Transcription

Table of ContentsTable of Contents . 2Section 1: COBIT 2019 Certificate programs . 3a. About the COBIT 2019 Certificate programs . 3b. About the COBIT 2019 Certificate exams . 3c. COBIT 2019 training options . 4Section 2: Cybersecurity Audit Certificate program . 5a. About the Cybersecurity Audit Certificate program . 5b. About the Cybersecurity Audit Certificate exam . 5c. Cybersecurity Audit training options . 5Section 3: Cybersecurity Fundamentals Certificate program . 6a. About the Cybersecurity Fundamentals Certificate program . 6b. About the Cybersecurity Fundamentals Certificate exam . 6c. Cybersecurity Fundamentals training options . 6Section 4: IT Risk Fundamentals Certificate program . 7a. About the IT Risk Fundamentals Certificate program . 7b. About the IT Risk Fundamentals Certificate exam . 7c. IT Risk Fundamentals training options . 7Section 5: Certificate of Cloud Auditing Knowledge Certificate program. 8a. About the Certificate of Cloud Auditing Knowledge Certificate program . 8b. About the Certificate of Cloud Auditing Knowledge Certificate exam . 8c. Certificate of Cloud Auditing Knowledge training options . 9Section 6: Before the exam . 10a. Ensure you have the proper technology . 10b. Purchase the exam. 11c. Schedule the exam . 12d. Reschedule the exam. 12Section 7: During the exam . 13a. Exam requirements . 13b. Exam rules . 13c. Taking the exam . 14d. Online exam environment . 15e. Issues during the exam . 15Section 8: After the exam . 16a. Exam results. 16b. Viewing your score and accessing your certificate . 16c. Claiming & sharing your digital badge . 16d. Retaking the exam . 16Section 9: Help . 17a. Technical support . 17b. ISACA customer service . 17Page 2

Section 1: COBIT 2019 Certificate programsa. About the COBIT 2019 Certificate programsThe COBIT 2019 Certificate programs were designed to help COBIT 2019 users gain a more in-depth understandingof the COBIT 2019 Framework and provide attestation of the individual’s knowledge of the various aspects ofCOBIT 2019 and enterprise governance of information and technology (EGIT). The programs include: The COBIT 2019 Foundation Course and Exam The COBIT 2019 Design and Implementation Course and Exam Implementing the NIST Cybersecurity Framework Using COBIT 2019 Course and Examb. About the COBIT 2019 Certificate examsCOBIT 2019 FoundationCOBIT 2019 Design andImplementationImplementing the NISTCybersecurity FrameworkUsing COBIT 2019DescriptionCertificate candidatesexplore COBIT 2019concepts, principles andmethodologies used toestablish, enhance andmaintain a system foreffective governance andmanagement of enterpriseinformation technology.The exam will test acandidate’s understandingof the topics and those thatachieve a passing score onthe COBIT 2019 Foundationexam receive the COBIT2019 FoundationCertificate.Certificate candidates exploreCOBIT 2019 key conceptsprovided within the COBIT 2019Design Guide and the COBIT2019 Implementation Guide.The candidates will also learnhow to apply these concepts in(simulated) practice, how toanalyze governance-relatedproblems and solutions basedon COBIT 2019 solutions. Thosethat achieve a passing score onthe COBIT 2019 Design andImplementation Exam receivethe COBIT 2019 Design andImplementation Certificate.Certificate candidates explorethe NIST CybersecurityFramework, its goals,implementation steps, and theability to apply the informationin an organization’senvironment. The exam is forindividuals who have a basicunderstanding of both COBIT2019 and security concepts,and who are involved inimporting and/or building thecybersecurity program andtheir enterprises.PrerequisitesNoneCOBIT 2019 FoundationCertificateCOBIT 2019 FoundationCertificateDomain (%)Framework Introduction(12%)Principles (13%)Governance System andComponents (30%)Governance andManagement Objectives(23%)Performance Management(4%)Designing a TailoredGovernance System (7%)Business Case (3%)Implementation (8%)COBIT 2019 Basic Concepts (8%)Design Factors for a GovernanceSystem (15%)Impact of Design Factors (3%)The Governance System DesignWorkflow (32%)Implementing and OptimizingI&T Governance Overview (7%)Governance ImplementationLifecycle (32%)Key Topics Decision Matrix (3%)Overview of the CybersecurityFramework (10%)Cybersecurity FrameworkStructure (15%)Framework Implementation(75%)Page 3

No. ofQuestions75 Multiple-choice60 Multiple-choice50 Multiple-choiceExamLength2 hours (120 minutes)3 hours (180 minutes)1.5 hours (90 minutes)PassingScore65%60%65%ExamLanguagesEnglish, Chinese Simplified,Japanese, SpanishEnglishEnglishExam Price 175 275 275Please note that purchases are non-refundable and non-transferable. It’s important that exam candidates firstconfirm access to the required technology to launch the exam before purchasing COBIT 2019 Certificate exam.To review the technology requirements, refer to Section 6a of this guide. Candidates have 365-days from theirdate of purchase to take the exam.c. COBIT 2019 training optionsISACA offers a wide variety of COBIT training opportunities designed to fit your unique requirements for subjectmatter and learning style. Training options include: Classroom training (offered by accredited training partners) Virtual instructor-led training Conference workshops Onsite and Self-Study Training weekISACA also offers core publications that provide the foundation for creating a customized governance program forinformation and technology, right-sized to the needs of your enterprise.Please visit ISACA’s website for more information on COBIT 2019 training and publications.Page 4

Section 2: Cybersecurity Audit Certificate programa. About the Cybersecurity Audit Certificate programThe Cybersecurity Audit Certificate program covers four key areas of cybersecurity audit: cybersecurity and audit’srole, cybersecurity governance, cybersecurity operations, and specific technology topics. The comprehensiveprogram is purchased as a bundle and includes: 1.) a study guide, 2.) a training course offered in choice of formats,3.) an online, remote proctored exam.b. About the Cybersecurity Audit Certificate examCybersecurity AuditDescriptionCertificate candidates explore concepts related to evaluating cybersecurity risk andauditing the cybersecurity controls for an organization and then demonstrate theirunderstanding of the topics by achieving a passing score on the Cybersecurity AuditCertificate exam.Pre-requisitesNoneDomain (%)Cybersecurity Operations (45%)Cybersecurity Technology Topics (30%)Cybersecurity Governance (20%)Cybersecurity and Audit’s Role (5%)No. of Questions75 Multiple-choiceExam Length2 hours (120 minutes)Passing Score65%Exam LanguagesEnglishExam PriceBundle prices vary based on the training format chosen. For bundle pricing andmore information on the types of trainings offered, please refer y-audit-certificate.If a candidate does not pass the exam included with their bundle, retake examsmay be purchased. The cost of a retake exam is 249 for ISACA members, and 299for non-members. Refer to Section 8d for more information regarding retakeattempts.Please note that purchases are non-refundable and non-transferable. It’s important that exam candidates firstconfirm access to the required technology to launch the exam before purchasing a Cybersecurity AuditCertificate bundle. To review the technology requirements, refer to Section 6a of this guide. Candidates have365-days from their date of purchase to take the exam.c. Cybersecurity Audit training optionsThe Cybersecurity Audit Certificate exam is purchased as part of a bundle, including the Cybersecurity AuditCertificate Study Guide and your choice of training. Options include online self-paced learning, virtual instructorled training and onsite options held at various locations throughout the year. It is recommended that youcomplete your training prior to scheduling your Cybersecurity Audit Certificate exam. Bundle prices vary based onthe training format chosen. For bundle pricing and more information on the types of trainings offered, please referto audit-certificate.Page 5

Section 3: Cybersecurity Fundamentals Certificate programa. About the Cybersecurity Fundamentals Certificate programThe Cybersecurity Fundamentals Certificate is a knowledge-based certificate offered by ISACA. As part of ISACA’sCybersecurity Nexus (CSX) program, the certificate is particularly relevant for recent college/university graduatesand those looking for a career change to cybersecurity. The certificate is aligned with the National Institute ofStandards and Technology (NIST) National Initiative for Cybersecurity Education (NICE), which is compatible withglobal cybersecurity issues, activities, and job roles. The certificate is also aligned with the Skills Framework for theInformation Age (SFIA).b. About the Cybersecurity Fundamentals Certificate examCybersecurity FundamentalsDescriptionCertificate candidates demonstrate their understanding of the principles that frameand define cybersecurity, and the integral role of cybersecurity professional inprotecting enterprise data by achieving a passing score on the CybersecurityFundamentals Certificate exam.Pre-requisitesNoneDomain (%)Cybersecurity Concepts (10%)Cybersecurity Architecture Principles (20%)Security of Network, System, Application, & Data (40%)Incident Response (20%)Security of Evolving Technology (10%)No. of Questions75 Multiple-choiceExam Length2 hours (120 minutes)Passing Score65%Exam LanguagesEnglish, Chinese Simplified, SpanishExam Price 150Please note that purchases are non-refundable and non-transferable. It’s important that exam candidates firstconfirm access to the required technology to launch the exam before purchasing a Cybersecurity FundamentalsCertificate exam. To review the technology requirements, refer to Section 6a of this guide. Candidates have 365days from their date of purchase to take the exam.c. Cybersecurity Fundamentals training optionsThere are many ways to prepare for the exam. You will be able to choose a method best suited to your personallearning style and preferences. Options include: Cybersecurity Fundamentals Study Guide (click “Get the Training”)Conference workshops & sessionsVirtual instructor-led trainingOnline courseTraining weekLearn more about the Cybersecurity Fundamentals Certificate program on ISACA’s website.Page 6

Section 4: IT Risk Fundamentals Certificate programa. About the IT Risk Fundamentals Certificate programThe IT Risk Fundamentals Certificate is a knowledge-based certificate offered by ISACA. This program is ideal forprofessionals who wish to learn about risk and information and technology (I&T)-related risk, who currentlyinteract with risk professionals, or are new to risk and interested in working in the risk or IT risk profession.b. About the IT Risk Fundamentals Certificate examIT Risk FundamentalsDescriptionCertificate candidates will explore basis terminology, concepts, general practicesand explanations of risk and I&T-related risk, and then demonstrate theirunderstanding of the topics by achieving a passing score on the IT RiskFundamentals Certificate exam.Pre-requisitesNoneDomain (%)Risk Intro and Overview (5%)Risk Governance and Management (15%)Risk Identification (20%)Risk Assessment and Analysis (25%)Risk Response (15%)Risk Monitoring, Reporting and Communication (20%)No. of Questions75 Multiple-choiceExam Length2 hours (120 minutes)Passing Score65%Exam LanguagesEnglishExam Price 175 Member / 225 Non-MemberPlease note that purchases are non-refundable and non-transferable. It’s important that exam candidates firstconfirm access to the required technology to launch the exam before purchasing an IT Risk FundamentalsCertificate exam. To review the technology requirements, refer to Section 6a of this guide. Candidates have 365days from their date of purchase to take the exam.c. IT Risk Fundamentals training optionsThere are many ways to prepare for the exam. You will be able to choose a method best suited to your personallearning style and preferences. Options include: IT Risk Fundamentals Study GuideConference workshops & sessionsVirtual instructor-led trainingOnline courseTraining weekLearn more about the IT Risk Fundamentals Certificate program on ISACA’s website.Page 7

Section 5: Certificate of Cloud Auditing Knowledge Certificate programa. About the Certificate of Cloud Auditing Knowledge Certificate programThe Certificate of Cloud Auditing Knowledge (CCAK) is brought to you by Cloud Security Alliance (CSA) and ISACA.This certificate fills a gap in the market for vendor neutral, technical education for IT audit, security, and riskprofessionals to understand unique cloud terminology, challenges, and solutions.b. About the Certificate of Cloud Auditing Knowledge Certificate examCertificate of Cloud Auditing KnowledgeDescriptionCertificate candidates understand core cloud concepts including:Assessing and auditing cloud environments versus traditional IT infrastructure &services.Using cloud security assessment methods and techniques to evaluate a cloudservice prior to and during the provision of the service.How existing governance policies and frameworks are affected by the introductionof cloud into the ecosystem.The unique requirements of compliance in the cloud due to shared responsibilitybetween cloud providers and customers.How to use a cloud-specific security controls framework to ensure security withinyour organization.Measuring control effectiveness through metrics and ultimately leads to continuousmonitoring.Pre-requisitesNoneDomain (%)Cloud Governance (18%)Cloud Compliance Program (21%)CCM and CAIQ: Goals, Objectives, and Structure (12%)A Threat Analysis Methodology for Cloud Using CCM (5%)Evaluating a Cloud Compliance Program (9%)Cloud Auditing (15%)CCM: Auditing Controls (8%)Continuous Assurance and Compliance (7%)STAR Program (5%)No. of Questions76 Multiple-choiceExam Length2 hours (120 minutes)Passing Score70%Exam LanguagesEnglishExam Price 395 Member / 495 Non-MemberPlease note that purchases are non-refundable and non-transferable. It’s important that exam candidates firstconfirm access to the required technology to launch the exam before purchasing a CCAK Certificate exam. Toreview the technology requirements, refer to Section 6a of this guide. Candidates have 365-days from their dateof purchase to take the exam.Page 8

c. Certificate of Cloud Auditing Knowledge training optionsThere are many ways to prepare for the exam. You will be able to choose a method best suited to your personallearning style and preferences. Options include: Certificate of Cloud Auditing Knowledge Study GuideConference workshops & sessionsVirtual instructor-led trainingOnline courseTraining weekLearn more about the Certificate of Cloud Auditing Knowledge program on ISACA’s website.Page 9

Section 6: Before the exama. Ensure you have the proper technologyThe list below contains all the hardware and software requirements for the exam. Operating system supported: Windows, Macintosh 10Web browser: Google Chrome or Chromium version 32 and aboveYou will need to download the PSI Secure Browser (This can be done NO MORE than 30 minutes prior toyour scheduled exam time. If you are taking your exam from a work location, we advise contacting yourlocal IT administrator to inform them that you will need to download the browser to your machine.)o Browser settings: Your browser must accept 3rd party cookies for only the duration of the examWebcam/Microphone: Minimum VGA 640 x 480 resolution, enabled built in or external microphoneBandwidth: Minimum 500kb/s download and 256kb/s uploadHardware Requirements: 1GB RAM & 2GHz dual core processor, minimum 1280 x 800 resolutionIt is highly recommended that before scheduling, candidates perform the compatibility check on the computer youwill be using to take the exam. This can be accessed at any time once you have registered for the exam directlyfrom the PSI dashboard or at https://home.psiexams.com/static/#/bcheck. We recommend performing a secondcompatibility check 72 hours prior to your scheduled exam time in case changes to your machine software orhardware have occurred since scheduling. Please contact PSI Technical Support if you have any questions aboutyour compatibility test results: Inside the U.S.: (844) 267-1017 Outside the U.S.: 1-702-939-6734 Chat: e: Please be aware that you cannot take an exam using a virtual machine even though the compatibility checkmay not display any issues. The compatibility check is unable to detect a virtual machine.Page 10

When you schedule the exam, you can also view these requirements and perform another compatibility check.Refer to Section 6c of this guide.Note that purchases are non-refundable, so please check your system requirements prior to completing yourpurchase.b. Purchase the examThe registration form and payment must be completed before you can schedule an exam. Exam fees are nonrefundable and non-transferable. When you complete the online registration process, you are agreeing to adhereto and accept ISACA’s Candidate Security Agreement. It is important that you understand this agreement prior toregistration.1.2.3.Sign in to or create your ISACA account using your username and password.Select and add the Certificate program exam of your choice to your shopping cartMake your payment. You may choose to pay by check, bank transfer, or credit card. Follow the onscreeninstructions to complete your purchase.Special Accommodations:If you have a disability that requires a special accommodation, special testing accommodations must be requestedduring the registration process and approved by ISACA BEFORE scheduling the exam.To request special accommodations complete ISACA’s Special Accommodation Request Form and submit the formto ISACA at [email protected] for review and approval. This form must be completed by you and your healthcare professional.All requests should be submitted to ISACA no later than 4 weeks prior to your preferred exam time and is onlyvalid for that one exam administration. The Special Accommodation Request can be found ommodations-for-isaca-exams.Page 11

c. Schedule the examNote: Candidates have a 365-day eligibility period to take their exam. This means that from the date you purchase,you have 1-year (365-days) to take your exam. Exams not taken within this eligibility period will result in forfeitureof fees.1.2.3.4.5.Go to the ISACA website and click My ISACA on the right of the top navigation.Type your Username and Password and click Login.Note: You must be logged in to complete the following steps.From the My ISACA Dashboard, click on Certificate Programs, then click the Visit Exam Website buttonnext to the exam you wish to schedule. This will take you to the PSI website where you can schedule theexam.Note 1: PSI is the third-party that manages the online exam and remote proctoring.When you click the Visit Exam Website button, you will navigate away from the ISACA website.Note 2: If you have an exam that has not been completed, you will continue to have access to the VisitExam Website button. If you have completed the exam, this button will not be displayed.You may perform a compatibility check prior to scheduling your exam. You may do so directly from yourPSI dashboard. We recommend that you perform this check from the computer you plan on using to takethe exam.Once on PSI scheduling site follow the instructions: Select an exam Language Enter your Country and Time zone Select an available Date and Time on the calendar Confirm Schedule Details and click ContinueYou will receive a confirmation email from [email protected] confirming your exam appointment.d. Reschedule the examShould you need to reschedule your exam, you can do so up to 48 hours before your originally scheduled day andtime. To reschedule an appointment: Login to your ISACA Account. From the My ISACA Dashboard, click onCertificate Programs, click the Visit Exam Website button next to the exam you wish to reschedule. This will takeyou to the PSI website where you can reschedule the exam. Click on View DetailsClick RescheduleConfirm that you want to reschedule your examFollow the Scheduling instructions aboveNote: If a scheduled appointment is not rescheduled or cancelled at least 48 hours beforehand, the exam must betaken at the scheduled time or the exam fees will be forfeited. If you have any questions regarding therescheduling requirements, please contact ISACA Customer Experience Center by visiting https://support.isaca.org.Page 12

Section 7: During the exama. Exam requirementsPlease read the following requirements before you sit for your exam. Failure to comply will result in your exambeing voided with no refund.1.2.3.4.5.6.7.8.9.Choose a quiet area to take the exam. Avoid choosing an area that may contain loud noises (i.e., TV,family, music, pets, visitors, etc.) and public places (i.e., coffee shops, restaurants, parks, etc.).You will need a valid photo ID. The name on the ID must be the same as the name that appears in yourISACA profile. If your ID has expired, the proctor will ask that you reschedule your exam, until you canprovide a valid photo ID. The types of photo IDs that are allowed include government issued IDs, driver’slicenses and passports. Your photo on the ID should be made clearly visible to the camera when promptedby the proctor.You will need a web cam.You will need to have a clean work area with no reference materials available.You may access the online exam environment 15 minutes prior to the scheduled start time. It isrecommended you do so to connect with the remote proctor and launch the exam properly.Be sure your computer has sufficient battery life and/or is plugged into a power source for the durationof the exam.You must have stable internet connectivity for the duration of the exam. If you lose internet connectivityduring the exam, your session will be ended automatically, and results voided.You must take the exam in full screen mode.There will be no cancellation or reschedule requests granted within 48 hours of the scheduled exam.Note: Failure to comply with any of the above will result in your exam being voided and forfeiture of your examfees. If you have any questions regarding these requirements, please contact ISACA Customer Experience Centerby visiting https://support.isaca.org.b. Exam rulesThe exam is online, closed book and remotely proctored. The proctor will stop the exam if any of the exam rulesare not followed. Any form of cheating will not be tolerated and will result in a voided exam without refund.More specifically, the following scenarios are NOT allowed during testing: Using a phone or cell phoneReading the questions out loudUsing an instant messenger tool/systemUsing a cameraTaking screen captures of the computer screen/exam itemsIncluding papers, books, notes, etc. in the work areaEating or drinkingWalking around the roomOther people standing in or walking through your

Training week ISACA also offers core publications that provide the foundation for creating a customized governance program for information and technology, right-sized to the needs of your enterprise. Please visit ISA A's website for more information on COBIT 2019 training and publications.