Information Systems Audit and Control Association

Information Systems Audit
and Control Association
Web: pdf:
The Information Systems Audit and Control
Association (ISACA) is the leading
association of professionals in information
systems (IS) audit, control, security and
Founded in 1969 as the EDP Auditors
Association, ISACA is a global leader in IT
governance, security, control and
assurance. It is the single leading
international source for information
technology controls.
ISACA is dedicated to serving the needs of
its members, who are internal and external
auditors, CEOs, CFOs, CIOs, educators,
information security and control
professionals, students and IT consultants.
3701 Algonquin Road, Suite 1010, Rolling
Meadows, Illinois, 60008 USA
Phone: +1.847.253.1545 Fax:
+1.847.253.1443 Internet:
2003-2004 International President—Marios
Damianides, CISA, CISM, CA, CPA
Immediate Past President—Robert Roussey,
Chief Executive Officer—Susan Caldwell,
Rolling Meadows, USA
ISACA has a global membership of more
than 35,000 in 100 countries in Asia,
Central America, South America, Europe,
Africa, North America and Oceania.
• sponsors technical and management
conferences on five continents to ensure
consistent global professional education;
• publishes the Information Systems
Control Journal, research and technical
professional development material
• developed and offers as an open
standard Control Objectives for
Information and related Technology
(COBIT), a break-through IT governance
tool that uses non-technical language to
help organizations focus their
information technology in support of
overall business objectives. COBIT
incorporates generally applicable and
accepted international standards for the
good practice of IT security and control.
ISACA offers two leading-edge professional
IT certifications:
Certified Information Systems Auditor
(CISA); since 1978, the CISA program
has been the globally accepted standard
of achievement among information
systems (IS) audit, control and security
professionals; more than 35,000
professionals have earned the CISA
designation since inception.
Certified Information Security Manager
(CISM); designed for experienced
information security managers, the CISM
designation is a groundbreaking
credential earned by 5,000 professionals
in its first two years.
2005 CISA and CISM exams
governance over the IT that is pervasive
and intrinsic throughout the enterprise. In
particular, COBIT's Management Guidelines
component contains a framework
responding to management's need for
control and measurability of IT by providing
tools to assess and measure the
enterprise’s IT capability for the 34 COBIT
IT processes. The tools include:
• performance measurement elements
(outcome measures and performance
drivers for all IT processes);
• a list of critical success factors that
provides succinct, nontechnical best
practices for each IT process;
• maturity models to assist in
benchmarking and decision- making for
capability improvements.
The 2005 certification exams will be offered
11 June 2005.
2 February: Early Registration Deadline
Online exam registration is now open and is
the quickest and least expensive way to
Much of COBIT is available for download on
a complimentary basis. Hard copies are
available for purchase from the ISACA
Bookstore. COBIT components include:
• Executive Summary;
• Framework;
• Control Objectives;
• Audit Guidelines;
• Implementation Tool Set;
• Management Guidelines.
COBIT: What's New
COBIT has been developed as a generally
applicable and accepted standard for good
Information Technology (IT) security and
control practices that provides a reference
framework for management, users, and IS
audit, control and security practitioners.
COBIT, issued by the IT Governance
Institute and now in its third edition, is
increasingly internationally accepted as
good practice for control over information,
IT and related risks. Its guidance enables
an enterprise to
implement effective
COBIT User Convention:
a new and unique
educational event exclusively
designed for users of COBIT.
21-22 February 2005 • Cape Town,
South Africa
11-12 April 2005 • Brussels, Belgium
COBIT Security Baseline
COBIT covers security in addition to all the
other risks that can occur with the use of
IT. This guide focuses on the specific risk of
IT security in a way that is simple to follow
and implement for the home
user or the user in small to
medium enterprises, as well as executives
and board members of larger organizations
control, implementing IT controls and a
compatible IT governance framework
(COBIT), and seizing the opportunity of
turning compliance into a competitive
COBIT in Academia
"COBIT in Academia" is a set
of educational materials that
professors and teachers can
use to explain and present
COBIT in their curricula and courses of
information systems management,
information security management,
information systems auditing and/or
accounting information systems. This
educational package was constructed using
the advice and counsel of a global group of
academics and practitioners. The purpose
was to create a more focused approach for
teaching and presenting COBIT in the
COBIT Online Release 3.2
Whether you are a current
user of COBIT or planning to
adopt COBIT as the preferred
framework for IT governance, COBIT Online
provides easy and rapid access to all the
COBIT resources. With COBIT Online, you
can browse and search the best practices,
download customized guidance, perform
benchmarking and more.
COBIT Mapping: Mapping of
ISO/IEC17799:2000 with COBIT
This document offers a global overview of
the following important international
standards and guidance for IT control and
IT security in relationship to COBIT: COSO,
ITIL, ISO/IEC 17799:2000, ISO/IEC 13335,
ISO/IEC 15408, TickIT and NIST 800-14. It
can serve as a road map to implementing
guidance supporting IT governance.
IT Control Objectives for SarbanesOxley
The authors clearly explain
the current focus on
enhancing corporate
accountability, understanding
the audit committee’s
responsibility, adopting an
internal control framework
(COSO), considering fraud in
an audit or review of internal
Information Systems Control Journal
The Information Systems
Control Journal is a bi- monthly
publication of the Information
Systems Audit and Control
Association (ISACA). The
Journal provides professional
development information to those
spearheading IT governance and those
involved with information systems audit,
control and security.