ROI for Your Enterprise Through ISACA A global IS association helping members achieve organisational success.

Transcription

1 ROI for Your Enterprise Through ISACA A global IS association helping members achieve organisational success.

2 ROI for Your Enterprise Through ISACA With the growing complexities of global business and competition, trends toward off-shoring, and ever-increasing risks, enterprises must take a systemic approach to governing their information systems (IS). Due to the need for enterprises in India to demonstrate regulatory compliance the Companies Act,1956 and SEBI s updated Clause 49 as examples it is becoming imperative to implement IT governance practices. ISACA is internationally recognised as a high-performing organisation that addresses global, national and local IS and business issues. With members residing in more than 100 countries, subject matter experts from around the world contribute to the development of ISACA s thought-leading knowledge, certifications, education and research. About ISACA As an independent, nonprofit, global membership association, ISACA engages in the development, adoption and use of globally accepted, industry-leading knowledge and practices for information systems. ISACA helps members achieve individual and organisational success, resulting in greater trust in and value from information systems. India is the trusted global sourcing partner for clients from around the world. To retain this pre-eminent position, it continues to focus on data protection through best practices for security and privacy protection. Information Technology (Amendment) Act, 2008, has made the data protection regime in the country stronger by mandating implementation of reasonable security practices. Assurance to our clients in different parts of the world is based on this strong data protection regime, DSCI s best practices approach supplemented by ISACA s contribution to the growth of the security profession in India through promotion of CISA and CISM certifications. ISACA s commitment to develop this profession with its active presence and continuous engagement with the industry and security professionals, through its chapters, in various parts of India is worthy of being singled out as a significant factor in advancing the cause of security in the country. I am sure ISACA will continue to advance security processes and controls in the industry both for outsourcing and the domestic market through more and more certified professionals. Dr. Kamlesh Bajaj CEO, Data Security Council of India (DSCI)

3 ISACA Membership: Helping Your Enterprise Achieve Greater Trust in and Value From Information Systems Information systems are continuing to increase in complexity and impact, bringing unprecedented value opportunities along with significant risk. It is more important than ever that organisations recruit and retain employees who can take a comprehensive view of information systems and their relationship to organisational success. The global community of ISACA members covers a variety of professional IT-related positions some of which include IS auditor, consultant, educator, IS security professional, risk professional, chief information officer and internal auditor. ISACA constituents work in nearly all industry categories, including financial and banking, public accounting, telecommunications, government and the public sector, healthcare, utilities and manufacturing. ISACA members understand the big picture. They have direct access to research, certifications and products that align systems and strategy, and help your enterprise: n Reduce IT-related risks n Enable clear policy development and good practice for IT management n Manage compliance n Achieve greater trust in and significant value from information systems ISACA membership signifies that your IT staff is: n Dedicated to global, industry-accepted practices and high professional standards n Serious about enhancing their professional knowledge and skills n Connected with the standards, resources and global network of colleagues that only ISACA can provide The more than 190 chapters worldwide offer members an opportunity to share a broad range of professional expertise from diverse business communities. Chapters sponsor local educational events and engage in IT research projects. ISACA chapters in India include: Bangalore Chapter Chennai Chapter Cochin Chapter Coimbatore Chapter Hyderabad Chapter Kolkata Chapter Mumbai Chapter New Delhi Chapter Pune Chapter Vijayawada Chapter Pursue membership for your IT Staff. Visit "ISACA certification provides employees with necessary knowledge and better prepares them for careers in specialised areas. It aids recognition and growth with meaningful work experience at an international level. Such certifications instill an advanced analytical mindset, enabling employees to conceive effective and value-oriented solutions for our clients." -Prashant Ranade, Chief Executive Officer and President Syntel, Inc.

4 ISACA Certifications: Ensuring the Knowledge and Expertise of Your IT Staff Résumés and CVs may list experience and knowledge, but an ISACA designation proves it. ISACA certifications combine the achievement of passing an exam with credit for work and educational experience. Supporting ISACA s Certified Information Systems Auditor (CISA ), Certified Information Security Manager (CISM ), Certified in the Governance of Enterprise IT (CGEIT ) and Certified in Risk and Information Systems Control (CRISC ) certifications for your staff means that your enterprise has invested in a professional who: n Possesses demonstrated knowledge and skills in IT audit, control, security and governance n Has met the stringent requirements of a globally recognised credential n Is committed to ongoing professional development n Adheres to the ISACA Code of Professional Ethics n Has what it takes to add value to your enterprise Earning the CISM certification has helped me to stay current in a fast-changing technological world, helps me understand and support the information security and risk requirements of many of our clients and gives me the confidence of having attained a highly regarded qualification. Latha Ramanathan, Information Security Manager, CISA, CISM Tata Consultancy Services in India ISACA certifications are globally accepted and recognised. In fact, many organisations and governmental agencies around the world require or recognise ISACA s certifications. Recognition in India includes: n The National Stock Exchange of India has recognised CISA as a requirement to conduct system audits. n The Securities Exchange Board of India requires biannual system audits of all mutual funds to be conducted by an independent auditor who is CISA/CISM-certified or equivalent. n India s National Information Security Assurance Program, the Department of Information Technology, recognises the CISA designation to assess the information security risks in public-sector organisations. n To qualify for empanelment of chartered accountant firms with the office of the Comptroller & Auditor General of India (C&AG) for the year , a copy of CISA certificate in respect of members who have qualified for CISA is required. n CERT-IN, the Indian Computer Emergency Response Team, has recognised CISA as one of the requirements to be empanelled to conduct security audits. n CISA was named by the Department of Information Technology of the Government of N.C.T. of Delhi as one of the prequalification criteria for Website Security Audits of Delhi Government departments. Pursue certification for your IT Staff. Visit "ISACA is a worldwide recognised program. Our internal and external stakeholders recognise ISACA certifications as there is an assured level of competence that they can expect from the team. Also the programs handled by various chapters help them collaborate with their peers and encourage an environment of learning and sharing." ISACA certifications include: Ajit Menon, Tata Consultancy Services

5 ISACA Guidance, Practices and Research: Providing Your Enterprise With Global Standards ISACA s IS auditing and IS control standards are followed by practitioners worldwide. ISACA s practical guidance, benchmarks, and research pinpoint professional issues challenging enterprises today. Through its comprehensive services, ISACA defines the roles of information systems, governance, security, risk, audit and assurance professionals. The COBIT, Val IT and Risk IT governance frameworks are brands respected and used by IS and IT professionals for the benefit of their enterprises. n COBIT is a globally accepted set of tools organised into a framework that executives at all organisations can use to ensure their IT helps to achieve business goals and objectives. Based on industry standards and best practices, COBIT enables executives to direct their IT for optimal advantage, reduce related risks and increase confidence in the information provided by IT. It enables clear policy development and good practice for IT management, increases the value organisations can attain from IT and helps manage compliance. The tools are used by many enterprises, government agencies, academic institutions and other entities around the world. n Val IT is a framework and complete collection of proven management practices that assists the board and executive management in understanding and carrying out their roles related to IT-enabled business investments. Val IT fosters the partnership between IT and the rest of the business. n Risk IT is a set of guiding principles and the first framework to help enterprises identify, govern and effectively manage IT risk. Risk IT provides an end-to-end, comprehensive view of all risks related to the use of IT and a similarly thorough treatment of risk management from the tone and culture at the top, to operational issues. Risk IT benefits the enterprise by providing greater stakeholder confidence and reduced regulatory concerns. "As IT auditors, having set for ourselves the objective of ensuring data integrity, data safety and security as well as proper mapping of business rules while auditing a given information system, we found the control framework provided by COBIT extremely useful as it enabled preparing audit guidelines covering even the smallest related activity for the audit scrutiny." - Anupam Kulshreshtha, CISA, CISM Dy. Comptroller and Auditor General Office of the Comptroller and Auditor General of India Recognitions: The Reserve Bank of India references COBIT in their Information Systems Security Guidelines for the banking and financial sector and their financial sector technology vision document. The Reserve Bank of India (RBI) has been at the forefront of promoting IT usage in India. It has issued regular guidelines on IT, IT security and controls, and governance of IT, and has been conducting IT audit as part of the regulatory review of banks IT systems. RBI has used COBIT as a reference framework for issuing guidelines to banks and also for conducting IT audits. (Reference: Dataquest, India) All of the IT audits by C&AG staff are based on COBIT as the main audit criteria. COBIT is used as the umbrella framework under which specific technology and business related controls are integrated. The audit guidelines of the COBIT framework are suitably adopted to the specific IT and business environment of the enterprise. The audit objectives are mapped to COBIT, and the relevant high level control objectives are selected for evaluation. C&AG has done excellent work in promoting governance of IT among all the government entities by using COBIT best practices as a benchmark for all the IT audits it conducts.

6 3701 Algonquin Road, Suite 1010 Rolling Meadows, Illinois 60008, USA ISACA Phone: Fax: info@isaca.org