Certification Proves Its Worth to IT Security Professionals and Employers

By John Lainhart, CISA, CISM, CGEIT

Page 2 of 2     1 2

To earn the certification, a minimum of five years of information systems auditing, control or security work experience is required. Educational experience, such as a bachelor's or master's degree in the field, can be substituted for up to two years of work experience.

As businesses face increasingly complex security threats with the widespread use of mobile devices, security certifications such as CISM provide assurance to senior executives and boards of directors that their information security managers have the expertise to manage risks and safeguard the enterprise. Since it was introduced five years ago, nearly 8,000 professionals have earned the certification. Many organizations, including the US Department of Defense (DoD), are increasingly encouraging their security managers to earn this credential. CISM is one of only three approved credentials for the DoD's level 2 and 3 information assurance professionals, and CISM exam registration increased by 40 percent from 2006 to 2007.

To earn the CISM designation, a minimum of five years of information security work experience is required. Educational experience, such as a bachelor's or master's degree in the field, can be substituted for up to two years of work experience.

Organizations are also looking for experienced IT governance professionals to help them control their information technology, reduce risks and add value from IT investments. According to the IT Governance Global Status Report-2008, 80 percent of organizations are considering implementing, are in the process of implementing or have already implemented IT governance, up from 58 percent in 2003.

The CGEIT designation identifies IT governance professionals who can help businesses with their IT governance practices. Supported by ITGI and built on ITGI's intellectual property and input from subject matter experts worldwide, CGEIT covers the five focus areas of IT governance-strategic alignment, resource management, risk management, performance measurement and value delivery-as well as on frameworks that support IT governance (e.g., COBIT). It is designed for professionals who have a significant management, advisory or assurance role relating to the governance of IT and who wish to be recognized for their IT governance-related experience and knowledge.

To earn the CGEIT certification, applicants must prove at least five years of experience supporting an enterprise's IT governance (or two years of IT governance experience and three years of management experience) and must earn a passing score on the CGEIT exam. The first CGEIT exam will be administered in December 2008. A grandfathering program, through which highly experienced IT governance professionals may apply for certification without taking the exam, is available for a short time period (see www.isaca.org/cgeitgfapp for details).

With the ever-changing landscape of the information technology (IT) field, employers rely in part on experience-based certifications that test real-world job knowledge to demonstrate that current and prospective employees are up to date in the field and have the necessary expertise, and the CISA, CISM, and CGEIT are designations with a lot to offer both information technology professionals and their employers.

###