For all those of you who are still planning their infosec careers, have you thought of making it big in the security audit domain? There is a lot of scope in this area, since information security is of prime importance today. There are plenty of security certification programs to guide you, but you should first decide what interests you the most in the security domain. This will help you to evaluate the different security certification programs and choose the one that's most suitable for you.
For someone who wants to get into infosec auditing, the Certified Information System Auditor (CISA) program tops the list. This program is sponsored by the Information Systems Audit and Control Association (ISACA). It has its own distinct niche when it comes to security certifications. "The CISA program is essentially based on the audit of information systems and the assurance of information security, so as such there is no equivalent for a CISA program," says Pushpa Redkar, the head of business development for MIEL e-Security's education division.
Requirements for CISA program
To get a CISA program certification, you have to pass the exam, adhere to ISACA's code of professional ethics, and present proof that supports a work experience of at least five years in professional information systems auditing, control or security. However, you can substitute a part of the work experience required for the CISA program in the following ways.
According to the CISA program, you can substitute one year of the required work experience by having:
• At least one year experience in either information systems, or financial or operational auditing, or
• 60 credit hours of a completed college semester equivalent of a bachelor degree, or
• A bachelor's or master's degree from a university that implements model curricula that is sponsored by ISACA, or
• Experience of two years as a full-time university instructor in any field such as computer science, accounting, or information systems auditing.
Two years of the required work experience for CISA program can be substituted with 120 credit hours of a completed college semester of a bachelor degree. This experience should have been garnered in a 10-year span before appearing for the exam. The CISA program exam is offered twice a year in June and December.
According to KK Mookhey, the founder and principal consultant of NII Consulting, a CISA program certified professional can look at various job opportunities including IT head, audit & risk advisory manager, information security risk analyst, information security officer, information security auditor or as a senior IT consultant. As a result, the CISA program is in much demand in India, and there is a significantly higher demand for CISA program certified professionals than supply. Adds Redkar, "Currently, the CISA program clubbed with the Certified Internal Auditor, and the CISA program with Cisco Certified Network Associate are also very much in demand in the Indian market."
Assurance, audit and information security professionals are sought after, but it does not mean that finishing any of these certifications (including the CISA program) will lead to guaranteed employment. At the end of the day, your information security career also depends on other skills such as communication, practical experience and attitude.