The top ten competencies developed on this course are:

Describe the types of Cloud service and deployment models
Understand how to architect Cloud infrastructures
Understand how to use the SABSA framework to architect Cloud
Describe the standard Cloud security models
Understand how to use attributes to profile Cloud services
Know the types of threats affecting IaaS, PaaS, and SaaS Clouds
Understand how to assess risk to security/performance in the Cloud
Demonstrate how to assess Cloud relevance to Business Needs
Identify how externally regulated security can be delivered with Cloud
Analyse enterprise value from Cloud application deployments

This course has been designed to provide participants with a thorough coverage of the knowledge required for understanding and architecting secure cloud technologies in a way which drives business success.

The advent of Cloud computing services has the capability of redefining the IT landscape as individuals, small to medium enterprises, and large enterprises all consider how the cloud service models can be leveraged to achieve more cost-effective computing. As with any other major advance in technology, security opportunities and risks need to be addressed before the benefits of cloud computing can be safely achieved. There are many issues to consider: compliance and risk management; identity and access management; service availability and integrity; endpoint integrity; and information accessibility and protection should all be explored when architecting systems around cloud computing.

Based on SABSA, the world-leading framework for security architecture, the course provides participants with a comprehensive understanding of how to deliver secure cloud computing. Through a series of innovative presentations, case studies, and workshops, you will develop the knowledge and skills to use the most proven security architecture, design and service management processes in a way which ensures comprehensive end-to-end security of cloud driven systems is achieved.

This course covers the various forms of cloud service (infrastructure as a service, platform as a service, and software as a service) and explores some of the more popular global cloud services. It covers the different deployment models for Cloud and their strengths and weaknesses, and looks at some new security attributes which have emerged from Cloud such as rapid elasticity and service on demand, and addresses the standards that can be applied to these attributes.

The CGEIT Exam

The CGEIT exam is set, conducted and marked by ISACA. All exams will be conducted online via computer-based testing centres around the world.

Exam vouchers via ALC

You can book your CGEIT exam direct with ISACA (see below) or else you can purchase an exam voucher via ALC (we are an ISACA Accredited Channel Partner) and have both course and exam on the one invoice.

If you want to purchase via ALC please make sure, when making your online registration, that you indicate “CGEIT Course + Exam” in the COMMENTS field and that you choose the PAY BY INVOICE option (do not select the PAY BY CARD option).

The voucher will be issued to you at the end of the course together with full instructions as to how to register for the exam. Please note that the actual exam registration is done direct with ISACA using the voucher code issued to you.

For more information on how to register for an ISACA exam, please refer to the exams page on the ISACA website.

The CGEIT Exam

The CGEIT exam consists of 150 multiple-choice questions, given during a four-hour session, that cover five job practice domains. The task and knowledge statements within each domain are intended to depict the tasks performed by individuals who have a significant management, advisory, or assurance role relating to the governance of IT and the knowledge requirements to perform these tasks. They are also intended to define the roles and responsibilities of the professionals performing IT governance work. The job practice domains and percentages below indicate the emphasis of questions that will appear on the exam. The CGEIT exam contains some questions which are included for research and analysis purposes. These questions are not separately identified and not used to calculate the candidate’s final score.

The CGEIT Credential

To earn the CGEIT credential, an individual must:

Achieve a passing score on the CGEIT exam. A passing score on the CGEIT exam, without completing the required work experience as outlined below, is only valid for five years. If the applicant does not meet the CGEIT certification requirements within the five year period, the passing score is voided.
Submit an application with verified evidence of five years of work experience. An applicant must provide evidence of management, advisory or oversight experience associated with the governance of the IT-related contribution to an enterprise. Five years of such experience is required and is defined and described specifically by the CGEIT job practice domains and task statements. Work experience must be gained within the 10-year period preceding the application date for certification or within five years from the date of initially passing the exam. Specifically, an applicant must have a minimum of one year of experience relating to the definition, establishment and management of the Framework for the Governance of Enterprise IT in alignment with the mission, vision and values of the enterprise. (CGEIT domain 1) and; Additional broad experience related to any two or more of the remaining domains (CGEIT domains 2 through five 5. For a list and description of the CGEIT domains see below.)
- Exception: two years as a full-time university instructor teaching IT governance related subjects at an accredited university can be substituted for every one year of experience.
- It is important to note that individuals may choose to take the CGEIT exam prior to meeting the experience requirements. This practice is acceptable and encouraged, although the CGEIT designation will not be awarded until all requirements are met.
Agree to abide by the ISACA Code of Professional Ethics which can be viewed at www.isaca.org/ethics.
Agree to comply with the CGEIT Continuing Professional Education (CPE) Policy, which can be viewed at www.isaca.org/cgeitcpepolicy.

Introduction

Introductions, course agenda and approach
Overview of Task and Knowledge Statements
Introduction to COBIT 5

Domain 1: Framework for the Governance of Enterprise IT

Ensure the definition, establishment, and management of a framework for the governance of enterprise IT in alignment with the mission, vision and values of the enterprise. Introduction to EDM concepts from ISO 38500
Case Study

Domain 2: Strategic Management

Ensure that IT enables and supports the achievement of enterprise objectives through the integration and alignment of IT strategic plans with enterprise strategic plans.

Domain 3: Benefit Realisation

Ensure that IT-enabled investments are managed to deliver optimized business benefits and that benefit realization outcome and performance measures are established, evaluated and progress is reported to key stakeholders.
Case Study

Domain 4: Risk Optimisation

Ensure that an IT risk management framework exists to identify, analyze, mitigate, manage, monitor, and communicate IT-related business risk, and that the framework for IT risk management is in alignment with the enterprise risk management (ERM) framework.
Case Study

Domain 5: Resource Optimisation

Ensure the optimisation of IT resources including information, services, infrastructure and applications, and people, to support the achievement of enterprise objectives.
Case Study

Exam preparation and sample questions

CGEIT is intended for professionals with management, advisory or assurance roles relating to:

IS/IT Directors
IS/IT Managers
IS/IT Consultants
IT Governance Professionals
IS/IT Executives

CGEITs hold many prominent positions in industry and government including:

Manager
Director
Consultant
C-level executive.

Following are examples of common roles and responsibilities held by CGEITs:

Oversee the development and maintenance of the IT strategic plan
Manage IT-enabled investment portfolios through their useful asset life cycle
Advise on industry accepted practices and frameworks to improve IT governance
Develop IT and information systems strategic plans and control frameworks
Integrate information security into enterprise IT governance
Manage the enterprise architecture, including infrastructure and applications
Oversee the development and maintenance of the risk strategy, plan and program

Benefits to the Organisation

Organisations employ a CGEIT to ensure they get good governance, an environment of no or few “surprises”, and the ability to have an agile response to any that arise. Increasingly, CGEIT is viewed by companies and governmental agencies around the world as a necessary prerequisite for anyone involved with enterprise IT governance.

The CGEIT course, held over 3 days, covers five domains of practice identified as being key to ensuring that IT and business systems operate with greater efficiencies and optimum effectiveness thereby creating greater trust in and value from the investment in IT:

Domain 1—Framework for the Governance of Enterprise IT (25%)
Domain 2—Strategic Management (20%)
Domain 3—Benefits Realisation (16%)
Domain 4—Risk Optimisation (24%)
Domain 5—Resource Optimisation (15%)

Benefits to the Individual

For the Professional, CGEIT provides:

A global and prestigious lifelong symbol of knowledge and expertise
Enhanced credibility, influence and recognition and the competitive advantage and higher earnings that flow from this
The benefits of becoming part of an elite peer network.
The ability to leverage the tools and resources of a global community of industry experts.

The ISACA® Certified in Governance of Enterprise IT (CGEIT)® certification is the world-leading vendor-neutral certification designed for IT professionals in large organisations who are responsible for directing, managing and supporting the governance of IT.

CGEIT® recognises a wide range of professionals for their knowledge and application of enterprise IT governance principles and practices. As a CGEIT certified professional, you demonstrate that you are capable of bringing IT governance into an organisation—that you grasp the complex subject holistically, and therefore, enhance value to the enterprise.

IT systems are continually evolving to ensure competitiveness, enable reach to global markets and handle external pressures such as regulation. By managing, advising and assessing the enterprise’s IT infrastructure and processes, individuals play a role in IT governance and provide significant support to the board of directors and executive management.

The CGEIT® program supports increasing business demands and recognises the wide range of professionals whose knowledge and application of IT governance principles are key to managing the forces of transition.

Architecting Secure Cloud: Learning Outcomes

Architecting Secure Cloud: Course Overview

CGEIT – Governance of Enterprise IT: Sidebar Content

CGEIT – Governance of Enterprise IT: Exams and Stuff

The CGEIT Exam

Exam vouchers via ALC

The CGEIT Exam

The CGEIT Credential

CGEIT – Governance of Enterprise IT: Dates and Fees

CGEIT – Governance of Enterprise IT: Course Contents

CGEIT – Governance of Enterprise IT: Who Should Attend

CGEIT – Governance of Enterprise IT: Learning Outcomes

Benefits to the Organisation

Benefits to the Individual

CGEIT – Governance of Enterprise IT: Course Overview

Agile Project Management Briefing: Sidebar Content

Agile Project Management Briefing: Exams and Stuff

Agile Project Management Briefing: Dates and Fees