this cert stands for Certified Information Systems Auditor which is use to certify an IT Auditor.

so what do u think bout this cert?got good future or not with this?how bout the cost of taking this cert?

thanks for sharing.

Not sure about the cost for the cert but for sure there is demand now and in future.
There is already trend in overseas needing IT auditor.

u need to understand IT security itself ...

my advice - dont just take the exam without deep knowledge

just my 2 cent

actually i've been offered by a company to train me as an IT auditor and send me to take the cert,so I guess I should ask you guys here who knows about that.

but it seems to has good future.

This post has been edited by hazremi: Jun 4 2007, 11:34 PM

as for my opinion IT audit has got a good prospect in future... the firm i am workign with does have a dept doing IT audit... most of the seniors has moved to berlin and uk (better offer there )

Hello...

Bear in mind that passing the exam doesn't mean you're CISA "certified".

Part of the process of obtaining the CISA certification is to get someone to "assure" ISACA (the org governing CISA) that the person who passed the test have the relevant experience to obtain the certification.

However you can sit for th exams get pass it and only get certified later on after you've obtain the necessary years of experience. If i'm not mistaken it's 2-3 years depending on whether you have a degree or not.

Passing rate for the exam is usually 40-50%. Means 4-5 out of 10 people will only pass in each exam group. Passing mark is 75. Last December's batch's passing rate in M'sia is 43%.

The exam runs twice a year in Malaysia (usually in June and December). Do take note that you would have to register very early prior to the exam. You can't like study for it, then if you feel like it just register for it the next month.

Anything else ya wanna know?

i know that u need to have 1-2 years experience in IT audit before u can take the exam.I also know that you have to register early for the exam, the exam if i'm no mistake is twice a year,june and december.We have to register early.All I checked at wiki.

are you an IT auditor?
the company said I will work first and when I have enough experience they will send me to take the exam to be their internal auditor.

Can say I'm an IT Auditor haha

Which company you working with?

Anyway wait 1-2 years before taking the exam. It actually helps. Usually those ppl who failed it are those that has less than 1 year of XP.

Sorry for 'tumpang'ing this thread.

What about CISM? What are your views?

so what is ur opinion in IT auditor future?how bout salary and also do u like that field?

thx man,i know a lot about the cert from you.have u got the CISA certificate rite now?

PM me where you're working thne I will tell you what you can do next time and how much you'll probably earn.


CISM? In my opinion if you don't have CISSP go take CISSP. After you got CISSP it's better to get things like the ISO27001 LEad Auditor certification or you're into technical stuffs get one of the Sans certifications.

cktwai,

In your opinion, it is better to get a ISO27001 Lead Auditor certification rather than CISM or CISA?

i guess ISO27001 means u're only certified to audit something related to that ISO?is it?

currently in infosec field. from my studies, ppl always get CISSP before CISA. both are equally expensive, demanding, and difficult to acquire.

i only has some knowledge on CISSP. u need at least 4 years working experience on infosec field, and then attend the course, seminar held by NISER to earn some credit point before you can participate the exam.

after u acquire CISSP, u need to attend seminar and course every year, to get the credit just to keep ur CISSP alive.

any IT firm which concentrate on infosec business (antivirus company, ids company, anti-hacker company) shud have ISO27001.

This post has been edited by ky_khor: Jun 6 2007, 06:02 PM

No you don't need to attend the course or earn credits from NISER to participate the exam. Anyone can take the exam. But you need endorsement and the set number years of experience before you are certified.

You need to attend and participate in activities that ISC2 recognize so as to maintain your cert.

If you ask me, after 4-5 years in infosec field and you still don't have confidence to pass, i don't think the course held by NISER would help. It would be just too much to cover in that short period of time.

YOu don't need to attend a course for CISSP. You can just go take the exam. Don't go waste time on the NISER course. I really feel it's quite useless. Unless you're someone who doesn't have any info sec knowledge. In any case you shouldn't go take CISSP anywayz.

You have to do certain number of "stuff" to keep the CISSP. These can be giving lectures, publications, attend seminars and even attend vendor presentations.

The CISSP exam is more expensive than CISA.

---

Added on June 7, 2007, 12:04 pmDepends my friend. If you're in IT Audit go for CISA first. If you're in info sec go for CISSP.

After that only decide on the ISO or Sans certs depending on which area you want to go into.

This post has been edited by cktwai: Jun 7 2007, 12:04 PM

What is a person already have CISSP?What's next?

ISO or CISM or CISA ?

That really depends on your career path... what do you intend to do in 3, 5 & 10 years time?

Good question.

What if the person wants to go where the money is? Where there is demand =)

It would be impossible to predict which field will give you a better package...

I know right now Malaysia has a real lack of CISA certified auditors. Going forward companies might look at being ISO17799 certified. But if $ is just where you want to go I don't think infosec or IT auditing is the right field for you.

Hahaha... I would say take CISA and join a Big4 firm... after that go back into commercial.

---

Added on June 7, 2007, 5:24 pmHahaha yeah...

those after money should go start their own business...

This post has been edited by cktwai: Jun 7 2007, 05:24 PM

Are CISAs well paid in BIG4s? From what I heard only managers are well paid.

When you say 'go back to commercial', what exactly do you mean by that ?

Think he meant smaller auditing firms.... anyway i believe anyone with CISA should be well paid...

With Sec field in malaysia, most company don't care about CISSP or CISA, but when you find companies that need it, they pay good for them. Since its rare.

Based on what you're saying, CISA has more value in the market as compared to CISM?

how much u need to spend if u want to take CISA cert yourself?

guys and girls.. please remember one fact.. cert is a cert.. you still need the experience... do remember that...

They are both different cert, they are not some cheap CCNA cert where you can simply do test king and expect to pass. If its that easy you'd have a lot more certified professionals around.

They both have their own market value. Please google it for cost. IMHO I've seen jobstreet ad for CISA but have never seen for CISM. But if you're already at that level you'll know where to find your career and market. Jobs come to you.

CCNA has it's own values as well

We have to see the price vs benefit factor ma... hahaha

If it's cheap and easy to pass use as decoration for your name card lor

I've seen guys going out over the weekend and suddenly return on monday "certified" hehe...

I'm not saying its worthless... just that unlike CCNA can't expect to pass without any background or knowledge.

so easy to pass one ah? perhaps i go get it to decorate my name card

Pass? He bought the cert

i still remember my dad took the lead auditor exam 1-2 years ago,it was difficult,lots of ISO need to remember and wasnt easy to pass.75 is the passing marks.

Hi Guys,

I am an application specialist from a s/w house with 5 years experience. Do I qualify to take the CISA exam? What are the steps I should take?

Heard from you guys it's well paid. But how 'well' is it?

why do you need it?

-RM2000 in total for the CISA exam fees? since I don't see it adding much value to you

Recently I am thinking of next move of my career. Quite bored doing the same thing for many years.

Now looking for the options.

That's why need you guys advice.

i am given chance to become it auditor too, not sure whether is a right move or not?

Do u know abou HDI Certification...Its a Help Desk Certification...For more details visit www.peopledynamics.com.my


If u wanna apply..please send ur details to logan@peopledynamics.com.my

is there any different between IT auditor, account auditor and sap auditor? wat is the diff?

CISA would be useful if you want to do IT audit, information security or if you want to become an IT manager. If you're purely into programming, networking, sys/db admin, support or operations, take it if you have spare cash only.

CISA certification is by ISACA - google and lookup the website for more info.
If you have 5 years experience in a non-IT audit/security type field, you can substitute for 1 year of experience requirement for the cert.

CISA is mandatory for IT auditor in any industry ... it can be used in Consultancy field as well ... to become IT Manager, you don't need CISA unless you pursue CISM

Hi clngu,

In order to get the cert, is it compulsory to do IT Auditor after pass the CISA exam ?Research from lowyat.net, the big4 company will pay you maximum RM 3K for the newbie IT auditor? Is it true?

it's absolutely not true...

CISA is nothing.. it's just a damn cert.. i have it and people don't even look at it when i apply to big4s overseas

not necessary to work as IT Auditor once you have CISA ...

If you want to work in overseas, CISA is just a entry level ... don't compare with Malaysia ...

--------------------------------------------------------------------------------------------------------------------------------------
since two of you have different views about CISA ... let me give a brief explanation in real world situation ...

In Malaysia, CISA is a pre-requisite certification to apply job in IT Management, IT Security, IT Auditing in Financial Industry ie. Banks, Securities and Insurance ... you can see it in Jobs Section in newspaper.

However over the years, CISA is becoming entry evel as there are many other IT certifications carry more weight ie. CISM, CISSP, ISO17799 Lead Auditor, SOX Auditor.

So to work in Big4, CISA is still carry weight but not as much as CISM, CISSP, etc. As a fresh IT Auditor, big4 pay RM3k is already higher than other industries. With CISM or CISSP, I believe you can get RM5k with 2-3 years experience.

To work in overseas, CISA is just a basic requirement because the standard is different. You need at least CISSP or ITIL to secure the job. Still paper qualification not play the important role during interviewing process.

If you said CISA is a damn certificate, then I doubt you can even maintain CPE points in 3 years.

My advice, there are few highly demanded IT certifications in the market ... some employers willing to you up to RM80k per month. I doubt you know anything about it.

I have many IT certifications yet I never criticize their value.

It is people like you who do not know what's going on and simply say things that make the Big4 seems so grand and dandy.

First of all if you have 2-3 years of experience even with all these following certs (i.e. CISSP, CISA, MBA, CISM, CISSP Concentrations Areas) your max pay will be at most RM4.5k. That means you're the number 1 amongst all your peers.


RM 80K a month is more than a Big4 partner's pay in Malaysia. Please....

u need 3-4 years experience to be certified as CISA / CISSP.


And you do not have to work as IT Audit to maintain the cert, the requirement is the CPE which you earn through training hours. But if you are not using the cert, why maintain it?

i doesnt understand how this CISA works? izzit i take the exam, then i wont get the cert but i have to be the member of ISACA and keep update my profile and pay for the member fees for 5 year, after 5 days just consider as an CISA certified?

Hi

In order to take up CISSP course, i know i need to have at least couples of years in security, in which i dont have, may i know is there any other ways which can i pursue to learn it, pass the exam and eventually eligible for CISSP ?

---

Added on May 27, 2008, 3:09 pmhi i have some questions to ask

i) So i must have some years of experience in security in order to get myself CISSP certified ?
ii) Where to find those learning centers to study CISSP, CISA, CISM ?
iii) What is the difference between CISSP, CISA and CISM
iv) any good books for CISSP, CISA and CISM ?

---

Added on May 27, 2008, 3:12 pmhi i have some questions to ask

i) So i must have some years of experience in security in order to get myself CISSP certified ?
ii) Where to find those learning centers to study CISSP, CISA, CISM ?
iii) What is the difference between CISSP, CISA and CISM
iv) any good books for CISSP, CISA and CISM ?


This post has been edited by abelardlim: May 27 2008, 03:12 PM

Any advice for CIA exam??

Any idea where to take this exam?

CISSP is much more expensive and tougher than CISA. By looking at the number of domains that need to be covered and number of questions, you could have an idea on the differences.
a pure CISA certified person is limited to IT auditing and not possible to have a direct transfer to infosec field while CISSP holder is more flexible between audit and infosec. CISSP is almost the equiv of CISM in term of coverage and cost. both are among the most expensive certification exams.

I have a number of work colleagues who are CISM, CISA and CISSP. By asking them the difference, they could tell you better. certification tends to differentiate you from the rest, at least on paper.

This post has been edited by saintcute: Jan 11 2009, 01:59 AM

Anyone interested in the IT / Networking / Project Management course please drop me a line. My company is a training provider for those course you mention. It is register under PSMB, thus can claim for HRD fund.

Thanks a lot.

Regards,
ernteoh
ernteoh@gmail.com

Is PSMB a pre approve fund? Hey, I'm looking at PMP, not sure this year company got budget or not. Any idea individual can claim PSMB?

yes, psmb approved...

i want to study cissp, however i dont have any IT security working experience. i want to change role.....

Thanks for all of your info.

lets attempt CISA, to try it. http://www.isaca.org/Certification/CISA-Ce...ssment-New.html

i'm still evaluating; CISA vs CIA.

Any learning center as to where I can get the CISA training course in Malaysia? Planning to take in Q4 of 2014.

Hi all,

anyone here from the local ISACA chapter?

me, just passed my cisa last year

u new?

Yeah. Just failed my CISA

Did you take the exam in new format (multi choice question)? Or the old essay one?
I'm planning to take this year but feel so demotivated to even register tsk
Is it really worth it ar this cert for IT auditor?

i took the mcq one.

tbh its tough. 2017 onwards its all mcq and computer based exams. so its about $525 now.

Passing rate for malaysia now is still less than 50% is it?
Hm I read before that it's better to take cgeit but idk la
Right now..I don't feel like working in audit field anymore but don't know where to go also 😅

stay strong bro, always next time

CISA and CISSP are one of those exams where its jack of all trades.
Hence those who have it often range from salespeople to managers to engineers to consultants to auditors.
Auditor work is really pain but there's always consulting.

i failed my cisa long time ago ... then no more heart to attend.

how much to take cisa now? i heard cisa certified very good nowadays .

early register exam fee $545, late register exam fee $595

thx , dono want to take cisa or cia . cia 3 paper. cisa 1 paper right?

yes cisa only 1 paper...
see which one u want do lo ...cia only general internal audit, cisa purely it ...take both

if both easy to pass i will take it bro, company pay if u pass only. if not pass , fork out own money.

money also concerns me

if lucky, company pay lo;
else sendiri pay and find new job lo. hr ask why resign? because u no provide training.

hhhm.. what line are you in now? 🤔

now in IT infra line ....

ah ok, just thought if u're still keen on taking CISA you can try the past questions database, it is really helpful for the exam 🙂

that time wanna take cisa because wanna join it audit firm... but no chance to join eventually, so give up ...

Anyone think CRISC good for IT security field?

Yes I believe.

If compare CRIS vs CISA, which one you think better future / pay in the market?

both also got its own value.....
if u are in audit firm , then go for cisa first... then only criss
if u are in security firm, already got cissp, then go for cris also.

Thanks @raymondha. I will go for CRISC then. CISSP seems tougher than CRISC.

ya, cissp very tough.... 6 hours exam... siao.... i also wish to get this cert....

is it doable to take CRISC without having IT background or taking CISA before it?

For the CISA exam, 150 questions in 4 hours is quite generous

can... why not .... but most company wont value ur cert....because u dont have experience.

hye sifus, based on uolls experience...

which of our local CISA training centre give the best package ? i.e. the classroom, meal etc.

always go with iverson on it cert however i found the meals provided is meh and classroom is quite sempit..
last time i go for crisc with alc training and it was held at a hotel which is good.berbaloi lah kan

just wondering any other training provider that have best rate

fyi - already inquiry alc training bout CISA - they doesnt have any session open yet.