ISACA has four major certification programs that are well respected within their primary domains. The CISA (Certified Information Systems Auditor) certification is the oldest of ISACA’s credentials and is the most coveted certification for information security audit professionals. Well over 100,000 people have passed the CISA exam since its inception in 1978 although 30% of those are now in “inactive status”. Given the length of time this 30% seems easily explained by retirements, exit from the field, and for a smaller number lack of diligence around upholding the continuing education requirements.
The CISM (Certified Information Security Manager) credential has been around since 2002 and has become the second most desired Information Security Management credential in job postings behind only the CISSP. ISACA is closing in on 25,000 total CISM credentials issues although less than 20,000 remain in active status. Information Security Managers are in extremely high demand in 2015 due to high profile compromises and this credential should continue to accelerate in popularity.
Adoption of the CRISC (Certified in Risk and Information Systems Control) credential has been astounding showing it is highly desired in the marketplace. This is not surprising because risk management is central to an organization and individuals that can effectively plan a risk management program are in high demand in the industry.
The CGEIT (Certified in the Governance of Enterprise IT) is the ISACA certification I know the least about and it looks like I am not the only one. It is the ISACA certification that has gained the least traction in the industry of the four offerings. This certification feels a little further from ISACA’s core competency but still has room to grow since all things information security are in demand.
2015 Consolidated Summary of ISACA Certifications (Source ISACA)
|ISACA Certification||Year of Inception||North America||EMEA||ASIA||Central/South America||Oceania||Global Count|
2015 ISACA Certification Holders By Region: (Source ISACA)
|ISACA Certification||Year of Inception||Current Holders||Historical Holders||Expired||% Expired||% Active|
|Certified Information Systems Auditor (CISA)||1978||75600||108550||32950||0.3035467526||0.6964532474|
|Certified Information Security Manager (CISM)||2002||19500||24267||4767||0.1964396093||0.8035603907|
|Certified in the Governance of Enterprise IT (CGEIT)||2007||4900||5950||1050||0.1764705882||0.8235294118|
|Certified in Risk and Information Systems Control (CRISC)||2010||15800||17443||1643||0.0941925128||0.9058074872|
Other facts about ISACA Certifications:
- ISACA certifications are only offered one time per year making obtaining these credentials more time challenging vs. alternatives with more flexible testing options. Do not miss your chance to obtain your desired ISACA certification this year’s certification exams are scheduled for June 13th.
- Exams are 4 hrs in length with 200 multiple choice questions
- ISACA exams are paper/pencil based and require filling out traditional test bubbles that will bring back college flashbacks.
- ISACA exam results take between 5 (CISA/CISM) and 8 (CRISC/CGEIT) weeks to have returned.
- Registration deadlines:Early registration deadline: Feb 11th; Final registration deadline: April 10th.