Curricula CISM

  • View
    220

  • Download
    0

Embed Size (px)

Text of Curricula CISM

  • 7/30/2019 Curricula CISM

    1/22

  • 7/30/2019 Curricula CISM

    2/22

    ISACA

    Model Curriculum for Information Security Management

    2008 ISACA. All rights reserved. Page 2

    ISACA

    With more than 86,000 constituents in more than 160 countries, ISACA (www.isaca.org) is a recognized

    worldwide leader in IT governance, control, security and assurance. Founded in 1969, ISACA sponsors international

    conferences, publishes the ISACA Journal, and develops international information systems auditing and control

    standards. It also administers the globally respected Certified Information Systems Auditor (CISA) designation,

    earned by more than 60,000 professionals since 1978; the Certified Information Security Manager (CISM)

    designation, earned by more than 10,000 professionals since 2002; and the new Certified in the Governance of

    Enterprise ITTM (CGEITTM) designation.

    Disclaimer

    ISACA and the authors have designed and created this publication, titled ISACA

    Model Curriculum for Information

    Security Management, primarily as an educational resource for security and governance professionals. ISACA

    makes no claim that use of this publication will assure a successful outcome. This publication should not be

    considered inclusive of any proper information, procedures and tests or exclusive of other information procedures

    and tests that are reasonably directed to obtaining the same results. In determining the propriety of any specific

    procedure or test, security and control professionals should apply their own professional judgment to the specific

    control circumstances presented by the particular systems or information technology environment.

    Copies of the model curriculum are freely available to all and may be downloaded from

    www.isaca.org/modelcurricula.

    Reservation of Rights

    2008 ISACA. All rights reserved. Express permission to reprint or reproduce is granted solely to academic

    institutions for educational purposes, and must include full attribution of the materials source. No other right or

    permission is granted with respect to this work.

    ISACA3701 Algonquin Road, Suite 1010

    Rolling Meadows, IL 60008, USA

    Phone: +1.847.253.1545

    Fax: +1.847.253.1443

    E-mail: [email protected]

    Web site: www.isaca.org

    ISACA

    Model Curriculum for Information Security Management

    Printed in the United States of America

  • 7/30/2019 Curricula CISM

    3/22

    ISACA

    Model Curriculum for Information Security Management

    2008 ISACA. All rights reserved. Page 3

    Acknowledgments

    ISACA wishes to recognize:

    ISACA Board of DirectorsLynn Lawton, CISA, FBCS, FCA, FIIA, KPMG LLP, UK, International President

    George Ataya, CISA, CISM, CGEIT, CISSP, ICT Control SA, Belgium, Vice PresidentHoward Nicholson, CISA, CGEIT, City of Salisbury, Australia, Vice PresidentJose Angel Pena Ibarra, CGEIT, Consultoria en Comunicaciones e Info. SA & CV, Mexico, Vice President

    Robert E. Stroud, CA Inc., USA, Vice PresidentKenneth L. Vander Wal, CISA, CPA, Ernst & Young (retired), USA, Vice PresidentFrank Yam, CISA, CIA, CCP, CFE, CFSA, FFA, FHKCS, FHKIoD, Focus Strategic Group, Hong Kong, Vice PresidentMarios Damianides, CISA, CISM, CA, CPA, Ernst & Young, USA, Past International President

    Everett C. Johnson Jr., CPA, Deloitte & Touche LLP (retired), USA, Past International PresidentGregory T. Grocholski, CISA, The Dow Chemical Company, USA, DirectorTony Hayes, Queensland Government, Australia, DirectorJo Stewart-Rattray, CISA, CISM, CSEPS, RSM Bird Cameron, Australia, Director

    Model Curriculum Task ForceFaisal Akkawi, PhD, Northwestern University, USAGeorge Ataya, CISA, CISM, CGEIT, CISSP, Solvay Business School, Belgium

    Manuel Ballester, Ph.D., CISA, CISM, CGEIT, IEEE, University Deusto, SpainLizzie Coles-Kemp, University of London, Royal Holloway, UK

    Jean-Pierre Fortier, Universite Laval, CanadaM. Hossein Heydari, Ph.D., James Madison University, USAJohn Nugent, CISM, CPA, DBA, FCPA, University of Dallas, USAAndrew Wasser, Carnegie Mellon University, USA

    Security Management CommitteeJo Stewart-Rattray, CISA, CISM, CSEPS, RSM Bird Cameron, Australia, ChairManuel Aceves, CISA, CISM, CISSP, Cerberian Consulting, Mexico

    Kent Anderson, CISM, Encurve LLC, USAEmil DAngelo, CISA, CISM, Bank of Tokyo-Mitsubishi UFJ Ltd., USAYves Le Roux, CISM, CA Inc., FranceMark Lobel, CISA, CISM, CISSP, PricewaterhouseCoopers LLP, USA

    Kyeong-Hee Oh, CISA, CISM, Fullbitsoft, KoreaVernon Richard Poole, CISM, CGEIT, Sapphire Technologies Ltd., UKRolf von Roessing, CISA, CISM, CGEIT, KPMG Germany, Germany

  • 7/30/2019 Curricula CISM

    4/22

    ISACA

    Model Curriculum for Information Security Management

    2008 ISACA. All rights reserved. Page 4

    Table of ContentsPage

    1. Background 5

    2. Development of the ISACA Model Curriculum for Information Security Management 8

    3. Use of the ISACA

    M odel Cur ri culum f or I nf ormation Securi ty M anagement 11

    4. ISACA

    Model Curriculum for Information Security Management 13

    Appendix 1Suggested Supplemental Skills for Information Security Managers 16

    Appendix 2Alignment Grid for the ISACA

    Model Curriculum for Information

    Secur it y M anagement 17

    Appendix 3References 22

  • 7/30/2019 Curricula CISM

    5/22

    ISACAModel Curriculum for Information Security Management

    2008 ISACA. All rights reserved. Page 5

    1. Background

    ISACA HistoryThe evolution of information technology affects the business environment in many significant

    ways. It has changed business practices, reduced costs and altered the ways in which information

    should be controlled. In addition, it has raised the level of knowledge and skills required toprotect an enterprises information assets, and increased the need for well-educated professionalsin the fields of information security, governance and risk management. This need was recognized

    by the 1969 founding of what is now known as ISACA.

    ISACA has become the leading IT governance, assurance and security organization. The

    approximately 86,000 consultants, academics, security professionals, IS auditors and senior

    executives who make up ISACA have established 160 chapters spread among 140 countries.ISACAs Certified Information Security Manager (CISM) certification is recognized globally

    and has been earned by more than 10,000 professionals. In addition, ISACA publishes the ISACA

    Journal, a leading technical journal in the information control field, and sponsors a series of

    international conferences focusing on technical and managerial topics. Together, ISACA and itsaffiliate, the IT Governance Institute (ITGI), lead the IT governance community and serve its

    practitioners by providing the elements needed by IT professionals in an ever-changing

    worldwide environment.

    Need for the Model Curriculum for Information Security ManagementFor a number of years, many employers have been seeking to fill positions with information

    security professionals who possess a substantial background in security, business and risk

    management. This demand is expected to grow in the future. Employers have had difficulty in

    locating a sufficient number of adequately prepared candidates for the available positions. The

    professionals who do have the requisite background have usually obtained their formalinformation security education in one of three manners:

    Participation in a mixture of on-the-job training and in-house programs. This method ofeducation requires that a professional already be an employee of an enterprise, and it is most

    appropriate where the technology presented has been adopted and implemented by a

    particular enterprise. The on-the-job training and in-house programs are well suited to

    provide employees with education in a well-defined and limited focus area, but are not wellsuited to offer a broad-based educational experience for the participants.

    Participation in workshops/seminars presented by professional enterprises or vendors.

    This method is available to professionals from many different enterprises and is valuable inpresenting information that is new or for exploring various approaches to information

    security problems. In the workshop/seminar environment, a peer group can shareperspectives not available from a single instructor. However, workshops/seminars are usually

    more expensive, take time away from the office and are typically available only toprofessionals who are already employed in the workforce. ISACA is well known for

    developing and offering high-quality workshops and seminars.

    Participation in university degree and postgraduate or certificate programs that are

    delivered within either a full-time or part-time student environment. These programs canlead to baccalaureate or graduate degrees or to specialized certificates or diplomas. This is

  • 7/30/2019 Curricula CISM

    6/22

    ISACAModel Curriculum for Information Security Management

    2008 ISACA. All rights reserved. Page 6

    the method that can provide professionals (or future professionals) with the most in-depth

    and broad-based educational experience. Thus, this is the method that ISACA has addressed

    with its model curriculum efforts.

    Typically, students who desire to enter the information security profession, but who lack

    business experience, seek to gain the required knowledge, skills and abilities throughacademic/business coursework enhanced by internships. Colleges and universities worldwide are

    a

Search related