CISA Certification

Are you currently in an audit or assurance role, because this certificate is specifically for those professions. This is something similar to the CA(SA) board exams, just focused on IT Assurance.

It's not only about writing the exam, once you've passed it, you will also need to apply for certification, which entails someone signing off on your experience. And then the fun starts with maintaining your CPE.

The exam - it's a 4 hour multiple choice paper - is written in June, September and December in Johannesburg and Cape Town (hosted at uct). I'm not sure about Durban and other centers around SA, but can find out for you.

It's not an easy certification and it's not strictly theoretical, you'll have to apply a lot of the learnings and practical job experience is definitely a bonus.

If you any specific questions, drop me a pm or list them here. Will gladly help where I can.
 
Hi MrR

Thanks for the response. I'd rather ask here, so that all can see for future reference... In terms of the actual course and content, is there anywhere that this is done in a class environment, or is it learn on your own and take the exam and apply for the cert?

I'm in IT but bridging off into the Security side of things, so I'd like to have this, in conjunction with a few other technical certs. I am aware its more governance than technical.

In terms of costs and course material, is it readily available locally(Cape Town or even within SA) or must it be shipped from Outside the country?

K


MrR said:
Are you currently in an audit or assurance role, because this certificate is specifically for those professions. This is something similar to the CA(SA) board exams, just focused on IT Assurance.

It's not only about writing the exam, once you've passed it, you will also need to apply for certification, which entails someone signing off on your experience. And then the fun starts with maintaining your CPE.

The exam - it's a 4 hour multiple choice paper - is written in June, September and December in Johannesburg and Cape Town (hosted at uct). I'm not sure about Durban and other centers around SA, but can find out for you.

It's not an easy certification and it's not strictly theoretical, you'll have to apply a lot of the learnings and practical job experience is definitely a bonus.

If you any specific questions, drop me a pm or list them here. Will gladly help where I can.
Click to expand...
 
Unfortunately it's not so much a course as it is an examination; however, ISACA SA do run boot camps from time to time, which takes one through the content and prep questions. From past experiences, the boot camps are mostly held in JHB due to interest and attendance (us Cpt folks are forced to attend the 4/5 day courses in JHB), but there have been a couple of informal study groups as well. I don't know what the numbers are like for December, but if there are any in Cape Town, you could have a chat with ISACA SA and ask them to assist in creating an informal study group. I could possibly ask one or two CISAs to join you guys.

Regarding course content, you will find the two main course resources on the ISACA online store, and as far as I know, it is shipped from the US. All in USD.... I normally receive my goods between 10-14 days when ordering from them. You will definitely need the Review manual and the questions, answers & explanation manual/database is a great prep resource. It is costly, but well worth testing your understanding and application of the principles. I wouldn't solely rely on it though, as they don't pose these exact questions (and multiple choice options) in the exam.

The review manual also contains a number of references to other source materials, but many of these you can source online, e.g. The net is full of webinars and articles on asymmetric/symmetric encryption.

Costs are in the vicinity of USD 800 (for members). Once you pass, you pay an additional fee for the certification (USD 45) per annum and need to maintain 40 cpe per annum as well.

I'm not sure what your career aspirations are, so it's difficult for me to say that the cert will be 100% worthwhile to you. As an IS Auditor and assurance provider, it would benefit me, but might not necessarily further, for example, a security analyst/architect's career.
 
Thats interesting, I'm more on the technical side of things. I would like to start doing some IS auditing, but not necessarily break away from the technical aspect of things. For me I'm wondering, even though it would be a real nice to have, would it really be beneficial to me, especially with regards to maintaining the cert.

Maybe this sounds like a bit of a dumb question, but what is the CPE you refer to when you say maintain 40 CPE per annum, the only CPE I know is Customer Premises Equipment?

K
 
CPE = Continuing Professional Education

The 40 refers to hours - You attend regular meetings, conferences or training and get hours, which you report to ISACA.

Just a clarification. Passing the CISA exam is only the first step to becoming a "CISA". You have to have a number of years' experience as an IT Auditor, or you can substitute the years for a related BCom degree. The other certifications offered by ISACA is a bit more straight forward, but the CISA is a bit more involved.
 
Hi Herman,

Thanks for the clarification. I'm keen to see whether there are Network/security Engineers, that are more technically inclined that have the cert, and whether it is/was worth doing and whether they actually use it....As much as it is a "Nice to have" it needs to be functional, and worth spending the yearly amount to maintain it, not that its a great deal of money but still.

K

Hermanvanv said:
CPE = Continuing Professional Education

The 40 refers to hours - You attend regular meetings, conferences or training and get hours, which you report to ISACA.

Just a clarification. Passing the CISA exam is only the first step to becoming a "CISA". You have to have a number of years' experience as an IT Auditor, or you can substitute the years for a related BCom degree. The other certifications offered by ISACA is a bit more straight forward, but the CISA is a bit more involved.
Click to expand...
 
IMHO, the CISA certification is more of a non-technical thing to have. If you want to be an IT Auditor / IT Governance consultant, this is the way to go. If you are techie (networking / security), and want to expand your bases to become more marketable, rather consider the CISM (Certified Information Security Manager), also offered by ISACA, or the CISSP (Certified Information Systems Security Professional), offered by ISC2.
 
I suggest that you look at the job practice areas to determine whether you would derive any value from the content.
http://www.isaca.org/Certification/...tice-Areas/Pages/CISA-Job-Practice-Areas.aspx

While you may get elements of security featured in domains 1-4, it really only is domain 5 that focuses on security. Personally, unless you need to understand the whole of IT and need to give assurance on governance, risk management or the internal control system, I doubt you would benefit from CISA.

Once again, it all depends on your career path and how you see yourself get there (also taking your own interests/passion into account).

Want to branch into security governance? Do CISM or CISSP (not both) and later focus on ISO 270xxx requirements and possibly the CRISC certification.
Want to specialise in pen testing, vulnerability management, cyber security, purely from a technical perspective? Do Security+, CEH and/or GSEC (as a start) and start saving up for OSCP/OSCE
 
Don't waste your time or money with CEH, none of the pentesting teams take it seriously, in fact I have even seen a job add from a local pentest company stating "OSCP and OSCE won't hurt your chances, but CEH will". I think that says it all.
 
Zipkoppie said:
Don't waste your time or money with CEH, none of the pentesting teams take it seriously, in fact I have even seen a job add from a local pentest company stating "OSCP and OSCE won't hurt your chances, but CEH will". I think that says it all.
Click to expand...
There is still some merit in CEH, but it is by no means the be all and end all of pen testing/vulnerability management. For someone starting off in security, it is valuable in terms of methodology building and gaining insight to security; hence why it should be considered a possible starting point and supplement it with other certs. End goal should be OSC for the technical aspects
 
MrR said:
There is still some merit in CEH, but it is by no means the be all and end all of pen testing/vulnerability management. For someone starting off in security, it is valuable in terms of methodology building and gaining insight to security; hence why it should be considered a possible starting point and supplement it with other certs. End goal should be OSC for the technical aspects
Click to expand...

I agree that it does have some merit, the problem is that its very expensive, so once you start weighting up the cost versus what skills you gain from it, it very quickly becomes a bad idea. If it were half the price, then perhaps I would still suggest taking it to learn the basic theory, but at that price there are far better options, especially considering that CEH won't count in your favor when applying for a job.
 
Thanks for all the responses, they are quite helpful, as I need to Submit a training budget for myself by next week, which gives me some time to do research on the above.

I didnt know that its possible to so the CISM without CISA...I thought its a stepping stone towards CISM, like CCENT with Cisco
 
A big thanks to Dumpsforsure for helping me pass my CISA exam. The study guides were detailed and easy to follow, making preparation stress-free.
 
Fredrick442 said:
A big thanks to Dumpsforsure for helping me pass my CISA exam. The study guides were detailed and easy to follow, making preparation stress-free.
Click to expand...
8 year bump...Nice :)
 
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter
X