CISA (Certified Information System Auditor) has been registered by the Information Systems Audit and Control Association (ISACA) since 1978. CISA certification has become a symbol of the licensee’s achievement in the professional fields of information systems audit, control and security, and has gradually developed into a globally recognized standard. Chinese CISA certified auditors play an important role in the field of information security and control, and information system auditing is increasingly recognized by domestic enterprises. In addition, it can bring considerable professional and personal benefits.
Audit consultant of the Information system
Traditional auditing officer
Personnel in charge of information system auditing in an enterprise
Personnel in charge of information system security management and planning in the enterprise
IT manager, Information security manager
CISA can find here candidates
CISSP: Certified Information System Security Professional
CISSP (Certified Information System Security Professional) is a certification that reflects the level of qualification of information system security professionals. It provides new opportunities and greater convenience for those engaged in information security to enhance their professional qualifications. The CISSP certification examination is organized and administered by (ISC). Persons participating in the CISSP certification are required to comply with the Code of Ethics of CISSP and to have a minimum of 5 years of direct work experience in at least two of the eight General Knowledge Framework for Information Systems Security (CBK).
Chief Information Officer (CIO), Chief Technology Officer (CTO), Senior IT Manager, Information Center Director
Chief Information Security Officer (CISO), Information Security Director, Security Manager
Security consultant, Security auditor, IT auditor
Security Architect, Security analyst
Security system engineer, Network architect
CISM: Certified Information Security Member
CISM (Certified Information Security Member) qualification is for the personnel engaged in the work of Information Security of the enterprise information security, information security consulting services, information security assessment certification body (including authorization evaluation institutions), social organizations, groups, universities, and colleges, enterprises and institutions related to information system construction (network), and operation and management of the technical department (including the standardization department). The personnel has won the registered qualification, which suggests their Information Security officer qualification and ability. The ISM is different from other information security certifications. Its experience is required to focus on the performance of information security managers’ management work.
Other security information certification’s focal point is a specific technology, product information or operates platforms, or on the initial years of information security work. Only CISM focus on the information security managers and the aims are no longer separate technology or skills but transferred to the entire enterprise of information security management.
CISM is targeted at managers who administer and oversee the security information of an enterprise. Many of them may have already held appropriate certifications in other areas. Because of the focus on the needs of management, work experience is comparatively important.So CISM requires at least 5-6 years of experience in information security management, and the syllabus of the examination also focuses on the daily work of the information security managers.
Senior IT Manager/CIO/ Director of Information Center /Chief Solution Officer (CSO)
IT auditors, Information system auditing professionals
Technicians and managers are responsible for the security management of information systems and planning.
Information security industry professionals, Security consultants, or IT.
Any person, who wants to manage, supervises, design, or evaluate the security of an organization’s information
Experience required of 3-5 years in information security management
CISM emphasizes management experience. At the management level, it focuses on G.R.C in the form of a working practice module.
CISSP emphasizes professional skills. At the operational level, it focuses on the C.I.A in the form of practitioner knowledge modules.
CISA emphasizes the audit perspective, from the auditing perspective in the form of an auditor work practice module.