Definition

ISACA

Paul Kirvan

By

Paul Kirvan

What is ISACA?

ISACA is an independent, nonprofit, global association that engages in the development, adoption and use of globally acceptedinformation system(IS) knowledge and practices. Previously known as the Information Systems Audit and Control Association, ISACA now goes by its acronym only.

What does ISACA offer?

ISACA provides guidance, benchmarks and governance tools for enterprises that use information systems. ISACA also hosts a series of international conferences that focus on technical and managerial topics relating to IS assurance, control, security and IT governance.

It also administers manyprofessional certificationprograms, includingCertified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), Certified in the Governance of Enterprise IT, Certified in Risk and Information Systems Control, Certified Data Privacy Systems Engineer, Cybersecurity Practitioner Credential, Certified in Emerging Technology (CET) and Information Technology Certified Associate (ITCA). Candidates must pass a certification exam to obtain the desired credential. Due to the popularity of the CISA exam, ISACA increased the frequency and locations of test centers for CISA candidates several years ago.

information governance diagram — ISACA offers guidance, benchmarks and governance tools for organizations that use information systems.

ISACA also offers 17 certifications across a broad range of IT issues, including risk, auditing, networking, cybersecurity and artificial intelligence (AI). The following is a list of those certifications:

IT Audit Fundamentals Certificate.
IT Risk Fundamentals Certificate.
Certificate of Cloud Auditing Knowledge.
Cybersecurity Audit Certificate.
Computing Fundamentals Certificate.
Networks and Infrastructure Fundamentals Certificate.
Cybersecurity Fundamentals Certificate.
Software Development Fundamentals Certificate.
Data Science Fundamentals Certificate.
Cloud Fundamentals Certificate.
Blockchain Fundamentals Certificate.
IoT Fundamentals Certificate.
Artificial Intelligence Fundamentals Certificate.
COBIT Design and Implementation.
Implementing the NIST Cybersecurity Framework Using COBIT 2019.
COBIT Foundation.
COBIT 5 Certificates.

ISACA extends its reach globally through 225 chapters in 188 countries. Most of its 170,000 members have at least one ISACA credential, commonly the CISA. ISACA offers numerous educational programs, guidance and reference documents and other resources across its focus areas.

ISACA also developed Control Objectives for Information and Related Technology (COBIT), a businessand technology frameworkdesigned to help enterprises across industries manage their information and technology. The current version, COBIT 5, was updated in 2019 and is regularly reviewed and updated as needed. Numerous training courses, white papers and reference documents have been developed in support of COBIT.

IT security framework options graphic — ISACA's COBIT provides a framework for implementing, monitoring and improving IT management best practices, including security.

Who uses ISACA?

Anyone involved in IT security, risk, governance, enterprise operations, and auditing can benefit from the many services offered by ISACA, in addition to membership and certification. Non-IT professionals can adapt ISACA tools and guidance to their own requirements.

Why is ISACA important?

Founded in 1969, ISACA has become a preeminent resource for IT professionals across different areas of information technology, governance and risk, cybersecurity, auditing and many other disciplines. ISACA certifications, particularly the CISM and CISA certifications, are among the most widely recognized and accepted IT credentials. While an ISACA credential does not guarantee a promotion or job offer, having a credential adds important credibility that is acknowledged by organizations of all types and sizes.

ISACA research and guidance resources are often referred to in the performance of a variety of IT initiatives, such as IT audits, IT governance, cybersecurity management and compliance projects. IT audits, for example, that are supported by ISACA guidance, are highly regarded as the auditing process can be performed consistently across a range of IT controls. Because the rules are globally accepted, organizations with large IT teams, can standardize their audit practices by using ISACA guidance and frameworks.

Pros and cons of ISACA membership and certification

ISACA certifications are recognized globally and have significant research and analysis behind them. Various ISACA internal teams and committees keep the rules up to date and in sync with emerging technology trends, such as AI and cybersecurity. Professional development is a primary activity, as ISACA offers dozens of training courses to help members sharpen their skills. ISACA membership provides the opportunity to network with tens of thousands of members worldwide.

most valuable cybersecurity certifications — ISACA and its competitors in the IT training and certification offer variety of cybersecurity exams.

However, ISACA members pay annual dues for membership and for their certifications. Certified members must annually present evidence of their efforts at continuing education to retain their certifications. ISACA has several competitors in the IT training and certification space, such as the International Information Systems Security Certification Consortium (ISC2), CompTIA and SANS Institute. Each organization has a different focus, which is beneficial for IT professionals, who can pick and choose among the available options.

Check out nine advanced IT certifications for operations experts, and 10 cybersecurity certifications to boost your career. Compare top identity and access management certifications, and explore CISA practice questions to prep for the exam.

This was last updated in August 2023

Continue Reading About ISACA

IT certification vs. degree: Which is better for your career?

9 IoT training certifications to take your next career step

Cyber security training: Insights for future professionals

Top 10 IT security frameworks and standards explained

Top 10 cybersecurity interview questions and answers

Dig Deeper on IT applications, infrastructure and operations

Search Cloud Computing

How to use AI to bridge the cloud skills gap
Once admins have acknowledged the cloud skills gap within their team, it's time to act. Can AI offer teams the resources they ...
10 cloud programming languages developers need to know
Cloud programming languages are not one-size-fits-all. Learn about the top cloud programming languages, and use our expert ...
A snapshot of Oracle AI in the cloud market
Oracle AI is riding recent success in the cloud market. Can Oracle Cloud Infrastructure rise to become a standard in enterprise ...

Search Mobile Computing

How to incorporate smishing into security awareness training
Smishing is a major threat on enterprise smartphones, but users might not know how it compares to traditional email phishing. IT ...
Building mobile security awareness training for end users
Do concerns of malware, social engineering and unpatched software on employee mobile devices have you up at night? One good place...
How to remove a work profile from an Android device
When a user leaves their organization or loses their device, it's time to remove their Android work profile. Learn three methods ...

Search Data Center

19 Linux performance monitoring utilities
Monitoring Linux server performance is vital for optimal operation. System admins should consider these 19 performance monitoring...
Explore the impact of quantum computing on cryptography
When quantum computers become more widely available, lots of encryption types will be vulnerable. Learn why, plus solutions and ...
Classical vs. quantum computing: What are the differences?
Classical and quantum computers differ in their computing capabilities, how they operate and the resources they need. Know the ...

Sustainability
and ESG

6 business-driving reasons why diverse teams are smarter
Supporting diversity, equity and inclusion -- or DEI -- isn't just the 'woke' thing to do. Diverse teams are smarter and more ...
How AI can strengthen ESG reporting
Gathering data across an ecosystem of stakeholders is a slog. But with the right tools, it can be easier.
14 types of diversity in the workplace
Diversity can help improve a company's bottom line, but the term often causes confusion. Learn about the different types and how ...

Close