ISACA. Certification Details for Certified in the Governance of Enterprise IT (CGEIT )

Similar documents
CERTIFIED IN THE GOVERNANCE OF ENTERPRISE IT CGEIT AFFIRM YOUR STRATEGIC VALUE AND CAREER SUCCESS

COURSE BROCHURE. COBIT5 FOUNDATION Training & Certification

CISA/CISM/CGEIT. CGEIT Programs Overview Prof. Ing.. Claudio CILLI CISA, CISM, CGEIT, CISSP, CSSLP, CIA, M.Inst.ISP

CISM Certified Information Security Manager

COBIT 5 With COSO 2013

The Experience of Generali Group in Implementing COBIT 5. Marco Salvato, CISA, CISM, CGEIT, CRISC Andrea Pontoni, CISA

MNsure Privacy Program Strategic Plan FY

Security and Privacy Governance Program Guidelines

"Charting the Course... Certified Information Systems Auditor (CISA) Course Summary

Application for Certification

GOVERNANCE, RISK MANAGEMENT AND COMPLIANCE TRENDS BY FCPAK ERIC KIMANI

EXAM PREPARATION GUIDE

Turning Risk into Advantage

BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE

Certified Information Security Manager (CISM) Course Overview

EUROPEAN ICT PROFESSIONAL ROLE PROFILES VERSION 2 CWA 16458:2018 LOGFILE

Integrating ITIL and COBIT 5 to optimize IT Process and service delivery. Johan Muliadi Kerta

ISSMP is in compliance with the stringent requirements of ANSI/ISO/IEC Standard

THE POWER OF TECH-SAVVY BOARDS:

Table of Contents. Preface xvii PART ONE: FOUNDATIONS OF MODERN INTERNAL AUDITING

Exam Requirements v4.1

Certified in the Governance of Enterprise IT Training - Brochure

Citation for published version (APA): Berthing, H. H. (2014). Vision for IT Audit Abstract from Nordic ISACA Conference 2014, Oslo, Norway.

Information Security Governance and IT Governance

Managing IT Risk: The ISACA Risk IT Framework. 1 st ISACA Day, Sofia 15 October Charalampos (Haris)Brilakis, CISA

NERC Staff Organization Chart Budget 2019

CISM QAE ITEM DEVELOPMENT GUIDE

ROI for Your Enterprise Through ISACA A global IS association helping members achieve organisational success.

building for my Future 2013 Certification

UNITED NATIONS DEVELOPMENT PROGRAMME TERMS OF REFERENCE

ISO / IEC 27001:2005. A brief introduction. Dimitris Petropoulos Managing Director ENCODE Middle East September 2006

Importance of the Data Management process in setting up the GDPR within a company CREOBIS

BRING EXPERT TRAINING TO YOUR WORKPLACE.

NERC Staff Organization Chart Budget 2019

EXAM PREPARATION GUIDE

Les joies et les peines de la transformation numérique

IS Audit and Assurance Guideline 2002 Organisational Independence

Information Governance: What s all the Hype? Raymond K. Cunningham, Jr. CRM, CA, CDIA+, CIP, CIPM University of Illinois Foundation

Invest in. ISACA-certified professionals, see the. rewards.

IT Audit Process. Prof. Mike Romeu. January 30, IT Audit Process. Prof. Mike Romeu

ITIL Managing Across the Lifecycle Course

ISO STANDARD IMPLEMENTATION AND TECHNOLOGY CONSOLIDATION

Exam4Tests. Latest exam questions & answers help you to pass IT exam test easily

01.0 Policy Responsibilities and Oversight

Threat and Vulnerability Assessment Tool

ITIL Foundation. Processexam.com. Exam Summary Syllabus Questions

CISM - Certified Information Security Manager. Course Outline. CISM - Certified Information Security Manager.

Isaca EXAM - CISM. Certified Information Security Manager. Buy Full Product.

New Zealand Certificate in Regulatory Compliance (Core Knowledge) (Level 3)

NERC Staff Organization Chart Budget 2018

Digital Service Management (DSM)

Governance, Risk & Compliance - Management Commitment; Building a GRC Aware Culture.

CISA EXAM PREPARATION - Weekend Program

ISACA International Perspective

"Charting the Course... ITIL 2011 Managing Across the Lifecycle ( MALC ) Course Summary

ISACA Certification Your Blueprint for Success

Virginia State University Policies Manual. Title: Information Security Program Policy: 6110

ITIL Intermediate Service Design (SD) Certification Boot Camp - Brochure

ITIL Intermediate Continual Service Improvement (CSI) Certification Boot Camp - Brochure

CISM ITEM DEVELOPMENT GUIDE

NERC Staff Organization Chart Budget 2017

IT Governance and emerging trends

PROJECT MANAGEMENT PROFESSIONAL (PMP)

Data Protection. Practical Strategies for Getting it Right. Jamie Ross Data Security Day June 8, 2016

ROLE DESCRIPTION IT SPECIALIST

What Makes PMI Certifications Stand Apart?

Rethinking Information Security Risk Management CRM002

Cyber Security Program

COURSE BROCHURE CISA TRAINING

IT risks and controls

NERC Staff Organization Chart Budget 2017

<< Practice Test Demo - 2PassEasy >> Exam Questions CISM. Certified Information Security Manager.

A Global Look at IT Audit Best Practices

COBIT 5 Foundation Certification Training Course - Brochure

PREPARING FOR SOC CHANGES. AN ARMANINO WHITE PAPER By Liam Collins, Partner-In-Charge, SOC Audit Practice

IT MANAGER PERMANENT SALARY SCALE: P07 (R ) Ref:AgriS042/2019 Information Technology Manager. Reporting to. Information Technology (IT)

KENYA SCHOOL OF GOVERNMENT EMPLOYMENT OPORTUNITY (EXTERNAL ADVERTISEMENT)

Risk Based IT Auditing Master Class. Unlocking your World to a Sea of Opportunities

CCISO Blueprint v1. EC-Council

Next Generation Policy & Compliance

SERVICE DESIGN ITIL INTERMEDIATE TRAINING & CERTIFICATION

Connecting ITSM to IT Governance

COBIT 5 Foundation. Certification-led Audit, Security, Governance & Risk

Healthcare Security Success Story

ITIL Foundation. PeopleCert ITIL Foundation. Processexam.com. Exam Summary Syllabus Questions

Information Technology Security Plan Policies, Controls, and Procedures Identify Governance ID.GV

IT Governance Framework at KIT

POSITION DESCRIPTION

Digital Service Management (DSM)

A Framework for Managing Crime and Fraud

NCSF Foundation Certification

THE ISACA CURACAO CHAPTER IS ORGANIZING FOLLOWING INFORMATION SECURITY AND TECHNOLOGY SESSIONS ON MAY 15-MAY :

Singapore Quick Guide to the COSO. Enterprise Risk Management and Internal Control Frameworks Edition

Risk Advisory Academy Training Brochure

Hong Kong Accountability Benchmarking Micro-Study. Nymity Accountability Workshop 10 June 2015, Office of the PCPD, Hong Kong

CISM - Certified Information Security Manager. Course Outline. CISM - Certified Information Security Manager. 22 Mar

New Zealand Certificate in Regulatory Compliance (Operational Practice) Level 4

Drive Your Career Forward IIA Certifications and Qualifications

IMPLEMENTING SECURITY, PRIVACY, AND FAIR DATA USE PRINCIPLES

Building a strong platform strategy: IT and cybersecurity implications November 15, 2018

Transcription:

ISACA Pasitikėjimas informacinėmis sistemomis ir jų nauda Certification Details for Certified in the Governance of Enterprise IT (CGEIT ) Dainius Jakimavičius, CGEIT ISACA Lietuva tyrimų ir metodikos koordinatorius Matematikos mokslų daktaras Lietuvos Respublikos valstybės kontrolės Informacinių sistemų ir infrastruktūros audito departamento direktorius

Market need for CGEIT Individual Defines the roles and responsibilities of professionals performing IT governance work and recognizes their professional knowledge and competencies; skill-sets; abilities and experiences Enterprise Supports through the demonstration of a visible commitment to excellence in IT governance practices Business Increases the awareness of IT governance good practices and issues Profession Supports those that provide IT governance management, advisory or assurance direction and strategy

CGEIT: Who is it for? The CGEIT certification is intended to recognize a wide range of professionals for their knowledge and application of IT governance principles and practices. It is designed for professionals who have management, advisory, or assurance responsibilities as defined by the CGEIT Job Practice consisting of IT governance related task and knowledge statements.

CGEITs in the Workplace Nearly 400 are employed in organizations as the CEO, CFO or equivalent executive position. Almost 200 serve as chief audit executives, audit partners or audit heads. Over 500 serve as CIOs, CISOs, or chief compliance, risk or privacy officers. More than 600 are employed as security directors, managers or consultants and related staff. Over 1,200 are employed as IT directors, managers, consultants and related staff. More than 950 serve as audit directors, managers or consultants and related staff. Over 650 are employed in managerial, consulting or related positions in IT operations or compliance.

CGEITs By Geographical Area

CGEIT Job Practice (effective June 2013) 1. Framework for the Governance of Enterprise IT (25%) Ensure the definition, establishment, and management of a framework for the governance of enterprise IT in alignment with the mission, vision and values of the enterprise. 2. Strategic Management (20%) Ensure that IT enables and supports the achievement of enterprise objectives through the integration and alignment of IT strategic plans with enterprise strategic plans. 3. Benefits Realization (16%) Ensure that IT-enabled investments are managed to deliver optimized business benefits and that benefit realization outcome and performance measures are established, evaluated and progress is reported to key stakeholders.

CGEIT Job Practice Areas (effective June 2013, continued) 4. Risk Optimization (24%) Ensure that an IT risk management frameworks exists to identify, analyze, mitigate, manage, monitor, and communicate IT-related business risk and that the framework for IT risk management is in alignment with the enterprise risk management (ERM) framework. 5. Resource Optimization (15%) Ensure the optimization of IT resources including information, services, infrastructure and applications, and people, to support the achievement of enterprise objectives. For more details visit www.isaca.org/cgeitjobpractice

Domain 1: Framework for the Governance of Enterprise IT 1. Ensure that a framework for the governance of enterprise IT is established and enables the achievement of enterprise goals and objectives to create stakeholder value, taking into account benefits realization, risk optimization, and resource optimization. (EDM01, APO01) 2. Identify the requirements and objectives for the framework for the governance of enterprise IT incorporating input from enablers such as principles, policies and frameworks; processes; organizational structures; culture, ethics and behavior; information; services, infrastructure and applications; people, skills and competencies. (EDM01, APO01) 3. Ensure that the framework for the governance of enterprise IT addresses applicable internal and external requirements (for example, principles, policies and standards, laws, regulations, service capabilities and contracts). (EDM01-05, APO01-02, MEA02-03, APO08-10)

Domain 1: Framework for the Governance of Enterprise IT 4. Ensure that strategic planning processes are incorporated into the framework for the governance of enterprise IT. (APO02) 5. Ensure the incorporation of enterprise architecture (EA) into the framework for the governance of enterprise IT in order to optimize ITenabled business solutions. (APO03) 6. Ensure that the framework for the governance of enterprise IT incorporates comprehensive and repeatable processes and activities. (EDM01, APO01) 7. Ensure that the roles, responsibilities and accountabilities for information systems and IT processes are established. (APO01; all COBIT processes; RACI guidance) 8. Ensure issues related to the framework for the governance of enterprise IT are reviewed, monitored, reported and remediated. (MEA01-03)

Domain 1: Framework for the Governance of Enterprise IT 9. Ensure that organizational structures are in place to enable effective planning and implementation of IT-enabled business investments. (APO01; all COBIT processes; RACI guidance) 10. Ensure the establishment of a communication channel to reinforce the value of the governance of enterprise IT and transparency of IT costs, benefits and risk throughout the enterprise. (EDM05, APO08) 11. Ensure that the framework for the governance of enterprise IT is periodically assessed, including the identification of improvement opportunities. (EDM05, MEA01-03)

Domain 2: Strategic Management 1. Evaluate, direct and monitor IT strategic planning processes to ensure alignment with enterprise goals. (EDM02-05, APO02) 2. Ensure that appropriate policies and procedures are in place to support IT and enterprise strategic alignment. (All COBIT processes) 3. Ensure that the IT strategic planning processes and related outputs are adequately documented and communicated. (APO02) 4. Ensure that enterprise architecture (EA) is integrated into the IT strategic planning process. (APO03) 5. Ensure prioritization of IT initiatives to achieve enterprise objectives. (EDM02-05; APO05 ) 6. Ensure that IT objectives cascade into clear roles, responsibilities and actions of IT personnel. (APO domain processes)

Domain 3: Benefits Realization 1. Ensure that IT-enabled investments are managed as a portfolio of investments. (EDM02-05; APO05 ) 2. Ensure that IT-enabled investments are managed through their economic life cycle to achieve business benefit. (EDM02, EDM05, APO05, MEA01-03, BAI05, BAI01) 3. Ensure business ownership and accountability for IT-enabled investments are established. (EDM02, APO05, APO08-09) 4. Ensure that IT investment management practices align with enterprise investment management practices. (APO05-06) 5. Ensure that IT-enabled investment portfolios, IT processes and IT services are evaluated and benchmarked to achieve business benefit. (APO05, APO09, MEA01)

Domain 3: Benefits Realization 6. Ensure that outcome and performance measures are established and evaluated to assess progress towards the achievement of enterprise and IT objectives. (MEA01, EDM05 ) 7. Ensure that outcome and performance measures are monitored and reported to key stakeholders in a timely manner. (EDM05, MEA01) 8. Ensure that improvement initiatives are identified, prioritized, initiated and managed based on outcome and performance measures. (APO11, MEA01, APO04, depends on how improvement' is defined)

Domain 4: Risk Optimization 1. Ensure that comprehensive IT risk management processes are established to identify, analyze, mitigate, manage, monitor, and communicate IT risk. (EDM03, APO12) 2. Ensure that legal and regulatory compliance requirements are addressed through IT risk management. (EDM03, MEA03, APO12, BAI01) 3. Ensure that IT risk management is aligned with the enterprise risk management (ERM) framework. (APO12) 4. Ensure appropriate senior level management sponsorship for IT risk management. (EDM03, APO12) 5. Ensure that IT risk management policies, procedures and standards are developed and communicated. (EDM03, APO12) 6. Ensure the identification of key risk indicators (KRIs). (APO12) 7. Ensure timely reporting and proper escalation of risk events and responses to appropriate levels of management. (EDM03, APO12, MEA02, EDM05)

Domain 5: Resource Optimization 1. Ensure that processes are in place to identify, acquire and maintain IT resources and capabilities (i.e., information, services, infrastructure and applications, and people). (APO01 & most other APO domain processes) 2. Evaluate, direct and monitor sourcing strategies to ensure existing resources are taken into account to optimize IT resource utilization. (EDM04-05 ) 3. Ensure the integration of IT resource management into the enterprise s strategic and tactical planning. (MEA01-03, EDM05, BAI01, APO05-06) 4. Ensure the alignment of IT resource management processes with the enterprise s resource management processes. (EDM04, APO09, APO10, APO06)

Domain 5: Resource Optimization 5. Ensure that a resource gap analysis process is in place so that IT is able to meet strategic objectives of the enterprise. (MEA01-03, EDM05) 6. Ensure that policies exist to guide IT resource sourcing strategies that include service level agreements (SLAs) and changes to sourcing strategies. (EDM04, APO09, APO10) 7. Ensure that policies and processes are in place for the assessment, training and development of staff to address enterprise requirements and personal/professional growth. (APO07)

CGEIT Experience Requirements (For those testing June 2013 and forward) Earn a passing score on the CGEIT exam Submit verified evidence of the five years experience requirements as defined by the CGEIT Job Practice Submit the CGEIT application and receive approval Adhere to the ISACA Code of Professional Ethics Comply with the CGEIT Continuing Education Policy More information may be found at www.isaca.org/cgeitrequirements

Ačiū už dėmesį!

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback