CISA Domain 4 Information Systems Operations, Maintenance and Support

March 31, 2011 by Kenneth Magee

For 2011, ISACA has updated the domains reducing them from 6 to 5.  Domain 4 now includes Disaster Recovery from the old Domain 6.  This section has six areas that you need to understand for the CISA exam.

1)      Information Systems Operations

  • One of the management control functions is to ensure that IS processing can recover in a timely manner from minor or major disruptions of operations.
  • Know what console logs are and why they are important.
  • Why is documentation important?  See note #1 above.
  • Why is change management important?  See note #1 above.
  • What is the major objective of library software?  You got it. See note #1 above.

2)     Information Systems Hardware

  • Multitasking, multiprocessing, multiusing, multithreading, grid computing, know the difference.
  • Know the different computer roles and pay particular attention to “Load Balancer” role.
  • How do you as an auditor know that an organization is doing capacity management?

3)     IS Architecture and Software

  • Why do you review the software control features or parameters?  To determine how it is functioning.
  • Know the difference between the supervisory/administrator state and the general user state.
  • What does a PC need for communication with bisync data comm on a mainframe?
  • What is metadata?
  • How do you audit a tape library?
  • How do you audit software licensing and why is that important?

4)     IS Network Infrastructure

  • Name five network services.
  • Now name the eight network services listed in the review manual.
  • Ah!!! The old OSI model. Folks, you have to commit the transport layer, network layer and data link layer to memory.
  • Why is fiber optic better than copper?
  • ISACA likes microware radio systems as a testing question. So read about it.
  • STAR, BUS, RING, MESH. Need I say more?
  • What do bridges do besides get you from one side to the other and what OSI layer do they operate at?
  • What do modems do?
  • What are VPNs and why are they considered a good thing?
  • Know the difference between WEP, WPA and WPA2.
  • Know what CGI scripts do.
  • Know the difference between applets, servlets, and ringlets.
  • Define latency.
  • What is middleware?  No, it’s not a belt around your waist.

5)     Auditing Infrastructure and Operations

  • Why do you review documentation?  Because it describes the “desired state.”
  • Name four things you as an auditor should identify when doing a network audit.
  • Now compare your list of four things with ISACA’s list in the section on auditing network infrastructure.

6) Disaster Recovery Planning

  • RPO (Recovery Point Objective) or what is the acceptable data loss – the question might be, “If you have an RPO of 1 hour what is your backup strategy?”  In which case you would look for Mirroring or Real-time replication in the answer set.
  • RTO (Recovery Time Objective) or what is the acceptable downtime – the question might be, “If your RTO is 1 hour what clustering capability would you recommend?”  And for this one, look for “Active-Active” in the answer set.
  • Know the difference between cold site, warm site, hot site, mobile site, mirrored site and reciprocal agreements.
  • Also know why reciprocal agreements really aren’t the solution for DRP.
  • Know the difference between “active-active” and “active-passive” clustering and which one would be used in DRP.
  • Know the difference between alternative routing and diverse routing when talking about network recovery and also be able to define last-mile circuit protection.
  • Know the roles and responsibilities of the 22 different teams which comprise the makeup of the DRP, particularly the incident response team, the damage assesment team and the emergency operations team.
  • When it comes to backups there are three different concepts you need to memorize: Full, Incremental, Differential.  Which are more costly and why?  Which one is most efficient and why — and HOW?  Which one represents the middle of the road approach?
  • What is Grandfather, Father, Son rotation and how does it work?

Stay tuned for Domain 5 Protection of Information Assets

Posted: March 31, 2011
Kenneth Magee
View Profile

Ken is President and owner of Data Security Consultation and Training, LLC. He has taught cybersecurity at the JAG school at the University of Virginia, KPMG Advisory University, Microsoft and several major federal financial institutions and government agencies. As CISO for the Virginia Community College System, Ken’s focus was the standardization of security around the ISO 27000 series framework. Writing is one of his passions and he has authored and/or co-authored several courses, including CISSP, CISA, CISM, CGEIT, CRISC, DoD Cloud Computing SRG and a course for training Security Control Assessors using NIST SP 800-53A. Ken has also achieved a number of certifications, including CISSP, SSCP, CCSP, CAP, ISSMP, ISSAP, ISSEP, CISM, CISA, CAC, CEH, ISO9000LA, ISO14001LA, ISO27001PA, Security+, CySA+, CASP, CTT+, CPT, GSEC, GSNA, GWAPT, CIA, CGAP, CFE, MCP, MCSA, MCSE and MCT.

19 responses to “CISA Domain 4 Information Systems Operations, Maintenance and Support”

  1. Anil Kumar says:

    This is really awesome posting or write up from Mr. Kenneth, that really deserves great appreciation. My Applauds for the wonderful write up on CISA Domains.

    Am sure all Security folks will appreciate this contribution made by him

    Mr. Kenneth, Please do share your thoughts for Protection of Information Assets as well DR BCP part in the site which is missing in the write up

    Anil Kumar, Infosec Manager, India

  2. J Kenneth Magee says:

    The other CISA domains will be posted in late April – early May. Check out the current CISSP posts and comment if appropriate.


  3. Jim Uprichard says:


    Do you know if there is somewhere I can get a mapping of the previous 6 domains covered by CISA and the 5-domain approach that is in place for 2011.

    Thanks and best wishes


    • kenneth says:


      I’m current working on just that. My timeline is Domain 1 by this Friday 2/25, Domain 2 by 3/11, Domain 3 by 3/25, Domain 4 by 4/8 and Domain 5 by 4/22. I should have a post online for the mapping by the first of May. I haven’t seen or heard of anyone doing a mapping as of yet.


    • kenneth says:

      The updated mapping is now on our site. Please check it out and let me know if you have questions.


  4. Jim Uprichard says:


    Many many thanks for your prompt response and all your useful work in this area

    best wishes


    • kenneth says:

      I will be updating Domain 4 next week based on ISACA’s new mapping. Domain 4 now covers Disaster Recovery. Please check the others that have already been updated which are Domain 1, 2, and later this week 3.


  5. Roger Avery says:

    Thanks for your training in Dec 2010 it was great and I passed CISA with your outstanding Training

    • kenneth says:


      Great to hear from you. Congratulations on passing. Please let me know if I can be of assistance in any of your other certification attempts.


  6. yrcostilla says:

    I am currently studying from the third edition CISA certification study guide written by David Cannon. Is this the book you recommend? I also have the ISACA study guides

    Thanking you in advance for the feedback

    • kenneth says:

      If you are planning on taking the CISA exam this year, I highly recommend the ISACA 2011 CISA Review Manual. In addition to the review manual, consider purchasing the Q&A CD. If you know the material in the manual and can score 95%+ on the CD Q&A you will do well on the exam.

  7. Kenneth Magee says:

    The domain 5 link has been fixed.

  8. Tom says:

    Domain 5 link not working

  9. Imran says:

    Hello Kenneth,

    Thank you very much for such a useful write up. I am following it as closely as I can. A quick question for you; would it be okay if I completely ignore section 4.6 Auditing Infrastructure and Operations ?
    If not, what should I be focusing on ?

    Thank you for your help.
    Kind Regards,

  10. joe says:

    Hi Ken

    I am a prospective CISA student and want to gain thsi in a year or so

    do you know of ht epricing for the review manual/CD from other resellers out there or used ones? i am talking baout monetary constraints on my part and the desire to achieve this in the next 12 months

    your help wil be appreciated

  11. FRANK says:

    Thank you a lot Ken for your pretty wonderful important and useful posting..i just found myself stuck in this page which is very useful for me who is working to seat for the CISA June 2014 Exams..please continue posting for us because u cant just imagine how you are making our life easier on CISA persuasion…Thank you a lot Ken..Thank you a lot

Leave a Reply

Your email address will not be published.