Will be the top of the top - Registration Information System Auditor CISA Certification
0 Preface
As the highest level of information in the international information industry, the registration information system auditor CISA certification exam symbolizes enviable salary and position. The CISA certification exam is not too long. It can be said that through the registration information system auditor CISA certification examination, it will reach the realm of "the will be the top, a list of mountains".
1 What is a registration information system auditor CISA certification
Certified Information System Auditor (CISA), also known as IT auditor, refers to a group of expert-level people, both information system software, hardware, development, operation, maintenance, management, and security, Familiar with the core elements of economic management, can use specifications and advanced auditing techniques to audit, inspect, evaluate, and transform the security, stability and effectiveness of information systems.
The Registration Information System Auditor CISA (Certified Information System Auditor) is granted by ISACA and is the only professional qualification in the field of information system audit, which is widely recognized throughout the world.
Information System Audit and Control Association Isaca (Information System Audit and Control Association) is a cross-country, cross-industry, cross-industry, cross-industry, is the only transnational, cross-industry, engaged in international professional organizations consisting in computer auditors (IT auditors). Professional organizations. The Association was founded in 1969 and Headquarters Chicago in the United States. At present, more than 100 countries in more than 100 countries in the world have more than 20,000 people.
Any experience in the information system audit, control or security is 5 years in the information system audit, control or safety (within 5 years after school study, it can also apply: undergraduate graduation is 2 years of work experience, graduate graduation is converted into 6 years of work experience), abide by ISACA's professional ethics, propose CISA qualification application, and approved, you can get CISA qualification.
2 REGISTER ART Auditor
In the information society, the registration information system auditor is a barrier of information security to each unit. Their concerns are concerned: (1) Information security. There is no safety, there is no everything, the information system auditor will use various methods to test the security of the system and put forward corresponding countermeasures from internal and external security hazards; (2) Stability of the information system. Without long-term stability, the information system cannot assume fierce competition, and the information system auditor will propose a series of countermeasures to ensure that the customer information system is not lost. (3) The effectiveness of the identification information system. The safest and most stable system is not necessarily the most effective system, and the efficiency system will consume a lot of resources. The advantage of the information system auditor is to integrate financial management and information technology, and provide the transformation of enterprise information systems. Suggest.
3 CISA assessment points and knowledge
The CISA test requires a solid audit theory and audit practices, with rich business operations and management knowledge and experience, and more comprehensive, there is a certain depth of computer information system theoretical and practical experience. CISA exam is divided into two aspects of information system audit and information system related knowledge:
3.1 Information System Audit Procedure (10%)
(1) Impair points. Implementing information system auditing is consistent with general recognized information system auditing standards and guidelines to ensure sufficient control, monitoring and evaluation of the information technology and business systems adopted by the organization. Mainly include: auditing planning and auditing strategy; generally recognized auditing standards; collection and analysis of information; risk management and control.
(2) Revenue knowledge. The main knowledge involved in this part of the exam is: standards and guidelines for information system audit; audit practice and technology; risk analysis methods, principles and standards; strategic and planning processes; information systems and technology development trends; quality management, financial management and business Management, etc. Candidates must have the knowledge of modern audit theory and practices, corporate management, project management and information systems and information technology development.
3.2 Management Plan and Organization of Information System (11%)
(1) Impair points. Evaluate strategies, policies, standards, processes, and relevant practices for information system management, planning and organization. Mainly include: evaluation information system strategy and process; evaluation information system policy, standards and processes development, deployment, and maintenance; evaluation information system organization and structure. (2) Revenue knowledge. The main knowledge involved in this part of the exam is: the main practice of information system strategy, policy, standards, and processes; information system strategic development, deployment, and maintenance methods and steps; information system project management, risk management, change management, quality management, Safety management; information system organizational structure and design principles; software quality management, etc. Candidates must have knowledge of information system development and management, project management and software engineering.
3.3 Technology Foundation and Practice (13%)
(1) Impair points. Evaluate the implementation of organizational technology and operational basis and the efficiency of management, ensuring that they fully support the organization's business goals. Mainly include: evaluating hardware acquisition, installation, and maintenance; evaluation system software and application software acquisition, implementation and maintenance; evaluation network infrastructure acquisition, installation and maintenance; evaluation information system operation practice; evaluation system implementation and monitoring process, tool And technology, etc. (2) Revenue knowledge. The main knowledge involved in this part of the exam has: the risks and control of hardware platform, system software and utility software and network infrastructure and information system operations; system operation and monitoring process, tools and technology; IT infrastructure acquisition, development, The process of implementation and maintenance; network topology and other knowledge. Candidates must have a certain knowledge of computer hardware and software, computer networks (especially the Internet, etc.). 3.4 Protection of information assets (25%)
(1) Impair points. Evaluating logic, environmental and IT infrastructure security, ensuring that the system meets the business needs of the organization, protecting information assets to prevent non-authorization, leak, modify, destroy, and loss. Mainly includes: evaluating logical access control design, implementation, and monitoring; evaluating the security of network infrastructure; evaluating environmental control design, implementation, and monitoring; evaluating design, implementation, and monitoring of physical access control. (2) Revenue knowledge. The main knowledge involved in this part of the exam is: computer access control principle and technology; physical security control; password technology; network security concept; security architecture; safety assessment tool; virus and detection, prevention and reaction mechanism; hacker attack method and technology, etc. . Candidates must have solid computer network theory knowledge and practical experience, computer encryption decryption technology, computer virus and network hacking technology, computer and network security architecture knowledge.
3.5 Disaster Recovery and Business Continuous Plan (10%)
(1) Impair points. The evaluation is made in order to make the business operation and information system processing can be made normally in the system, and the backup and recovery taken is taken. It mainly includes: the backup and recovery mechanism of documents and data; the ability to ensure the continuous development of the organizational business and continue to provide information system processing after the occurrence. (2) Revenue knowledge. The main knowledge involved in this part of the exam has: on disaster recovery and continued concepts and methods, disaster recovery and business continuous technology. Candidates must have knowledge in data recovery technologies and disaster response measures in database theory. 3.6 Development, acquisition, implementation and maintenance of business applications (16%)
(1) Impair points. The methods and processes used by the development, acquisition, implementation, and maintenance of business applications are evaluated to ensure consistent with the organization's business goals. The main contents include the use of techniques and methods for the development, acquisition, implementation, and maintenance of application systems. (2) Revenue knowledge. The main knowledge involved in this part of the exam is: system development method and tool; software quality assurance method; program design principle and technology; system implementation after evaluation technology, etc. Candidates must have knowledge of software engineering and practices, various programming technology, information system implementation and evaluation.
3.7 Business Process Evaluation and Risk Management (15%)
(1) Impair points. Evaluate business systems and processes to ensure that risk is controlled and consistent with the organizational business goals. The main contents include: through the use of the basic difficult test program test, the best method analysis, the business process restructuring (BPR), the evaluation information system supports the efficiency and effectiveness of the business process, ensuring the best business outcomes; evaluation automation and manual control design and Implementation; the implementation of the risk management and control of the evaluation organization. (2) Revenue knowledge. The main knowledge involved in this part of the exam has: the best way business process; business process control; business design institutions, management and control practice; business process design, recombination and improvement methods. Candidates must have theoretical and practical knowledge of corporate management, corporate production and operation and e-commerce.
4 Registration considerations
(1) Test questions and language selection
The subject of the exam is a single-choice question, a total of 200, the test time is 4 hours, and English or Chinese can be selected as the examination language. Since the test time is 4 hours, only 1 minute of the answer is only 1 minute, so it is very important to master the answer rate during the exam.
(2) Examination time
The 2003 exam time is: June 14, 2003
(3) Examination location
There are currently 4 test sites in the country, Beijing, Shanghai, Guangzhou, Shenzhen.
(4) Registration conditions
For the CISA test conditions, ISACA does not do strict limitations. However, candidates have the following conditions to increase the opportunity through the exam:
ü University's specialist or above, or at school, graduate students, graduate students;
ü Suggest English level 4 or above;
ü It is recommended to have certain audit knowledge and computer knowledge (computer basic knowledge, operating system, network, database, e-commerce, etc.).
(5) Exam registration time
The registration exam is divided into two rounds. If you fail to register the exam before the first round of deadline, you can also make a reference during the second round of registration, but the registration fee should be added:
First round registration: September 1, 2002 - January 20, 2003
Second round registration: February 10, 2002 - March 25, 2003
(6) Exam registration fee
First round registration: $ 357.50
The second round of registration: $ 405.00 for details on the CISA certification exam, you can query the following Website: http://www.isaca.org/
For more information, see China Soft Test League: www.cnitunion.com China Soft Test League
