For 2011, ISACA has updated the domains reducing them from 6 to 5. Domain 4 now includes Disaster Recovery from the old Domain 6. This section has six areas that you need to understand for the CISA exam.
1) Information Systems Operations
- One of the management control functions is to ensure that IS processing can recover in a timely manner from minor or major disruptions of operations.
- Know what console logs are and why they are important.
- Why is documentation important? See note #1 above.
- Why is change management important? See note #1 above.
- What is the major objective of library software? You got it. See note #1 above.
2) Information Systems Hardware
- Multitasking, multiprocessing, multiusing, multithreading, grid computing, know the difference.
- Know the different computer roles and pay particular attention to “Load Balancer” role.
- How do you as an auditor know that an organization is doing capacity management?
3) IS Architecture and Software
- Why do you review the software control features or parameters? To determine how it is functioning.
- Know the difference between the supervisory/administrator state and the general user state.
- What does a PC need for communication with bisync data comm on a mainframe?
- What is metadata?
- How do you audit a tape library?
- How do you audit software licensing and why is that important?
4) IS Network Infrastructure
- Name five network services.
- Now name the eight network services listed in the review manual.
- Ah!!! The old OSI model. Folks, you have to commit the transport layer, network layer and data link layer to memory.
- Why is fiber optic better than copper?
- ISACA likes microware radio systems as a testing question. So read about it.
- STAR, BUS, RING, MESH. Need I say more?
- What do bridges do besides get you from one side to the other and what OSI layer do they operate at?
- What do modems do?
- What are VPNs and why are they considered a good thing?
- Know the difference between WEP, WPA and WPA2.
- Know what CGI scripts do.
- Know the difference between applets, servlets, and ringlets.
- Define latency.
- What is middleware? No, it’s not a belt around your waist.
5) Auditing Infrastructure and Operations
- Why do you review documentation? Because it describes the “desired state.”
- Name four things you as an auditor should identify when doing a network audit.
- Now compare your list of four things with ISACA’s list in the section on auditing network infrastructure.
6) Disaster Recovery Planning
- RPO (Recovery Point Objective) or what is the acceptable data loss – the question might be, “If you have an RPO of 1 hour what is your backup strategy?” In which case you would look for Mirroring or Real-time replication in the answer set.
- RTO (Recovery Time Objective) or what is the acceptable downtime – the question might be, “If your RTO is 1 hour what clustering capability would you recommend?” And for this one, look for “Active-Active” in the answer set.
- Know the difference between cold site, warm site, hot site, mobile site, mirrored site and reciprocal agreements.
- Also know why reciprocal agreements really aren’t the solution for DRP.
- Know the difference between “active-active” and “active-passive” clustering and which one would be used in DRP.
- Know the difference between alternative routing and diverse routing when talking about network recovery and also be able to define last-mile circuit protection.
- Know the roles and responsibilities of the 22 different teams which comprise the makeup of the DRP, particularly the incident response team, the damage assesment team and the emergency operations team.
- When it comes to backups there are three different concepts you need to memorize: Full, Incremental, Differential. Which are more costly and why? Which one is most efficient and why — and HOW? Which one represents the middle of the road approach?
- What is Grandfather, Father, Son rotation and how does it work?
Stay tuned for Domain 5 Protection of Information Assets
Incoming search terms:
- last mile circuit protection
- information systems operations maintenance and support
- CISA 2012 domain
- it maintenance and support cisa
- it service management in cisa domain
- last-mile circuit protection
- management information systems operation and maintenance
- nformation systems operations maintenance and support
- T Systems Operations Maintenance and Support Protection of Info
- information systems operations maintenance and support cisa
This is really awesome posting or write up from Mr. Kenneth, that really deserves great appreciation. My Applauds for the wonderful write up on CISA Domains.
Am sure all Security folks will appreciate this contribution made by him
Mr. Kenneth, Please do share your thoughts for Protection of Information Assets as well DR BCP part in the site which is missing in the write up
Anil Kumar, Infosec Manager, India
Anil,
The other CISA domains will be posted in late April – early May. Check out the current CISSP posts and comment if appropriate.
Kenneth
Kenneth
Do you know if there is somewhere I can get a mapping of the previous 6 domains covered by CISA and the 5-domain approach that is in place for 2011.
Thanks and best wishes
Jim
Jim,
I’m current working on just that. My timeline is Domain 1 by this Friday 2/25, Domain 2 by 3/11, Domain 3 by 3/25, Domain 4 by 4/8 and Domain 5 by 4/22. I should have a post online for the mapping by the first of May. I haven’t seen or heard of anyone doing a mapping as of yet.
Kenneth
Jim,
The updated mapping is now on our site. Please check it out and let me know if you have questions.
Kenneth
Your potisng lays bare the truth
Kenneth
Many many thanks for your prompt response and all your useful work in this area
best wishes
Jim
[...] and Management of IT, 3) Information Systems Acquisition, Development and Implementation, 4) Information Systems Operations, Maintenance and Support and 5) Protection of Information Assets. It’s important as an auditor to understand the [...]
Useful
Christopher,
I will be updating Domain 4 next week based on ISACA’s new mapping. Domain 4 now covers Disaster Recovery. Please check the others that have already been updated which are Domain 1, 2, and later this week 3.
Kenneth
Thanks for your training in Dec 2010 it was great and I passed CISA with your outstanding Training
Roger,
Great to hear from you. Congratulations on passing. Please let me know if I can be of assistance in any of your other certification attempts.
Kenneth
I am currently studying from the third edition CISA certification study guide written by David Cannon. Is this the book you recommend? I also have the ISACA study guides
Thanking you in advance for the feedback
If you are planning on taking the CISA exam this year, I highly recommend the ISACA 2011 CISA Review Manual. In addition to the review manual, consider purchasing the Q&A CD. If you know the material in the manual and can score 95%+ on the CD Q&A you will do well on the exam.
The domain 5 link has been fixed.
Domain 5 link not working
Tom,
Domain 5 can be accessed directly. We are working on correcting the link. The direct access is http://resources.infosecinstitute.com/cisa-domain-5-protection-of-information-assets/
Ken
Hello Kenneth,
Thank you very much for such a useful write up. I am following it as closely as I can. A quick question for you; would it be okay if I completely ignore section 4.6 Auditing Infrastructure and Operations ?
If not, what should I be focusing on ?
Thank you for your help.
Kind Regards,
Hi Ken
I am a prospective CISA student and want to gain thsi in a year or so
do you know of ht epricing for the review manual/CD from other resellers out there or used ones? i am talking baout monetary constraints on my part and the desire to achieve this in the next 12 months
your help wil be appreciated