josephc@chol.comCGEIT, CISA, COBIT, CISM, CCFP, CISSP, CSSLP, ISO 27001(P.A), CIA, ITIL, IT-PMP, PMP, ISO 20000(P.A), PMS(P.A), (ISC)2 CISSP ΰ, ý۰ ѱȭ ̹˿汳ȭ Ȱϰ ִ. IT/IT ̿ ̻, б ӱ, ()ѱȸ, (ISC)2 CISSP Korea ѱ, ѱ ȸ ̻ε Ȱ ̸ ѱ Ʈ ڰݰ Ȱ ϰ ִ. IT, ΰ, ITŹͽ Źͽ, ɺоߴ. ̿ ؼ , , Ȱϰ ϰ ִ. ΰ? 2011 ã Ѵ. ° ົ ITŹͽ ӿũ ں Ⱓ ȣ Ⱓ غ ̴.
ȭ ô븦 Ѿ ̹ ô븦 ƿ鼭 ؾ ϴ ̴. ̹ ȭ ô, ̹ ô븦 ǥϴ (, information) ̾߱Ϸ Ѵ.
ֿ ڻ Ͻ μ ǥϰ ִ. ̴ Ͻ μ ITȭ ǰų IT ô밡 Ǿٰ Ѵ. Ͻ μ Ϸ IT ˾ƾ߸ ̴.
< 1> ع
(, audit) ǥ ľ װ ħϴ Ͻ μ , ϴ Ѵ. Ͻ μ κ ITȭ Ǿų IT ϰ Ƿ IT ϰ IT 縦 ˾ƾ 縦 ߴٰ ִ ̴.
̹ ۿ 140 170 縦 Ȯϰ 5 IT IT , Źͽ İ ʸ ôϰ ִ ISACA (ý ȸ) ǥ ڰ CISA(ý ) ߽ Ʈ Ѵ.
츮 ظ 2,000 Ѵ ڰ CISA ϱ ϰ ִ ǿ ؼ 캸 ϰڴ.
< 2> CISA ΰ
CISA Ŵ ڰڵ ü̸ 輭 ̸ ǹ IT 縦 ϱ ̵ Ѵ. 2011 CISA Ŵ ߽ ̹ ˾ƺ .
< 3> 2011 CISA Ŵ
̹ ô IT ʿ ΰ? CISA ΰ ¤ ̹ Ű Ʈ.
ŰƮ ٲپ . ȭ ô ͼµ ̹ ô븦 ϰ ִ. ̹ ô ȭ ô ٸ? ܺ ˰ ְ IT ϴµ ü ̰ ʿѰ? CISA ̱ ų 2,000 Ѵ ϰ ?
ؼ õǰ ƴ ͺٵ ߿ ִ.
1,000 ؼ 1,000 ƴ ͺٵ 1 ߿ ݴ ϴ. ݴ´ٴ ݱ ڵ ʾҰų غ ߴ ƴ ̴.
ݱʹ ٸ ϴ ο þ߸ ְ Ǹ (, thought)ϰ Ǵ ̴. ǰ ӿ ൿ ȭ ȴ. ൿ ȭ ó ȯ濡 ȭѴ. Ǿ ̴.
< 4> ܰ
̹ ô
̹ ô ȭ ôʹ ٸ ǥȴ. ȭ ô ̹ ߰ų ¼ ִ. ݸ鿡 ̹ ô ִ. ̶ ص ϴ.
ȭ ô ̹ ô ȭδ . ô뺰 ǹ̸ η 簡 ɾ 븦 ˾ƺ.
ô뿡 ǹ̴ ϴ. ߴDZ ô뿡 ü 㺸ϱ . ٽ ؼ ¾ Ƴ Ȯ ٴ .
Ƿ üμ Ƴƾ߸ ߴ. ̶ ̿ ͵̴. ɰ ΰ? ʰ ʹ Ҵ ΰ? õ ʱ ̳ ͼ ٴϴ ذ ͵ ߿ ü ̴.
ô. ƴٴϴ η ̳ ҿ ̳ ϴ ͵ϰ Ǹ鼭 Ȱ ϰ ȴ. ڶ ڶ Ÿ ϱ ؼ ˰ ȴ. 뵿¿ ؼ ¿ǹǷ ִ ڿ Ȯϰ ȴ. 뵿 Ȳ Ǿ.
ô 鼭 η ذDZ 䱸 ȭϰ ȴ. Ư 䱸 ü ִ ɷ ȴ.
̷ ̻ Ÿ ʰ ְ ƴ. ü̱ ϰ Ծ Ѵ. η ʰ Դٰ Ѳ ־. Ӹ ƴ϶ ǰ DZ ߴ.
ô ߸ ̴. 麸 ֵ ϴ , װ .
η ʰ 췯 dzο η ִ ô븦 ϰ ȴ. װ ٷ ȭ ȸ ִ.
ýô ô ʿ ߴ ϸ鼭 ܰ ̵ 뼼 ô밡 ̴.
ǻ ʰ Ÿ ȭ Ǿ. ߿ ƴ϶ ʿ ʿ ܰ(era of knowledge) ȭ ŵϰ Ǿ.
< 5> ô õ
̹ ô ȭ ô ̴. 谡 ƴ ٸ 谡 Ѵ. (physical) ƴ (logical) ε ô밡 Ǿ.
迡 ̷ ߴ ̹() ô뿡 .
MMOG(Massively Multiplayer Online Game) õ, ǻ ڰ ÿ ϳ ȣۿϴ ϰ ȴ.
Ǽ迡 ̶ ϴ ϸ MMOGȿ 鼺 Ŵ ְ ִ.
ʿ ʰ ȴ. ҿ ´ ȭ ʴ SNS(Ҽ Ʈŷ ) ̿ڵ Ʈũ ְ ƴ. ̵ ̵ ư Ŭ (Cloud Service) Ǵ ô ٲ ִ.
ȭ ô뿡 , װ ͵ 췯 ̷ ̴.
< 6> ̹ ô ǥ
(ֽȸ)
ֽȸ縦 ⺻ ϴ ǥ ѷϴ. ǥ ̱ ̴.
ǥ , ο ֱ ̴. ٸ ΰ? 翬 ֿ ڵ̴. ȴ. ε, ֵ ǥ ϱ ʴ´. ٸ ü鿡 ϰ ȴ. ٷ ̻ȸ 濵 μ ǰ ȴ. ̸ 븮ε鿡 ϴ ̴.
ֵ 븮ε鿡 濵 ϰ ñ ε, ϰ ñ ŷ ׳ ŷڰ δ ϴ. 3ڰ ŷڼ ʿ䰡 ְ ȴ. ֵ ں, , ε 䱸 濵 ̷ ȯ Ǵ , ֵ̳ 븮ε ƴ , ϴ (, audit) Ѵ. ź ̴.
縦 ϱ (terminology)
̻ȸ - directors, boards, BOD 濵 - senior management μ - manager - staff
- enterprise, corporate - organization μ - division(), department(μ) μ - process Ȱ - activity ǹ - practice 濵 и - separation between capital and administration 븮 ̷ - agency theory, stewardship theory - independency and Objectivity
< 7> 濵, 赵
Źͽ
Źͽ(Governance) ǥ ϱ ֵ û 븮ε ǥ ̻ȸ ϵ Ȱ , , ϱ Ͽ μ ̴. ̷ Źͽ κ̸ ʿ ̱ ϴ.
Źͽ IT Źͽ, ȣ Źͽ IT Ȥ μ 縦 ؼ Ұ ̴.
< 8> Źͽ 䵵
IT ʿ伺
縦 븮ε̴. 븮ε 濵 ε 縦 ϴ ̴. 濵 帧 ִ.
Ͻ μ(business process) ؾ ü ִ. Ͻ μ Ѻٸ Ȱ Ұϴ. ܺΰ(ȸ谨 ) ȭ Ǿ ϰ ȴ.
̰ ܺΰ Ͻ μ Ӽ Ⱑ . ϰ ñε Ӽ Ⱑ ƴ. ̷ غϱ ΰ(internal audit) ʿ伺 ϰ ȴ.
ΰ ٹϴ ̳ ܺ ε Ͻ μ ϰ ν 簡 ݵ ְ ƴ.
ȭ ô ̹ ô븦 鼭 κ Ͻ μ IT ް ǹǷ Ͻ μ 縦 ϱ ؼ IT 縦 ؾ ϴ Ǿ. IT ϰ IT ϴ Ͻ μ ؼ ̴.
< 9> ź
CISA Ȱ
CISA(Certified Information System Auditor) ý μ IT 縦 ĪѴ. ռ ߵ ֽȸ縦 ϴ ȣǴ ڰ̱ ϸ IT ַ Ȱϴ 밡 ̴.
CISA, IT ⺻ CISA Ŵ ؿ ؼ ִ. 2011 CISA Ŵ ظ Ͻ ȯ ٲ ǹǷ CISA, IT縦 ̵̸ ü CISA Ŵ Ⱓ ŵǴ Ư¡ ִ.
̴ IT ϱ ǹ μ ټ (ι) Ǿִ. ý μ, IT Źͽ , ý ȹ, , ý , , ڻ ȣ 5 ̴.
<ǥ 1> Ȯ ִ.
(ι)
ý
μ
IT ǥؿ () Ͽ IT(ý) ȣϰ ϱ IT ǥؿ ´ ()
- ǰ ý ⺻
IT Źͽ
IT ʿ ʰ μ ǥ ϰ ϵ Ǿ ,
- 濵 IT ϰ ñ θ ϱ
ȹ,
ý μ, , Ʈ ǥ ϵ ,
- ǥ ǹ(: Ʈ , , )
,
ý , μ ǥ ϵ ,
- ǹ ༭(Ǽ) ҿ
ڻ ȣ
ȣ å, ǥ, ڻ м, Ἲ 뼺 Ѵٴ ,
- ڻ(: ̵, , ϵīǡμ Ʈī ̵) , ˻, ̵ ϴ ̿Ǵ μ ؼ ڻ ȣǴ θ
<ǥ 1> CISA Ŵ
ٿ Ѵ. μ , , ߰ ־ Ѵ. Ư Ŭ ϰ ִ ̹ ô뿡 ɸ IT ʿϴ. ߰ ȣ IT 翡 ϸ ģ.
ڼ www.isaca.org www.isaca.or.kr ϱ ٶ.
= =
CISA ڰ
α ش ڰ ο οǴ ġ ν Ȯ ִ. ISACA Ŀϴ ý CISA(Certified Information Systems Auditor) α 1978 ý(IS) , ̿ Ǿ Դ.
CISA α ϰ ϴ õ ǹ Ҵ ش о߿ ϱ ʼ ȴ.
CISA ڰ ɷ ϰ ϸ õ Ÿ ȴ.
IS , 䰡 ϴ Ȳ CISA ΰ ȣϴ α ڸűϰ ִ.
ISO/IEC 17024:2003 ŵǴ CISA α
ǥؿ(ANSI) ISO/IEC 17024:2003, General Requirements for Bodies Operating Certification Systems of Persons CISA ڰ ִ.
ΰ ⱸ ANSI 3 ǰ, ý ڿ ⱸμ Ȱϴ Ÿ ⱸ οϴ Ѵ.
ISO/IEC 17024 Ư 䱸 ڰ ϴ ⱸ ؼؾ ִ. κп ANSI ISO/IEC 17024 ü Ŀ´Ƽ ǥ ϰ ̵ ϸ ȭϰ Һڸ ȣϴ ־ ߿ ϰ ִٰ ִ.
ANSI ǹ
- ISACA ڰ ϴ ڰݿ - ڰ Ἲ ȣ ο- ڰ ڰ ڿ Һ ŷڵ - Ǵ 谣 ̵
ANSI ISACA 漺, , ġ ǰ μ 䱸ϴ ANSI ʼ Ѵٴ ǹѴ. ISACA ANSI ȸ ϰ ִ.
2011 CISA ڰݽ ֿ
- : 2011 12 10- : 2011 8 17- : 2011 10 5- : 10 8Ϻ 10 14ϱ US $50 ΰǸ 2011 10 14 Ŀ - ȯ: 2011 10 7ϱ ȯ US $100 ó ΰǸ 2010 10 8 Ŀ ȯ Ұ- : 2011 10 14 Ǵ û ؼ US $50 ó ΰ- 2011 10 15Ϻ 11 23 ̿ û ؼ US $100 ó ΰ- 2011 11 23 Ŀ - ̱ ϸ ī ð 5(ߺ ǥؽ)
ISACA
ISACA(www.isaca.org) 160 95,000 ̻ ȸ Ȱϸ ý , IT Źͽ 濵, IT ö̾ , ڰ ְ, Ŀ´Ƽ, , ϴ μ ڸű ϰ ִ.
1969 ISACA ȸǸ ֿ ISACA ߰, ý ǥ ý ŷϰ ġ µ ְ ִ.