this cert stands for Certified Information Systems Auditor which is use to certify an IT Auditor.

so what do u think bout this cert?got good future or not with this?how bout the cost of taking this cert?

thanks for sharing.

Not sure about the cost for the cert but for sure there is demand now and in future.
There is already trend in overseas needing IT auditor.

u need to understand IT security itself ...

my advice - dont just take the exam without deep knowledge

just my 2 cent

actually i've been offered by a company to train me as an IT auditor and send me to take the cert,so I guess I should ask you guys here who knows about that.

but it seems to has good future.

This post has been edited by hazremi: Jun 4 2007, 11:34 PM

as for my opinion IT audit has got a good prospect in future... the firm i am workign with does have a dept doing IT audit... most of the seniors has moved to berlin and uk (better offer there )

Hello...

Bear in mind that passing the exam doesn't mean you're CISA "certified".

Part of the process of obtaining the CISA certification is to get someone to "assure" ISACA (the org governing CISA) that the person who passed the test have the relevant experience to obtain the certification.

However you can sit for th exams get pass it and only get certified later on after you've obtain the necessary years of experience. If i'm not mistaken it's 2-3 years depending on whether you have a degree or not.

Passing rate for the exam is usually 40-50%. Means 4-5 out of 10 people will only pass in each exam group. Passing mark is 75. Last December's batch's passing rate in M'sia is 43%.

The exam runs twice a year in Malaysia (usually in June and December). Do take note that you would have to register very early prior to the exam. You can't like study for it, then if you feel like it just register for it the next month.

Anything else ya wanna know?

i know that u need to have 1-2 years experience in IT audit before u can take the exam.I also know that you have to register early for the exam, the exam if i'm no mistake is twice a year,june and december.We have to register early.All I checked at wiki.

are you an IT auditor?
the company said I will work first and when I have enough experience they will send me to take the exam to be their internal auditor.

Can say I'm an IT Auditor haha

Which company you working with?

Anyway wait 1-2 years before taking the exam. It actually helps. Usually those ppl who failed it are those that has less than 1 year of XP.

Sorry for 'tumpang'ing this thread.

What about CISM? What are your views?

so what is ur opinion in IT auditor future?how bout salary and also do u like that field?

thx man,i know a lot about the cert from you.have u got the CISA certificate rite now?

PM me where you're working thne I will tell you what you can do next time and how much you'll probably earn.


CISM? In my opinion if you don't have CISSP go take CISSP. After you got CISSP it's better to get things like the ISO27001 LEad Auditor certification or you're into technical stuffs get one of the Sans certifications.

cktwai,

In your opinion, it is better to get a ISO27001 Lead Auditor certification rather than CISM or CISA?

i guess ISO27001 means u're only certified to audit something related to that ISO?is it?

currently in infosec field. from my studies, ppl always get CISSP before CISA. both are equally expensive, demanding, and difficult to acquire.

i only has some knowledge on CISSP. u need at least 4 years working experience on infosec field, and then attend the course, seminar held by NISER to earn some credit point before you can participate the exam.

after u acquire CISSP, u need to attend seminar and course every year, to get the credit just to keep ur CISSP alive.

any IT firm which concentrate on infosec business (antivirus company, ids company, anti-hacker company) shud have ISO27001.

This post has been edited by ky_khor: Jun 6 2007, 06:02 PM

No you don't need to attend the course or earn credits from NISER to participate the exam. Anyone can take the exam. But you need endorsement and the set number years of experience before you are certified.

You need to attend and participate in activities that ISC2 recognize so as to maintain your cert.

If you ask me, after 4-5 years in infosec field and you still don't have confidence to pass, i don't think the course held by NISER would help. It would be just too much to cover in that short period of time.

YOu don't need to attend a course for CISSP. You can just go take the exam. Don't go waste time on the NISER course. I really feel it's quite useless. Unless you're someone who doesn't have any info sec knowledge. In any case you shouldn't go take CISSP anywayz.

You have to do certain number of "stuff" to keep the CISSP. These can be giving lectures, publications, attend seminars and even attend vendor presentations.

The CISSP exam is more expensive than CISA.

---

Added on June 7, 2007, 12:04 pmDepends my friend. If you're in IT Audit go for CISA first. If you're in info sec go for CISSP.

After that only decide on the ISO or Sans certs depending on which area you want to go into.

This post has been edited by cktwai: Jun 7 2007, 12:04 PM

What is a person already have CISSP?What's next?

ISO or CISM or CISA ?

That really depends on your career path... what do you intend to do in 3, 5 & 10 years time?

Good question.

What if the person wants to go where the money is? Where there is demand =)

It would be impossible to predict which field will give you a better package...

I know right now Malaysia has a real lack of CISA certified auditors. Going forward companies might look at being ISO17799 certified. But if $ is just where you want to go I don't think infosec or IT auditing is the right field for you.