CISA Domain 4 Information Systems Operations, Maintenance and Support

March 31, 2011 by Kenneth Magee

For 2011, ISACA has updated the domains reducing them from 6 to 5.  Domain 4 now includes Disaster Recovery from the old Domain 6.  This section has six areas that you need to understand for the CISA exam.

1)      Information Systems Operations

  • One of the management control functions is to ensure that IS processing can recover in a timely manner from minor or major disruptions of operations.
  • Know what console logs are and why they are important.
  • Why is documentation important?  See note #1 above.
  • Why is change management important?  See note #1 above.
  • What is the major objective of library software?  You got it. See note #1 above.

2)     Information Systems Hardware

  • Multitasking, multiprocessing, multiusing, multithreading, grid computing, know the difference.
  • Know the different computer roles and pay particular attention to “Load Balancer” role.
  • How do you as an auditor know that an organization is doing capacity management?

3)     IS Architecture and Software

  • Why do you review the software control features or parameters?  To determine how it is functioning.
  • Know the difference between the supervisory/administrator state and the general user state.
  • What does a PC need for communication with bisync data comm on a mainframe?
  • What is metadata?
  • How do you audit a tape library?
  • How do you audit software licensing and why is that important?

4)     IS Network Infrastructure

  • Name five network services.
  • Now name the eight network services listed in the review manual.
  • Ah!!! The old OSI model. Folks, you have to commit the transport layer, network layer and data link layer to memory.
  • Why is fiber optic better than copper?
  • ISACA likes microware radio systems as a testing question. So read about it.
  • STAR, BUS, RING, MESH. Need I say more?
  • What do bridges do besides get you from one side to the other and what OSI layer do they operate at?
  • What do modems do?
  • What are VPNs and why are they considered a good thing?
  • Know the difference between WEP, WPA and WPA2.
  • Know what CGI scripts do.
  • Know the difference between applets, servlets, and ringlets.
  • Define latency.
  • What is middleware?  No, it’s not a belt around your waist.

5)     Auditing Infrastructure and Operations

  • Why do you review documentation?  Because it describes the “desired state.”
  • Name four things you as an auditor should identify when doing a network audit.
  • Now compare your list of four things with ISACA’s list in the section on auditing network infrastructure.

6) Disaster Recovery Planning

  • RPO (Recovery Point Objective) or what is the acceptable data loss – the question might be, “If you have an RPO of 1 hour what is your backup strategy?”  In which case you would look for Mirroring or Real-time replication in the answer set.
  • RTO (Recovery Time Objective) or what is the acceptable downtime – the question might be, “If your RTO is 1 hour what clustering capability would you recommend?”  And for this one, look for “Active-Active” in the answer set.
  • Know the difference between cold site, warm site, hot site, mobile site, mirrored site and reciprocal agreements.
  • Also know why reciprocal agreements really aren’t the solution for DRP.
  • Know the difference between “active-active” and “active-passive” clustering and which one would be used in DRP.
  • Know the difference between alternative routing and diverse routing when talking about network recovery and also be able to define last-mile circuit protection.
  • Know the roles and responsibilities of the 22 different teams which comprise the makeup of the DRP, particularly the incident response team, the damage assesment team and the emergency operations team.
  • When it comes to backups there are three different concepts you need to memorize: Full, Incremental, Differential.  Which are more costly and why?  Which one is most efficient and why — and HOW?  Which one represents the middle of the road approach?
  • What is Grandfather, Father, Son rotation and how does it work?

Stay tuned for Domain 5 Protection of Information Assets

Posted: March 31, 2011
Kenneth Magee
View Profile

Ken is President and owner of Data Security Consultation and Training, LLC. He has taught cybersecurity at the JAG school at the University of Virginia, KPMG Advisory University, Microsoft and several major federal financial institutions and government agencies. As CISO for the Virginia Community College System, Ken’s focus was the standardization of security around the ISO 27000 series framework. Writing is one of his passions and he has authored and/or co-authored several courses, including CISSP, CISA, CISM, CGEIT, CRISC, DoD Cloud Computing SRG and a course for training Security Control Assessors using NIST SP 800-53A. Ken has also achieved a number of certifications, including CISSP, SSCP, CCSP, CAP, ISSMP, ISSAP, ISSEP, CISM, CISA, CAC, CEH, ISO9000LA, ISO14001LA, ISO27001PA, Security+, CySA+, CASP, CTT+, CPT, GSEC, GSNA, GWAPT, CIA, CGAP, CFE, MCP, MCSA, MCSE and MCT.