CISA has become an indispensable certification for individuals and companies around the world. CISA qualification certificate represents the holder's outstanding ability to serve the company and devote himself to the fields of information system audit, control and security. Possession of CISA qualification certificate is a demonstration of the professional ability of the holder and a basis for measuring the professional level. With the increasing demand for information system audit, control and security professionals
Creating institution:
Information System Audit and Control Association (ISACA) was established in 1967. At that time, it was a small group composed of people engaged in similar occupations-the audit and control of computer systems became more and more critical to the operation of their respective institutions-so they gathered to discuss the necessity of formulating resources and guidelines for information concentration in this field. 1969, the group was formally established as the EDP Institute of Auditors. 1976 the association set up an education fund to carry out large-scale research and expand the knowledge and value in the field of information industry management and control.
The core content of the exam
Information system audit procedures (10%)
Information technology governance (15%)
Life cycle management of systems and infrastructure (16%)
IT service delivery and support (14%)
Information asset protection (3 1%)
Disaster Recovery and Business Continuity Plan (14%)
Apply for qualification
1, college degree or above, or undergraduate or postgraduate;
2. It is recommended that the English level be above CET-4;
3. Have certain audit knowledge and computer knowledge (computer basic knowledge, operating system, network, database, e-commerce, etc.). ).
Examination method and time
Bilingual (English and Chinese test), 200 objective multiple-choice questions, all written answers, the test time is 4 hours. CISA organizes an exam every June and June 65438+February.
Validity period:
The certificate is valid for 5 years.
Textbooks and reference materials:
Textbook: CISA Review Manual, 2006 ISACA (English Textbook)
Information system audit practice manual, 2006, CISACA (Chinese textbook)
Textbook for CISA Examination, Volume 1: Theory, 3rd Edition, SRV.
Exercise: CISA review questions, answers &; Explanation, CD 2006
CISA commentary q&a. 2006 Interpretation Manual (625 questions)
CISA commentary q&a. Interpretation Manual (100 questions), supplemented in 2006.
CISA Examination Textbook, Volume 2: Practice, 3rd Edition, SRV.
2.CISM registered information security manager
CISM, as a new generation of golden collar professional certification issued by ISACA/F, aims to train professionals who undertake information security management responsibilities to become senior information security management experts. In 2003, the exam was held all over the world for the first time. Up to now, thousands of people have obtained the "500" certificate of registered information security manager.
Prerequisites for obtaining CISM:
Successfully passed the CISM certification exam.
Abide by professional ethics
Submit evidence to prove that it has reached the necessary minimum years of information security work experience (generally, two years of work experience can be achieved through CISA);
Registration fee: US$ 455 (registered before February 2nd) or US$ 505 (registered before March 30th). The registration fee for this website is 3960 yuan and 4400 yuan respectively.
Test paper language: English, Japanese (choose one)
Test type: 200 multiple-choice questions (multiple-choice one)
Examination date: June and 65438+February every year.
CISM exam scope
Information security control
risk management
Information security plan management
Information security management
Rapid response management
References (updated annually
CISM Review Manual 2006
CISM review q&a. 2006 Interpretation Manual
CISM review q&a. 2005 Interpretation Manual
Continuing education program? :
In order to become and maintain CISM, individuals must abide by CISM's continuing education plan. The program requires that the annual follow-up education time should not be less than 20 hours; And not less than 120 hours in three years.
3.CISSP- Information System Security Certification Expert
CISSP (Certified Information System Security Expert) is recognized as the most difficult and authoritative test in network information security certification. CISSP can prove that the certificate holder has the knowledge level and experience ability of information security that meet the requirements of international standards, which is the proof basis for enterprises and organizations to find professionals. At present, the job descriptions of many multinational companies have clearly required candidates to have CISSP and other relevant qualifications. At present, there are only over 200 CISSP in China.
Certification qualification:
1. You must have at least 4 years of safety experience. If you have a bachelor's degree, you only need 3 years of experience.
Work experience is defined as working in one or more fields of 10 CBK as a paid safety professional.
☆ Login control system and method
Application and system development
Business continuity plan
Cryptography technology
Law, research and norms
safe operation
Physical security
Security architecture and model
Safety management practice
☆ Communication, network and Internet security
You must agree to abide by the code of ethics.
:: Protection of society, all citizens and national infrastructure (federal and infrastructure).
* Have honest, upright, just and lawful behavior (act honestly, honestly, justly, responsibly and legally).
* Provide diligent and competent services to employers.
* Develop and maintain the status and honor of experts (promote and protect the profession).
3. Re-certification or continuing education
You must continue to study and get 120 Continuing Professional Education (CPE) credits within 3 years, otherwise you must retake the exam to retain the qualification of CISSP. Two thirds (80 points) of the credit score must be obtained through direct participation in relevant safety work, and the other one third (40 points) can be obtained through relevant safety education or training. In order to strengthen the professional knowledge, skills and competitive advantage of the holder.
Registration fee: the official quotation is USD 450 (registered in advance 16 days) and USD 550 (not registered in advance), and the domestic agent center is RMB 4 150 yuan.
References:
CISSP preparation guide (CISSP review guide)
Cissp preparation guide: mastering ten fields of computer security (involving ten fields of computer security)
CISSP multifunction machine
Examination method:
English, 250 questions, completed in 6 hours.
4.ITIL certification system
ITIL authentication system
The ITIL certification system is jointly operated by four international authoritative organizations to ensure that the certificate is professional, open, authoritative, practical, widely accepted and constantly updated. The four main operating mechanisms are:
1. OGC, the British Ministry of Commerce, is the owner of ITIL, which is a de facto international standard in the field of IT service management, and all the ownership of ITIL belongs to OGC. OGC is responsible for the development of ITIL curriculum system and constantly puts forward suggestions for updating. Constantly integrating the best practices of global IT development, OGC nominates and selects other institutions or experts to compile, and at the same time organizes relevant experts from all over the world to review these manuscripts to ensure their quality. However, OGC itself did not participate in ITIL training and certification.
2.ITSMF(IT Service Management Forum) is the largest IT service management user organization in the world, dedicated to developing and promoting the best practice standards and certifications of IT service management. ITSMF is the only recognized IT service management industry organization in the world, and has established more than 16 national branches around the world.
3.EXIN (Information Science Examination Organization), headquartered in the Netherlands, provides ITIL examinations in various languages all over the world.
4.ISEB (Information System Examination Committee), headquartered in Britain, has great influence in Commonwealth countries and is responsible for providing English examinations.
ITIL certification is mainly issued by EXIN and ISEB, which use the same test paper and have the same authority. EXIN and ISEB not only provide their own exams, but also authorize many specialized exam training institutions around the world. However, ITIL qualification certificates are issued by EXIN and ISEB, and the certificates are universal. ITIL certificates issued by EXIN and ISEB are divided into three levels:
The certification of ITIL Foundation (IT Service Management Foundation Certificate) aims at the personnel engaged in IT service management, and requires them to understand the importance of IT service management and IT infrastructure, master the processes and interfaces of service management, the basic concepts of ITIL, the top ten processes of ITIL and their relationships. ITIL foundation is the basis for obtaining the other two certificates, and it is the core basic certification for IIIL beginners. The exam is in the form of multiple-choice questions, requiring a basic understanding of the ten processes of IT service support and delivery, the functions of the service desk and their relationships; IT is suitable for the supervisor of IT organization or equivalent. If you only want to pass the certification of ITIL Foundation, training is unnecessary, but EXIN and ISEB still recommend you to participate in the training, because you can master the knowledge faster through training, and you can better understand the essence of ITIL through the lecturer's explanation. The ITIL basic exam has 40 multiple-choice questions and should be completed within 1 hour. At present, there are no Chinese papers for ITIL certification, all of which are English papers. For the ITIL basic exam, you only need to get 65 points or above (that is, at least 26 out of 40 questions are answered correctly) to pass the exam and get the ITIL basic certificate.
ITIL Practitioner (IT Service Management Practitioner Certificate) This certification is aimed at personnel engaged in specific IT service management processes and requires them to have certain practical experience. People who have obtained this certificate can record, maintain and improve the processes they are engaged in. Deeply understand the process of ITIL, learn to design and implement the process; Suitable for people who focus on specific processes. You can choose one of the nine exams for practitioner certification as the certification of the specific process of IT service management you are engaged in. The exam takes 2 hours to complete and consists of multiple-choice questions and questions.
ITIL Manager (manager certificate in the field of IT service management) This certification is aimed at higher-level IT service managers, such as IT service management managers, consultants, etc., especially those who are responsible for or provide ITIL implementation suggestions. EXIN and ISEB require that candidates must receive professional training from ITIL certification training institutions. Through two 3-hour written tests and interviews, participants are required to deeply understand the ten processes of IT service support and delivery and the functions of the service desk, and master the implementation of ITIL; Suitable for senior staff who are responsible for implementing or managing the ITSM functions of the organization. In addition to the training exam, those who participate in the manager certification will have to add 3 hours of thesis defense. The written test of ITIL service manager certificate has two parts: one is service support; ; The second test paper is service delivery. Candidates will be given a case before the exam, and 60% of the exam questions are based on this case. There are five open-ended compulsory questions in each part, which are answered in short essays. Both papers are required to be completed within 3 hours. This certification is applicable to senior IT managers or consultants.
Prerequisites for obtaining ITIL certification
EXIN and ISEB suggest that candidates for certification exams at all levels receive training for a period of time before taking the exam. In fact, considering that the implementation of ITIL is a highly practical professional work, participating in the training is conducive to truly understanding ITIL and learning successful experiences.
There are no special conditions (no training required) for taking the ITIL basic exam. Anyone who is engaged in IT service management and has basic knowledge of IT services can take the ITIL certification exam.
Anyone who has obtained the qualification of ITIL Foundation and has more than 4 years of relevant experience can sign up for the professional and technical certification of ITIL medical practitioners after training.
Those who take the ITIL manager exam need to meet the following requirements:
* Attend the training of ITIL certification training institutions authorized by two authoritative organizations (EXIN or ISEB). At present, CCID training and HP School of Management have offered training in related courses.
* At least 5 years IT working experience and 2 years IT service management experience in middle and high level;
With foundation certificate.
ITIL certification recommended teaching materials
EXIN and ISEB provide the following reference books for students who have successfully passed the ITIL exam:
Introduction to IT Service Management
Guide to IT Service Management
Service support
Service delivery