Incident management (IM) is a necessary part of a security program. When effective, it mitigates business impact, identifies weaknesses in controls, and helps fine-tune response processes. Traditional IM approaches, however, are not always effective in a partially or completely virtualized data center. Consequently, some aspects of incident management and […]
PORTIONS OF THIS ARTICLE INCLUDING MANY OF THE DEFINITIONS AND TERMINOLOGY HAVE BEEN SOURCED AND SUMMARIZED FROM ISACA.ORG and COURSE MANUALS PUBLISHED BY ISACA.
Shared General Controls
Later on in this article, we’ll talk about Business Impact Analysis (BIA) and its place within the organization. At this point, when we want […]
Introduction to IT Audit
Auditing is an evaluation of a person, organization, system, process, enterprise, project or product, performed to ascertain the validity and reliability of information; and also to provide an assessment of a system’s internal controls. The goal of an audit is to express an opinion based on […]
Domain 5, Protection of Information Assets is the last domain in the CISA certification area and the most important. ISACA has stated that this domain represents 30 percent of the CISA examination which is approximately 60 questions. This is a make or break domain for you. This section has […]
For 2011, ISACA has updated the domains reducing them from 6 to 5. Domain 4 now includes Disaster Recovery from the old Domain 6. This section has six areas that you need to understand for the CISA exam.
1) Information Systems Operations
One of the management control functions is to ensure […]
It’s interesting to notice how ISACA is aligning itself with the International Organization of Standards ISO/IEC 27002. The title for Domain 3 is Information Systems Acquisition, Development and Implementation and the title for Section 12 of ISO/IEC 27002 is Information Systems Acquisition, Development and Maintenance.
There are 14 areas that […]
CISA – Domain 2 – Governance and Management of IT
ISACA has revamped the CISA material and this domain now contains the Business Continuity section from the old Domain 6. There are 13 areas that you need to understand in Domain 2.
1) Corporate Governance
Know the definition for corporate governance
Know what ISO 26000 […]
Several of you have been asking for a mapping of the new CISA 5 domains to the previous year’s six domains. The new mapping is as follows:
The major change is the old Business Continuity and Disaster Recovery domain has been split into two parts and merged into Domain 2 […]
First, Get a copy of the CISA Review Manual and a copy of the Q&A CD
Second, Read one Domain then answer all the questions on the Q&A CD for that Domain until you can answer everyone correctly. As you answer the questions look in the Review Manual for that […]
ISACA’s 2011 CISA Exam material has been revised from six domains to five domains. Prior to 2011 Domain 6 was Business Continuity and Disaster Recovery. That old Domain 6 has been separated into two parts with Business Continuity being included in Governance and Management of IT which is Domain 2 […]