Become CISA or CISM Certified in 2008

Become CISA or CISM Certified in 2008

ISACA has asked me as a proud ISACA credential holder, to pass along this message. We thought you might be interested in joining the ranks of more than 55,000 audit, control and security professionals who already hold the CISA designation, and more than 8,000 information security management professionals who are CISMs. As I have already experienced, certification increase your standing in your organization and makes you highly desirable to potential employers.


If you are seeking worldwide recognition for your unique IT audit, assurance or security experience and knowledge and want to distinguish yourself from others in your profession, then it is time to pursue a certification from ISACA.

For 30 years, the Certified Information Systems Auditor™ (CISA®) credential has been preferred by individuals and organizations around the world. More than 55,000 audit, control and security professionals have achieved this globally accepted standard since 1978.

Since 2002, the Certified Information Security Manager® (CISM®) has defined the role of professionals who have information security management responsibilities. ISACA has certified more than 8,000 CISMs to date.

Independent surveys by Foote Partners and Certification Magazine have named both CISA and CISM among the highest-paying certifications; each program is also accredited under ISO/IEC 17024 for its credentialing procedures and adherence to rigorous standards of performance.

Register online today at www.isaca.org/examreg. Don’t wait and miss the 9 April deadline!

For those seeking recognition for IT governance related knowledge and experience, ISACA is now accepting applications for our new credential, Certified in the Governance of Enterprise IT™ (CGEIT™). It is designed for professionals who have management, advisory and/or assurance responsibilities relating to the governance of IT. For more information on CGEIT and how to earn certification without taking an exam through the grandfathering provision, please visit www.isaca.org/cgeit.

Note: Because of the extreme popularity of the CISA and CISM credentials the online registration process accepts payments and is the preferred method for submitting exam registrations. Those who wait until the final deadline date may experience heavy registration volume, and we ask for your patience.

Anyone seeking additional information is encouraged to please visit the ISACA web site at www.isaca.org/certification or contact the certification department, call +1.847.660.5660; or e-mail certification@isaca.org.

Thank you,
ISACA Certification Department

About ISACA
With more than 65,000 members in 140 countries, ISACA (www.isaca.org) is a recognized worldwide leader in IT governance, control, security and assurance. Founded in 1969, ISACA administers the CISA, CISM and CGEIT designations; sponsors international conferences; publishes the Information Systems Control Journal; and develops international information systems auditing and control standards.

Security Product Review: Nessus Vulnerability Scanner by Tenable

Security Product Review: Nessus Vulnerability Scanner by Tenable

From time to time, I will be conducting product reviews of a security tool, application or website that I find to be very useful.

As a System Security Assessor, I often use and test many different tools and applications to do my job. One that has amazed me in recent years with excellent performance and results is the Nessus Vulnerability Scanner by Tenable.

Nessus is a free program designed to automate the testing and discovery of known security problems on the network and computer systems. For a free tool, Nessus has many useful capabilities such as using the Nessus Attack Scripting Language (NASL), which allows security professionals to use a simple language to describe individual attacks in conjunction to the provide vulnerability database based on the Common Vulnerabilities and Exposures schema. Another powerful feature of Nessus is the client server technology that allow for distributive architecture. The server portion runs on most flavors of Unix and Linux including the Mac OS X operating system while the clients are available for both Windows and Unix/Linux.

In my testing of Nessus against the more expensive commercial applications such as Foundstone’s Foundscan Security Scanner version 5 and Internet Security Scanner (ISS), Nessus faired much better than ISS in respects to initial setup, time of completion and less false positives. Against Foundscan, Nessus fell a little short in the scanning options and reporting.

My conclusion, for the price and results, Nessus is an excellent primary or secondary tool to use for your security needs. Tenable also offer support at a cost for those who needs it. Check it out and decide for yourself. You can find more information on Nessus at:

www.securityorb.com or www.nessus.org

The Computer Information Systems Auditor (CISA) Certification

The Computer Information Systems Auditor (CISA) Certification

I recently sat for the Certified Information Systems Auditor (CISA) certification exam in December of 2007. We were told that the results from the exam will take about 8 weeks to come back to let us know if you have pass it or not.


This CISA certification is extremely popular with over 30,000 certified security professional from all over the world. The CISA certification exam is offered once per year at multiple testing locations worldwide and allows those who need to display knowledge of IT auditing, security, and control to set them at a higher level in the industry.

The CISA certification test your knowledge of the six core competencies:

1. The IS Audit Process
2. Protection of Information Assets
3. IT Governance
4. Systems and Infrastructure Life Cycle Management
5. IT Service Delivery and Support
6. Business Continuity and Disaster Recovery

The exam is four hours long consisting of 200 multiple-choice questions. A person aiming to obtain the CISA certification must show five years of verifiable experience in IS auditing, control or security is required, agree to the ISACA code of ethics and agree to adhere to the Information Systems Auditing Standards as adopted by ISACA.

The cost of taking the exam for ISCA members ranges from $300 to 385 depending upon when you register and if you do so online and $420 to 505 for non-members.

I will let you know status once my results are in…