Certification Proves Its Worth to IT Security Professionals and Employers
Holding the right certification is especially important now, thanks to Sarbanes-Oxley in the U.S. and increased scrutiny on security worldwide.
According to Certification Magazine’s 2007 Salary Survey, two of the five top paying certifications are ISACA’s Certified Information Systems Auditor (CISA) and Certified Information Security Manager (CISM). The CISM came in second with an annual average salary of $115,720, while the CISA scored fifth place with an average salary of $98,740. Clearly, as employers continue to realize the importance of information security and governance, they are relying on certifications to identify prospective employees with experience and expertise.
Holding the right certification is especially important now that Sarbanes-Oxley in the U.S. and increased scrutiny worldwide have focused attention not only on enterprise finances, but on the IT processes that support financial system control and reporting at nearly all organizations. The IT Governance Global Status Report-2008 from the IT Governance Institute (ITGI) found that more than 93 percent of global CEOs, CIOs and other senior executives surveyed recognize that information technology is vital for delivering the organization’s strategy. IT has become so critical to the business, according to the report, that 70 percent of the survey’s respondents regularly or always have IT on their organization’s board agenda.
“Certifications fill a critical need of employers, as they offer a way to identify highly qualified, experienced professionals,” said Lynn Lawton, CISA, FCA, FIIA, PIIA, FBCS CITP, international president of ISACA. “Boards and executives are increasingly realizing that their information technology deserves a high level of governance to minimize risks and add value, and they are looking for prospective employees with the experience and credentials to help them attain strong governance.”
ISACA-a nonprofit association of more than 65,000 IT governance professionals worldwide-has a long history in the IT certification space. In 1978, ISACA established the CISA designation, which has been earned by more than 55,000 professionals since inception. ISACA’s CISM certification was introduced in 2002, and it has since been earned by more than 7,000 professionals. Both designations are accredited by the American National Standards Institute (ANSI). The association’s most recent certification, introduced in August 2007, is the Certified in the Governance of Enterprise IT (CGEIT) credential.
Many enterprises recognize ISACA’s CISA credential as the standard for information systems auditors. Its demand continues to grow as organizations increasingly expect their IS auditors to hold the certification: nearly 14,400 candidates registered for the June 2007 CISA exam, a 19 percent increase from the June 2006 exam. Overall, more than 25,000 candidates took the CISA exam in 2007. One employer that recognizes CISA is the US Department of Defense, which named CISA an approved credential for DoD level 3 information assurance professionals.
To earn the certification, a minimum of five years of information systems auditing, control or security work experience is required. Educational experience, such as a bachelor’s or master’s degree in the field, can be substituted for up to two years of work experience.
As businesses face increasingly complex security threats with the widespread use of mobile devices, security certifications such as CISM provide assurance to senior executives and boards of directors that their information security managers have the expertise to manage risks and safeguard the enterprise. Since it was introduced five years ago, nearly 8,000 professionals have earned the certification. Many organizations, including the US Department of Defense (DoD), are increasingly encouraging their security managers to earn this credential. CISM is one of only three approved credentials for the DoD’s level 2 and 3 information assurance professionals, and CISM exam registration increased by 40 percent from 2006 to 2007.
To earn the CISM designation, a minimum of five years of information security work experience is required. Educational experience, such as a bachelor’s or master’s degree in the field, can be substituted for up to two years of work experience.
Organizations are also looking for experienced IT governance professionals to help them control their information technology, reduce risks and add value from IT investments. According to the IT Governance Global Status Report-2008, 80 percent of organizations are considering implementing, are in the process of implementing or have already implemented IT governance, up from 58 percent in 2003.
The CGEIT designation identifies IT governance professionals who can help businesses with their IT governance practices. Supported by ITGI and built on ITGI’s intellectual property and input from subject matter experts worldwide, CGEIT covers the five focus areas of IT governance-strategic alignment, resource management, risk management, performance measurement and value delivery-as well as on frameworks that support IT governance (e.g., COBIT). It is designed for professionals who have a significant management, advisory or assurance role relating to the governance of IT and who wish to be recognized for their IT governance-related experience and knowledge.
To earn the CGEIT certification, applicants must prove at least five years of experience supporting an enterprise’s IT governance (or two years of IT governance experience and three years of management experience) and must earn a passing score on the CGEIT exam. The first CGEIT exam will be administered in December 2008. A grandfathering program, through which highly experienced IT governance professionals may apply for certification without taking the exam, is available for a short time period (see www.isaca.org/cgeitgfapp for details).
With the ever-changing landscape of the information technology (IT) field, employers rely in part on experience-based certifications that test real-world job knowledge to demonstrate that current and prospective employees are up to date in the field and have the necessary expertise, and the CISA, CISM, and CGEIT are designations with a lot to offer both information technology professionals and their employers.
- Benefits Of Linux Training & CertificationThose IT professionals who can describe themselves as fans of open source operating systems and wish to enhance their skills by learning technologies other than Microsoft, will find that exploring...
- Implementing and Administering Security in a Windows Server 2003 Network — 70-299: Security TroubleshooterYou'll need experience with PKI, permissions, patch management, and troubleshooting under Windows 2003 before tackling this security exam. ...
- Information Security Certification GuideInformation Security Certifications are part of the credentialing landscape for an information security professional, and in many ways, those just generally interested in the subject. Setup32.com writers have put together...
- Can A+ Certification Get You Started in IT?Among the certifications available for computer professionals, A+ is probably the one cited most often as a starting point for careers in information technology (IT). More than 260,000 people have...
- Cisco CertificationsCertifications Overview General Certifications and Focused Certifications The first step in general Cisco Career Certifications begins either with CCENT as an interim step to Associate level, or directly with CCNA...