ISACA® Certifications

The mark of excellence for a professional certification program is the value and recognition it bestows on the individual who achieves it. Since 1978, the Certified Information Systems Auditor (CISA®) program, sponsored by ISACA, has been the globally accepted standard of achievement among information systems (IS) audit, control and security professionals.
CISA has grown to be globally recognized and adopted worldwide as a symbol of achievement. More than 50,000 professionals have earned the CISA since inception, so clearly many people agree: earning the CISA is a good career move.
Click here for more information on the CISA.
The Certified Information Security Manager® (CISM®) certification program is developed specifically for experienced information security managers and those who have information security management responsibilities. The CISM certification is for the individual who manages, designs, oversees and/or assesses an enterprise's information security (IS).
"The CISSP certification long ago made the gold standard, but infosec execs are now wisely adding the new CISM® certification. Why the push? The advanced-level CISM better addresses the interdependency between business needs and IT security by focusing on risk management and security organizational issues."
-- David Foote, Foote Partners, LLC, SC Magazine, July 2005
Click here for more information on the CISM.
The Certified in Risk and Information Systems Control™ certification (CRISC™, pronounced “see-risk”) is intended to recognize a wide range of professionals for their knowledge of enterprise risk and their ability to design, implement, monitor, and maintain IS controls to mitigate such risk. It is particularly designed for IT professionals who have hands-on experience with risk identification, assessment, and evaluation; risk response; risk monitoring; IS control design and implementation; and IS control monitoring and maintenance.
The CRISC designation will not only certify professionals who have knowledge and experience identifying and evaluating entity-specific risk, but also aid them in helping enterprises accomplish business objectives by designing, implementing, monitoring and maintaining risk-based, efficient and effective IS controls.
Click here for more information on the CRISC.
Boards and executive management have long understood the need for enterprise and corporate governance. As information technology (IT) has become more important to the achievement of enterprise goals and delivery of benefits, there has been an increasing realization that governance must be extended to IT as well. IT governance is an integral part of enterprise governance and consists of the leadership and organizational structures and processes that ensure that the organization's IT sustains and extends the organization's strategies and objectives.
The certification process has been specifically developed for professionals who have a significant management, advisory, or assurance role relating to the governance of IT. The certification promotes the advancement of professionals who wish to be recognized for their IT governance-related experience and knowledge.
The certification is also intended to:
  • support the growing business demands related to IT governance
  • increase the awareness and importance of IT governance good practices and issues
  • define the roles and responsibilities of the professionals performing IT governance work
Click here for more information on the CGEIT®.