What is ISACA? (Beginners Guide)

Cybersecurity is full of all kinds of acronyms, but what is ISACA? As you can imagine, ISACA does have their own explanation, however in this article we will break down the meaning, and why they are vital to us folk in cybersecurity. Without further ado, let’s jump into it.

What is ISACA?

ISACA, also known as the Information Systems Audit & Control Association, is an independent, international organization to help IT and Cybersecurity professionals with governance. In short, their mission is to improve worldwide digital trust, by using cyber governance tactics and standards, whilst allowing other organizations to use them too.

New ISACA Logo

What is the History of ISACA?

ISACA started out in 1969, founded by Stuart Tyrnauer – with the aim of making technology more secure and contributing to the positive usage of technology around the world. Originally, this started out trying to fix a problem. Upon auditing their systems and devices, Stuart and several of his colleagues realised how critical it could be if a system was to fail.

In 1994, after several iterations and improvements, the organization became abbreviated (rather than Information Systems Audit and Control Association), and has held the abbreviation ever since. Since then, ISACA has been engaging and developing globally accepted systems, best practices, and governance frameworks to help individuals and organizations better their critical systems, both from a security standpoint but also from an IT governance point of view.

ISACA now also has three divisions, known as Global, Europe, and China. Specifically, Europe and China have their own privacy and cyber governance laws which they wanted to help towards adoption. In 2022, ISACA Europe was coined in Dublin, Ireland and helps over 30,000+ members in Europe. China, on the other hand, was established in 2018 and serves over 5000+ members.

In total, ISACA now serves over 170,000+ members, covering 225 chapters (worldwide) and operates in 188 countries around the globe. The organization currently employs around 1300+ people, with its main headquarters in Schaumburg, Illinois.

What are the ISACA Standards?

ISACA has three main components to their standards and guidance. This covers Standards, Guidelines, and Techniques. All ISACA members must adhere to these closely, and full information can be found on the ISACA website.

ISACA Standards

Their Audit and Assurance standards are again divided into three categories, covering general standards, performance-based standards, and reporting. Their general range of standards is known as the 1000-series, their performance as 1200-series, and reporting as 1400-series.

As an example, Criteria (1008), Due Professional Care (1005), and Audit Charter (1001) are all general standards. Audit Scheduling (1202), Engagement Planning (1203), and Perfomance & Supervision (1204) are all performance-based standards. Reporting and Follow Up Activities (1401 & 1402) are covered under the reporting section of the standards.

Are there any Certifications from ISACA?

Yes! ISACA has several certifications, along with their value to you as an individual. They are as follows.

ISACA Certifications
ISACA Certifications

Certified Information Systems Auditor (CISA)

  • Skills Covered: Information Auditing, Governance and Management of Technology, and Information Protection.
  • Cost: $575-$760
  • Average Annual US Salary: $149,000+
  • Current Holders: 150,000+

Certified Information Security Manager (CISM)

  • Skills Covered: Information Security Governance, InfoSec, InfoSec Risk Management, Incident Management and Response.
  • Cost: $575-$760
  • Average Annual US Salary: $149,000+
  • Current Holders: 48,000+

Certified in Risk and Information Systems Control (CRISC)

  • Skills Covered: Risk Response, Risk Reporting, Corporate IT Governance, Risk Assessments, General InfoSec.
  • Cost: $575-$760
  • Average Annual US Salary: $150,000+
  • Current Holders: 30,000+

Read More: The 5 Best Entry-Level Cybersecurity Certifications.

Certified Data Privacy Solutions Engineer (CDPSE)

  • Skills Covered: Privacy Governance, Lifecycle of Data, and Privacy Architecture & Design.
  • Cost: $575-$760
  • Average Annual US Salary: $150,000+
  • Current Holders: 16,000+

Certified Governance of Enterprise IT (CGEIT)

  • Skills Covered: Enterprise IT Governance, IT Resources & Risk, Risk Optimization, Benefits Realization
  • Cost: $575-$760
  • Average Annual US Salary: $140,000+
  • Current Holders: 8,000+

Certified Cybersecurity Practionioer (CSX-P)

  • Skills Covered: How to Identify, Protect, Detect, Recover, and Respond to Cybersecurity Threats
  • Cost: $649-$749
  • Average Annual US Salary: $160,000+
  • Current Holders: 10,000+

Our Verdict

Overall, we believe we need organizations like this to ensure that we are covering all angles from computer audits to cybersecurity auditing. Whilst they have agreed to go further and bridge the gap worldwide for digital trust, we are looking forward to what they have to bring to the table in the near future.

Photo of author

About the Author

Charlie K

Charlie has been working with technology since the age of 6, and has skilled up on all things technical. Cybersecurity is one aspect that has never failed to disappoint. After several years in the industry, Charlie is branching out to help others get into the industry.

Leave a Comment