, with annual growth in excess of 28 percent, according to the Information Systems Audit and Control Association (ISACA), the administering organization.
It is a trend worldwide for organizations to have to implement and prove the existence of strong internal controls. You may have heard of a few of these, such as the following:
Basel II accord for risk management in banking
Sarbanes-Oxley Act (SOX) for public corporations
Federal Information Security Management Act (FISMA)
Payment Card Industry (PCI) standards for credit card processing
Health Insurance Portability and Accountability Act (HIPAA)
These are just five of more than twenty high-profile regulations that demand audited proof of internal controls. Frankly, these result in a long list of opportunities for a CISA. This may be the opportunity that you have been looking for, especially if you come from a background of finance or technology.
The CISA world is exploding. Corporations are hiring more consultants than ever before in an effort to obtain compliance before they get caught short. Consulting companies are hiring as many people as they can represent as qualified in an effort to service the same corporations. Small organizations are finding themselves at a competitive disadvantage if they're unable to demonstrate the same level of internal controls to their larger customers. One of the fundamental rules of auditing is that participating in the remediation (fixing) of problems found during the audit would compromise the auditor's independence. Under the rules of independence, the independent auditor must remain independent to certify the results as valid. A second, unrelated auditor should work on the remediation. The requirements for regulatory compliance are ongoing, and that means remediation at some level will be ongoing too. In other words, the auditor requirement is actually doubled. The opportunity for you is available right now.
For many years, organizations have undergone the scrutiny of financial audits. As financial systems have become more and more complex, automation has introduced a situation in which the integrity of financial records may be in question. An organization would hire a certified public accountant to review their financial records and attest to their integrity. Larger organizations would hire certified internal auditors to assist with normal internal controls of the business. Now, the long list of regulations requiring internal controls has focused attention on the information systems. Computers are now the house in which the financial records live. The CISA is the top credential for auditing IS and related internal controls.
This book is designed to help you become a well-respected CISA. We have been teaching CISA classes for several years and have some truly outstanding success stories. The test alone is a stepping-stone in your career. Our goal is to take you through the CISA test better than anyone else by showing you the "how and why" of IS auditing. If you are familiar with technology, this book will help you understand how the auditor must act to be successful. If you come from a financial background, we're going to take you through an introductory tour of technology. The explanations in this book are technically correct and designed to be simple to understand.
Many opinions exist about how the information systems audit should be performed. This book covers the official auditing standards necessary for you to be successful. You'll find that this book contains the valuable information necessary to operate a successful consulting practice. Initially our focus is on helping you pass your exam. However, this information will help you earn a great deal more than just a paper certificate, if you apply it.
Each chapter in this book has been arranged in a logical sequence focusing on a practical application. ISACA produces fine materials written by committees of authors. We have chosen to take a different route. We have written the material in this book in the sequence that we would use to teach you prior to an audit engagement. Every point that you read will carry through to the subsequent pages of this Study Guide. The analogy is comparable to building a pyramid. You'll start with gaining a firm understanding of the basics and build your way up to the advanced material. We strongly suggest that you read the book in sequence, without skipping ahead.
One of our complaints about other study material is that it simply represents a brain dump of answers or contains excessive redundancy. We have tried our best to present the material in an orderly fashion and to provide supporting examples.
ISACA offers the most recognized certification in the world for IS auditors: the Certified Information Systems Auditor (CISA) certification. It is recognized worldwide by all corporations and governments. ISACA has members in more than 140 countries and is recognized as the leader in IT governance, control, and assurance. This association was founded in 1969 as the Electronic Data Processing Auditors Association, with an objective to develop international IS auditing and control standards. As a result, it has created the number one information systems audit certification in the world, the CISA.
ISACA controls and administers the CISA exam worldwide. More than 50,000 professionals have earned their CISA to date. Still, the demand exceeds the supply.
So, why become a CISA? The answer: credibility and opportunity. Many people proclaim themselves to be IS auditors. The majority of uncertified auditors are no more than well-meaning individuals who habitually violate the official audit standards. Here is a short list of the benefits associated with becoming a CISA:
- Demonstrates proof of professional achievement
The CISA certification provides evidence that you have prior experience and are able to pass a rigorous certification exam. The exam tests your knowledge of auditing practices related to information systems. The test itself is loaded with technical challenges that require a significant understanding of technology. The CISA certification shows that you understand the audit requirements and are able to lead a successful audit in accordance with widely accepted audit practices. The certification demonstrates to the world that your experience represents a significant value.
- Provides added value to your employer
Today's employers are savvy to the value of training. Your CISA study is expected to illuminate new methods to improve your skills on the job. It's fairly common for individuals to start their career by mimicking a more senior person performing a similar job (as the saying goes, monkey see, monkey do). Our goal is to shine the light on specific practices that you should have been following, even if you never heard of them before. Your job performance will improve after you learn the proper foundation and CISA resources.
- Provides an assurance of quality to your clients
Audit clients are a demanding breed of individuals. The fate of the client's organization may rest on the findings detailed in the auditor's report. There is little room for mistakes. The CISA credential indicates that you are a person who can be trusted to deliver accurate results. Who would you trust to represent you: a person with no proof, or someone who can demonstrate a measure of credibility? The person reading the audit report needs to understand that your work is accurate. The client will direct capital and resources to be expended according to the report you provide. The CISA certification represents a third-party audit of your personal knowledge. It helps prove your credibility.
- Increases your market value
The IS audit market is exploding at a phenomenal rate. The CISA credential helps separate you from the mass of self-proclaimed auditors. Many organizations regard the CISA as the hallmark of professionalism. There is no better way to attract the favorable attention of management. It does not matter whether you're internal or external to the organization—the credential speaks for itself. The requirements called for in government regulations are becoming a growing concern for executives. Your customer may not understand all the details necessary to describe the job of an auditor; however, your client will recognize that an auditor with the CISA certification should be able to fulfill their needs. In addition, audit firms can bill more money for certified professionals.
- Provides a greater opportunity for advancement
Every organization strives to hire good people who are motivated. What does the lack of certification say about someone? Is it that they are unmotivated? Could it be that they are not capable? Or is it simply that they are afraid to try? No manager in their right mind would promote an individual who has not proven their value. Taking the time to get trained and certified shows the world that you are motivated, that you are somebody who wants to get things done. That trait alone can get you promoted. Instead of using words to describe your ability, you can prove it with your CISA credential. People will know that you're serious about your job and will treat you accordingly.
- Builds respect and confidence from other people
The world today is extremely specialized. Consider that many things of premium value in today's world are certified. We have certified used cars, certified mail, certified public accountants, certified travel agents, certified lawyers, and even certified Subway sandwich artists. The people you meet may not completely understand what is involved in being a CISA. However, they will understand that you have expended time and energy to obtain the certification. You will gain their respect because of the effort you've demonstrated. If given the choice, almost everyone would choose to use a person who is certified. The CISA is a major step toward the widespread credibility that you desire.
The CISA designation is given to individuals who have demonstrated their ability to fulfill the following five requirements:
- Pass the CISA exam
The CISA examination is offered two times a year, once in June and again in December. You have to register for the test three months before it is administered. You can register online at
www.isaca.orgor by mail. You take the test with pencil and paper in front of a live test proctor. The examination is 200 multiple-choice questions that will take approximately 4 hours. A grade of 75 percent is required to pass the CISA examination. There is a 4-hour time limit.- Professional experience in information systems auditing, control, or security
To qualify for certification, you must demonstrate five years of IS auditing experience. ISACA will accept up to two years of substitution toward the work experience requirement, as follows:
- Related experience substitution
You can substitute a maximum of one year of experience from financial or operational auditing, or from information systems experience.
- College credit hour substitution
The equivalent of an associate or bachelor's degree can be substituted for one or two years, respectively (60 hours or 120 hours).
- University instructor experience substitution
A full-time university instructor can substitute two years of on-the-job experience toward one year of the IS auditing control or information security experience.
Your CISA test results are valid for five years from the examination date. Even without any experience at this time, you can take the examination. Certification will be awarded only after you have provided verification of desired work experience (of five years or the equivalent). ISACA limits acceptable experience to that which has occurred within 10 years prior to your application date.
- Continuous adherence to ISACA's code of professional ethics
Trust and integrity are paramount to the auditor's profession. You will be required to pledge your ongoing support for adherence to the IS auditor's code of professional ethics.
- Continuing education in the profession
You are required to continuously improve your skills. Continuing education is the best method of maintaining an individual's competency. Learning new skills with new certifications will improve your professional abilities. Demonstrating a commitment to continuing education differentiates qualified CISAs from those who have not fulfilled their professional responsibilities. You will be required to demonstrate a minimum of 20 contact hours of training each year, which must total 120 contact hours in a three-year period.
- Adherence to well-established IS auditing standards
The purpose of auditing standards is to ensure quality and consistency. An auditor who fails to meet the standards places themselves and the profession in peril. ISACA provides excellent information to guide auditors through their professional responsibilities. The auditing standards are based on well-recognized professional practices applied worldwide.
If you're serious about becoming a professional CISA auditor, you should buy this book to study for your exam. If you're curious about becoming an auditor, you should buy this book to learn how the job is actually done.
The people entering the CISA profession are usually one of the following:
IT professionals with a desire to expand into the lucrative world of consulting
Financial professionals looking for upward mobility with new challenges
Internal auditors seeking to demystify the control issues within IT
This book is unique in the field of IS auditing. You will benefit from this book by learning the methods necessary to be a successful auditor. Each chapter builds step-by-step toward obtaining your goal. This book provides important details about how to accomplish your job, the exam objectives for each chapter, and all of the most important auditing concepts.
This book is organized into eight chapters. Each begins with a list of chapter objectives that relate directly to the CISA exam.
An "Exam Essentials" section appears near the end of every chapter to highlight the topics that you're likely to encounter during your exam. These exam essentials are intended to provide guiding thoughts rather than a laundry list of details. Our goal is to help you focus on the higher-level objectives from each chapter as you move into the next chapter.
At the end of every chapter are approximately 35 review questions with explanations. You can use these review questions to help gauge your level of understanding and better focus your study effort. As you finish each chapter, you should review the questions and check whether your answers are correct. If not, you should really read the section again. Look up any incorrect answers and research why you may have missed the question. It may be a case of failing to read the question and properly considering each of the possible answers. It could also be that you did not understand the information. Either way, going through the chapter a second time would be valuable.
We have included several other testing features in the book and on the companion CD. Following this introduction is an Assessment Test that will help you gauge your study requirements. Take this test before you start reading the book. It will help you identify areas that are critical to your success. The answers to the assessment test appear after the last question. Each question includes a short explanation with information directing you to the appropriate chapter for more information.
Included on this book's CD are two bonus exams of 80 questions each. In addition, there are more than 300 flash cards. You should use this Study Guide in combination with your other materials to prepare for the exam.
Take these practice exams as if you were taking the real exam. Just sit down and start the exam without using any reference material. We suggest that you study the material in this book in conjunction with the related ISACA references on IS auditing standards. The official CISA exam is very challenging. Most individuals will barely finish the exam before time runs out. Fortunately for you, our students have a high success rate. You have it within you to become the next certified CISA.
You are ready for your CISA exam when you score higher than 90 percent on the practice examinations and chapter reviews.
A copy of this book is on the CD in Adobe Acrobat PDF format for easy reading on any computer.
Note
The practice exams included on the CD are timed to match the pace of your actual CISA exam.
Certainly you are curious about the types of questions you will encounter on the exam. ISACA is very protective of the actual test questions. Let's look at how the test is designed:
The CISA exam is not an IT security test. Candidates will be expected to understand the basic concepts and terminology of what they will be auditing. However, security knowledge alone will not help candidates pass the test.
The CISA exam is not a financial auditor exam. Candidates are not expected to be accounting technicians or to perform complex financial transactions.
The CISA exam is not a computer technician exam. Candidates are not expected to build computers or to configure network devices. They are expected to understand the common terminology.
The entire focus is on how to apply the structured rules of financial auditing to the abstract world of managing information technology.
By properly studying this book, you will better understand the hows and whys of being a successful CISA. Just remember, the IS auditor is a specially trained observer and investigator. We don't actually fix problems; we report findings after using a structured process of investigation. Understanding how to get the right evidence is the key.
The CISA exam is based on ISACA's auditing standards and the application of the Statement on Auditing Standards (SAS). Abstract concepts of IT require the auditor to use a different approach to auditing. Adults learn by direct experience or by speaking with other people. Here are the two ways to fail your exam:
- Rehearsing practice questions more than twice
One bad habit is to rehearse by using practice questions. The brain stops learning after the second pass over the same question, and then it starts memorizing the wording. This causes the brain to record the answer as rote memory rather than to learn the information. As a result, you will likely miss the correct answer on your exam because of the different way ISACA presents the questions and answer choices. Another problem is using questions from the Internet that cannot be traced to an official source. Bad questions make the seller money while programming your mind with the wrong information. Beware of ghostly sellers hiding behind websites without full contact information prominently displayed. I suggest you stick to the questions in this book or use the ISACA official practice questions. Stop rehearsing the same question after two passes. Instead, reread the corresponding section in the book.
- Improper study preparation
The CISA exam is designed to prevent cram study. You will discover that the structure of the exam questions is rather convoluted. Some of the answer choices will barely fit the question. Just select the best choice that honors the spirit and intent of our audit objectives. It's possible that the best answer is only 51 percent correct. Go with the 51 percent answer if that is the best choice available. This confusion is intentional, to prevent the test taker from using rote memory. The best study technique is to read about 1 hour per night while taking manual notes. Be sure to read all the sections—every page. Previous CISA candidates were quite perturbed to discover that the area they assumed to be their strongest was instead where they scored poorly. You may have many years of experience in the subject, but what matters is that your view agrees with ISACA's exam. I have not heard of a single person getting a better score after protesting an official exam question. ISACA uses a professional testing company to run their exam. Protest a question if you must, but I'll wager that you lose the protest and your protest fee in the end.
The CISA examination is quite difficult unless you are prepared. Preparation requires good study habits and a well-planned schedule. You should review your notes at least 30 minutes per night, but not more than 2 hours per day. As we said, cramming for this examination will not work.
Let's discuss preparations leading up to test day—specifically, the best method to arrange your schedule for that ace grade.
Review each chapter in your Study Guide. Give extra attention to the subjects that you may have skimmed over earlier. The test is written from the viewpoint of an auditor, using directives from ISACA's world.
Note
Number one hint: Make sure you are reading from the auditor's perspective.
You should review the flash cards on the accompanying CD. It is also an excellent technique to make your own flashcards by using 3″ × 5″ index cards. Take a dozen or two dozen to the office each day for random practice between meetings.
Be sure to run through the Bonus Exams on the CD. They are less difficult than the real test, but still a good resource to see where you stand. The value of these tests is in improving your resilience and accuracy.
Be sure to request a day of rest. Ask your boss for personal time. Use vacation time if necessary. Most employers will understand after you remind them of the limited testing dates.
The exam location may be in a hotel, college, or convention center. It will save you a great deal of time and stress to drive over to visit the test site. You should do this even if you have been there recently. The room number for your test will be printed on your exam acceptance letter. Make it a point to locate the meeting room and physically walk up to touch the door. In colleges, it is possible that room 300 is a significant walk away from room 302. Arriving at the wrong building can ruin your day if it makes you late to the exam.
Convention centers are worse. Unknown to you, there may be a big trade convention over the upcoming weekend. Such an event will change the availability of parking in the area. It will also affect the long route you may have to walk in order to enter the examination room.
The best suggestion is to scout the area for a nearby place to eat breakfast. Plan to eat healthy before the exam begins.
The best aid to a high score is to take off early on Friday. Remember, the exam is early on Saturday morning. Make a pact with your friends and family to leave you alone all day Friday. You may consider limiting your diet to simple foods, avoiding anything that is different than usual. This is not the time to experiment.
Make a pact with yourself: There are no errands or chores more important than passing the exam.
Go to bed earlier than usual. Do whatever it takes. You will need to be up and totally focused by 6 a.m. Try to go to bed by 10 p.m. Set two alarm clocks to get up on time. Put your favorite study materials together in a carrying bag. You will take them with you to the exam for a final glance before being seated for the test. The exam is a "closed book" test.
Do not attempt to cram on Friday night; it will work against you in a long test like the CISA. Just review your notes again. Be sure to run through the flash cards and chapter review questions.
We suggest people with a technical background review Chapter 2, "Audit Process," and Chapter 3, "IT Governance," twice. If you have a financial background, the best advice is to reread Chapter 4, "Networking Technology," and Chapter 7, "Information Asset Protection." Practicing drawing the diagrams and models on a separate sheet of paper will help you understand the specific wording of questions and make it easier to select the correct answer. Be prepared to redraw the models from memory during your exam.
Time to get up and get yourself moving. Be sure to arrive at the exam early. Test room locations have been known to change overnight, especially at college locations.
After arrival, you can sit in the hallway while you wait. This is an excellent time to make a final review of your notes. There is no advantage to being seated before 7:30 a.m. Just park yourself within a few feet of the door to ensure that you are not forgotten or missed. You can expect a long line at some test locations. Major cities may have 200–300 people sitting in different rooms.
Upon entering the room, ask if you can draw inside the test booklet. Tell the proctor you like to make longhand notes when solving problems. Usually the booklet will never be reused, so you can mark in it all day long.
You can make notes to yourself in the booklet and mark your favorite answer, and then just transfer the answer from the test booklet to the answer sheet. This technique really helps if you start jumping around or choose to skip a question for later. Consider drawing useful diagrams such as the OSI model on the inside back cover of the booklet. The proctor will tell you that only answers on the answer sheet will count toward your score.
You should expect the test to take the entire 4 hours. Manage your time carefully to avoid running out of time before finishing the test. It is advisable to plan ahead for both pace and breaks. The exam proctor will usually allow you to take restroom breaks as long as you do not talk to anyone about the exam while out of the room. You might find it helpful to reduce fatigue by just taking a walk to the restroom and then splashing water on your face. One trip per hour seems to work fine. Most test takers will finish in the last 10 minutes before time is called by the proctor.
Read each question very carefully! The questions are intentionally worded differently from this Study Guide. For overly confusing questions or ones that you are not sure of, try reading them twice or even three times.
On the first pass, circle the operative points in the question, such as the words not, is, best, and, or, and so on. Next, underline the nouns or the subject of the question. For example, if the question is "The purpose of controls is to. . .," you would underline purpose and circle the word is.
On the second pass, ensure that you understand the implied direction of the question and its subject. Is the question a positive (is) or negative (is not) implication? Watch for meanings that are positive, negative, inclusive, or exclusive. A common technique used for writing test questions is to imply terminology associations that should not exist or vice versa. Do not violate the intent of the question or answer. Most people fail a question by misreading it.
On the third pass, dissect the available answers by using a similar method. Watch for conflicting meaning or wrong intent.
Place a star next to any question in the booklet when you have doubts about your answer. You can return to the question before turning in your answer sheet. (This keeps your answer sheet clean of any stray marks.)
For your final check, you can compare the answers marked in the test booklet to your answer sheet. Remember that there is no penalty for wrong answers. Do not leave any blank. Just take a guess if you must.
Plan for a relaxing activity with your family or friends after the exam. We suggest you plan something that is fun and doesn't require mental concentration; you will be mentally worn out after the exam. Do not punish yourself by looking up the answers for a particular test question. The test is over.
You should receive your score from ISACA in about five to seven weeks. It may be by email or a simple one-page letter.
We wish you all the best. Good luck on your exam.
A notice of your official score will be mailed or emailed to you six to eight weeks after the exam. You should expect the mailed letter to be two pages stating that you either failed or passed. ISACA will inform you of your score. Contesting a score is usually a waste of effort.
After you pass, the next step is to complete ISACA's application to be certified. You will need to provide contact names, email addresses, and phone numbers for each of your references. ISACA will verify your claim prior to awarding you the CISA credential. No reference = no credit. So, contact your references in advance so they are ready to respond to ISACA's reference check. It's a good idea to have lunch with your references in advance. Give them a copy of your CISA application to discuss together in person. You can expect to be an official CISA 10 to 12 weeks after the exam—if you are prompt in filing the application and do a good job of managing the response time of your references.
Although this book focuses on ISACA's CISA certification, there are many more certifications you should consider for your professional advancement. This section offers a sampling of the more commonly known professional certifications that cover many of the same topics that the CISA does. This list is not inclusive of all certifications. It focuses only on vendor-neutral certification, which provides an unbiased view of the issues facing all vendors and customers.
It is important to be able to separate performance claims (smoke) from truly effective function (results). Results are measured by highest effect on the ultimate need and not by the use of a particular computer software package. There is a big difference between managing and just being an application operator. Persons with the following certifications should be versed in the basics for success in their field.
The following certifications are focused on IS security topics:
- Certified Information Systems Security Professional (CISSP)
This exam, administered by the International Information Systems Security Certification Consortium, or (ISC)2, covers the 10 knowledge areas of information security. Certification requires passing the exam plus five years of IS security experience.
- Systems Security Certified Practitioner (SSCP)
This exam, administered by (ISC)2, covers 7 of the 10 knowledge areas of information security. Certification requires passing the exam plus two years of IS security experience. SSCP is a subset of the CISSP subject material. CertTest recommends that you attend the CISSP course to ensure that you receive all the training necessary for your future.
- Certified Information Security Manager (CISM)
CISM is intended for managers. The CISM certification provides a different level of practices when compared to the CISSP. This exam is administered by ISACA. CISM covers the more advanced areas of risk management, specific management controls, and governing IS security. Certification requires passing the exam plus five years of experience in IS auditing, control, or security. Your CISA experience can count toward the work experience.
- Security+
This exam, administered by the Computing Technology Industry Association, or CompTIA (
www.comptia.org), is an entry-level security certification. It covers a fraction of the topics covered in the CISSP certification. Security+ is not intended to be a prerequisite for CISM or CISSP. Security+ is good for beginners and individuals who would not be able to meet the work experience of the other certifications.
In addition to the CISA, a few of the other certifications focus on auditing, including the following:
- Certified Internal Auditor (CIA)
This certification, administered by The Institute of Internal Auditors (
www.theiia.org), requires passing a four-part exam. The exams may be taken separately or combined in any order. Each part is 125 multiple-choice questions. In addition, candidates must have a bachelor's degree or equivalent, plus 24 months of internal auditing experience.- Certified Fraud Examiner (CFE)
This certification, administered by the Association of Certified Fraud Examiners (
www.acfe.org), requires passing the exam plus a bachelor's degree and two years of fraud detection–related work experience in the areas of accounting, auditing, fraud investigation, criminology, loss prevention, or law.- Information Assessment Methodology (IAM)
This certification, administered by the U.S. National Security Agency (
www.nsa.gov), requires U.S. citizenship with at least two years of experience in information system security and/or IS auditing. This certification was originally created by presidential executive order and is now mandated by U.S. Homeland Security Directive/HSPD-7. IAM certification is designed for system administrators and auditors working on government systems, critical infrastructure, and commercial systems.- Information Evaluation Methodology (IEM)
IEM is a new certification that extends the IAM to include hands-on technical testing and formal evaluation of IS systems by using the NSA's official evaluation methodology. Certification is administered by the U.S. National Security Agency. The only way to get certified is to attend the actual class and perform the labs in person under the supervision of the NSA's official instructor. You must complete all the labs in person, just like taking your driving test to get a driver's license.
The following certifications focus on disaster recovery and business continuity topics:
- Associate Business Continuity Professional (ABCP)
This certification, administered by the Disaster Recovery Institute International, or DRII (
www.drii.org), covers the 10 best practices of disaster recovery and business continuity. The Associate covers the same material as the CBCP, but does not require any work experience.- Certified Business Continuity Professional (CBCP)
This certification, also administered by DRII, requires passing the CBCP exam, plus you must have two years of experience as a business continuity/disaster recovery planner.
- Master Business Continuity Professional (MBCP)
This certification, also administered by DRII, requires participation in the DRII Masters program along with passing a qualifying exam and then the MBCP exam. You must also have five years of practical experience.
- Fellow of the Business Continuity Institute (FBCI )
This certification, administered by the Business Continuity Institute (
www.thebci.org), is based on a points-scoring system.
The following certifications focus on project management:
- Certified Associate in Project Management (CAPM)
This certification, administered by the Project Management Institute (
www.pmi.org), requires passing the CAPM exam plus 23 hours of formal PMI training or 1,500 hours of project management–related work experience. The CAPM test covers a reduced version of the PMP content areas. CertTest recommends that all CAPM candidates follow the complete PMP study curriculum to ensure you receive the full training necessary for a leadership role. The secret is to show your boss that you have been trained with as much knowledge as a PMP. This will help you advance, even though you are still building your hours of experience.- Project Management Professional (PMP)
This certification, also administered by the Project Management Institute, covers 44 process areas of project management. Certification requires 35 hours of formal PMI training with 4,500 hours of project management–related work experience if you have a four-year college degree. Alternatively, you can qualify with 7,500 hours of experience and a high school diploma. PMI will check your work references before you can schedule your exam. The PMP exam is a 4-hour computer-based test that you must take in person at your nearest Prometric testing center. You are officially a PMP after your experience is accepted and you pass your exam.
- Project+
This entry-level certification is administered by CompTIA. Certification is obtained via a computer-based exam at your nearest Prometric test center. No work experience is required. Project+ is not intended to be a prerequisite for CAPM or PMP.
The following certifications focus on physical building security topics:
- Physical Security Professional (PSP)
This certification is administered internationally by ASIS International (
www.asisonline.org). Certification requires passing the exam plus a high school diploma and five years of verified security-related work experience.- Certified Protection Professional (CPP)
This certification, also administered internationally by ASIS International, requires passing the exam plus a bachelor's degree and nine years of verified security-related work experience. A minimum of three years of your experience must be in security management.
Note
CertTest Training Center, the training center we teach at, offers many classes for a number of these certifications. In addition, we offer a SuperHERO course, which covers project management, CISM/CISSP for IS security, and business continuity. For more information, visit our website at www.certtest.com.