Scribd
Upload
750 views2 pages

CISA Study Notes

The CISA Exam Notes cover five domains: Information Systems Auditing Process, Governance and Management of IT, IS Acquisition, Development, and Implementation, IS Operations and Business Resilience, and Protection of Information Assets. Key topics include risk assessment, IT governance frameworks, SDLC phases, incident management, and security policies. Exam tips emphasize focusing on concepts, thinking like an auditor, and effective time management during the test.

Uploaded by

saketsha
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
750 views2 pages

CISA Study Notes

The CISA Exam Notes cover five domains: Information Systems Auditing Process, Governance and Management of IT, IS Acquisition, Development, and Implementation, IS Operations and Business Resilience, and Protection of Information Assets. Key topics include risk assessment, IT governance frameworks, SDLC phases, incident management, and security policies. Exam tips emphasize focusing on concepts, thinking like an auditor, and effective time management during the test.

Uploaded by

saketsha
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd

CISA Exam Notes

Domain 1: Information Systems Auditing Process


- Audit Charter Authorizes IS audit function.

- Risk Assessment Identify & prioritize risks to focus audit resources.

- Internal Controls Types: preventive, detective, corrective.

- Audit Evidence Should be sufficient, appropriate.

- Audit Planning Steps: Understand business, Define scope, Identify resources, Communicate.

- Sampling Methods Statistical vs. Non-statistical.

- Audit Reporting Clear, factual, includes managements response.

- Tools: CAATs, audit programs, walkthroughs, flowcharts.

Domain 2: Governance and Management of IT


- IT Governance Frameworks COBIT, ITIL, ISO/IEC 38500.

- Strategic Planning Align IT and business goals.

- IT Organizational Structure Separation of duties.

- Policy Development Approved, communicated, enforced.

- Risk Management Process Identify, Analyze, Evaluate, Treat.

- Performance Monitoring Balanced scorecard, KPIs.

Domain 3: IS Acquisition, Development, and Implementation


- SDLC Phases: Initiation, Feasibility, Design, Development, Testing, Implementation, Maintenance.

- Project Governance Committees, PMO, change control.

- Requirements Management Stakeholder input, traceability.

- Testing Types Unit, integration, system, UAT.

- Data Conversion Parallel, direct cutover, phased.

- Post-Implementation Review Lessons learned, success/failure.


Domain 4: IS Operations and Business Resilience
- Operations Management Scheduling, monitoring, planning.

- Change Management Request, Analysis, Approval, Test, Implement, Review.

- Incident Management Ticketing, escalation.

- BCP/DRP Critical functions, recovery strategies.

- Backup Full, incremental, differential.

- Tools CMDB, SIEM, log management.

Domain 5: Protection of Information Assets


- Security Policies Risk-based, approved by management.

- Access Control RBAC, MAC, DAC.

- Authentication Passwords, 2FA/MFA.

- Encryption AES, RSA, SSL/TLS.

- Network Security Firewalls, IDS/IPS, VPNs.

- Security Testing Vulnerability scans, pen tests.

- Incident Response Prep, Detect, Contain, Recover.

Exam Tips
- Focus on concepts, not deep technical knowledge.

- Think like an auditor risk and control focus.

- Use ISACA's official QAE database.

- Time management 150 questions in 4 hours.

- Flag hard questions and return later.

You might also like