ISACA
The Information Systems Audit and Control Association (ISACA) administers the Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), Certified in Risk and Information Systems Control (CRISC), and Certified in the Governance of Enterprise Information Technology (CGEIT) certifications. These certifications are helpful for professionals who work in organizations subject to various security regulations including Sarbanes-Oxley, Health Insurance Portability and Accountability Act (HIPAA), Gramm-Leach-Bliley Act (GLBA), and the Payment Card Industry Data Security Standard (PCI DSS).
CISA
The 200-question multiple-choice CISA exam, offered biannually in June and December, covers the following six job-practice areas:
Information Systems Audit Process
Information Technology Governance
Systems and Infrastructure Lifecycle Management
Information Technology Service Delivery and Support
Protection of Information Assets
Business Continuity and Disaster Recovery
Minimum requirements for CISA certification include five years of current work experience (meaning within the past ten years or within five years of passing the exam) in the fields of Information Systems auditing, control, assurance, or security.
CISM
The 200-question multiple-choice CISM exam, offered biannually in June and December, covers the following five job-practice areas:
Information Security Governance
Information Risk Management
Information Security Program Development
Information Security Program Management
Incident Management & Response
Minimum requirements for CISM certification include five years of current work experience (within the past ten years or within five years of passing the exam) in the field of information security. Of the five years of experience, at least three years must be in an information security management role.
CRISC
The four-hour, 200-question multiple-choice CRISC exam, offered biannually in June and December, covers the following five job-practice areas:
Risk Identification, Assessment, and Evaluation
Risk Response
Risk Monitoring
Information Systems Control Design and Implementation
IS Control Monitoring and Maintenance
The minimum requirements for CRISC include three years of work experience in at least three of the domains just listed.
CGEIT
The 120-question multiple-choice CGEIT exam, offered biannually in June and December, covers the following six job-practice areas:
IT Governance Framework
Strategic Alignment
Value Delivery
Risk Management
Resource Management
Performance Measurement
Minimum requirements for CGEIT certification include five years of current work experience (within the past ten years or within five years of passing the exam), including specific evidence of management, advisory, or oversight experience associated with the governance of the IT-related contribution to the enterprise.