ISACA Certifications 2015 Overview

ISACA has four major certification programs that are well respected within their primary domains. The CISA (Certified Information Systems Auditor) certification is the oldest of ISACA’s credentials and is the most coveted certification for information security audit professionals. Well over 100,000 people have passed the CISA exam since its inception in 1978 although 30% of those are now in “inactive status”. Given the length of time this  30% seems easily explained by retirements, exit from the field, and for a smaller number lack of diligence around upholding the continuing education requirements.

The CISM (Certified Information Security Manager) credential has been around since 2002 and has become the second most desired Information Security Management credential in job postings behind only the CISSP. ISACA is closing in on 25,000 total CISM credentials issues although less than 20,000 remain in active status. Information Security Managers are in extremely high demand in 2015 due to high profile compromises and this credential should continue to accelerate in popularity.

Adoption of the CRISC (Certified in Risk and Information Systems Control) credential has been astounding showing it is highly desired in the marketplace. This is not surprising because risk management is central to an organization and individuals that can effectively plan a risk management program are in high demand in the industry.

The CGEIT (Certified in the Governance of Enterprise IT) is the ISACA certification I know the least about and it looks like I am not the only one. It is the ISACA certification that has gained the least traction in the industry of the four offerings. This certification feels a little further from ISACA’s core competency but still has room to grow since all things information security are in demand.

2015 Consolidated Summary of ISACA Certifications (Source ISACA)

ISACA CertificationYear of InceptionNorth AmericaEMEAASIACentral/South AmericaOceaniaGlobal Count
CISA19783240018000211002300180075600
CISM2002960060003300 90060019500
CGEIT2007230014008003001004900
CRISC2010860038002000100040015800
Total:52900292002720036002900115800

2015 ISACA Certification Holders By Region: (Source ISACA)

ISACA CertificationYear of InceptionCurrent HoldersHistorical HoldersExpired% Expired% Active
Certified Information Systems Auditor (CISA)197875600108550329500.30354675260.6964532474
Certified Information Security Manager (CISM)2002195002426747670.19643960930.8035603907
Certified in the Governance of Enterprise IT (CGEIT)20074900595010500.17647058820.8235294118
Certified in Risk and Information Systems Control (CRISC)2010158001744316430.09419251280.9058074872

Other facts about ISACA Certifications:

  • ISACA certifications are only offered one time per year making obtaining these credentials more time challenging vs. alternatives with more flexible testing options. Do not miss your chance to obtain your desired ISACA certification this year’s certification exams are scheduled for June 13th.
  • Exams are 4 hrs in length with 200 multiple choice questions
  • ISACA exams are paper/pencil based and require filling out traditional test bubbles that will bring back college flashbacks.
  • ISACA exam results take between 5 (CISA/CISM) and 8 (CRISC/CGEIT) weeks to have returned.
  • Registration deadlines:Early registration deadline: Feb 11th; Final registration deadline: April 10th.
This entry was posted in CGEIT, CISA, CISM, CRISC, ISACA and tagged , , , . Bookmark the permalink.