Scribd
Upload
315 views

CISA Study Notes - 27th August 2022

This document provides an initial generic discussion on CISA and outlines various topics related to information systems auditing. It discusses the different domains covered in the CISA exam and notes the minimum and maximum scores. It also covers firewall functionality, the key aspects of IT auditing including people, processes and technology. Additional topics include regulatory compliance audits, different types of specialized audits, third-party risk management, audit planning and privacy aspects. Key certifications in information security auditing are also listed.

Uploaded by

Chitij Chauhan
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
315 views

CISA Study Notes - 27th August 2022

This document provides an initial generic discussion on CISA and outlines various topics related to information systems auditing. It discusses the different domains covered in the CISA exam and notes the minimum and maximum scores. It also covers firewall functionality, the key aspects of IT auditing including people, processes and technology. Additional topics include regulatory compliance audits, different types of specialized audits, third-party risk management, audit planning and privacy aspects. Key certifications in information security auditing are also listed.

Uploaded by

Chitij Chauhan
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 3

Initial Generic Discussion on CISA

Information System Auditing Process (21 percent)

Governance and Management of IT (17 percent)

Information Systems, Acquisition, Development and Implementation (12 percent)

Information Systems Operations and Business Resilience (23 percent)

Protection of Information Assets (27 percent)

450 -- Border Line Score of 450 ( Min score of 200 and max score of 800 for
any given domain)

Different types of firewall

Functionality of firewall , what are generic features of firewall , best


practices related to firewall configuration etc.

being able to understand the pros and cons of a firewall.

People , Processes and Technology - Crux of IT Auditing

PEople -- Security Awareness Trainings , NDA Signing

Domain 4 -- BCP , DRP , MTTR , RTO , RPO , Backups , Different Kind of Sites

Ebook which is quite widely , USe a combination of CISA slides , ISACA Review
Questions

27th August 2022 CISA Class Notes

Audit -- To find out weaknesses or risks to your business or any deviations /gaps
from the standard business operating procedure.

Standard IT Audit

REgulatory Audit ( HIPAA Audit , SOX Audit )

Compliance Audit ( NIST , ISO 27001 , PCI DSS etc , SOC1 , SOC2)

Technology Audit -- ( Data Center Audit , CLoud Audit , Cryptocurrency Audit ,


Wireless Audit)

BCP Audit

Privacy Audit -- Standard PII related Audit , GDPR specific

Physical Security Audit


Other Kind of Specialized Audit : SAP Environment Audit , Ransomware Audit , Data
Localization Audit )

Healthcare -- Nanosonics -- Australia

Operates in USA -- HIPAA Audit , currently there are ISO 27001 implementation

EXample -- PCI-DSS mandate for emerchants , ecommerce vendors and basically for
most of the online vendors

Australia -- Federal Government has mandated PCI -DSS implementation

Storing , processing or transmitting card information

Web session to the saas provider trading platform and then from there this person
is getting redirected to a third party payment gateway service.

PCI-DSS is absolutely applicable on the third party payment gateway services

Third Party Risk Management

Audit : Level 1 compiance check and then auditor releases a draft version stating
what are the non compliance

Level 2 compliance check :

Level 3 compliance check :

Level 1 : draft report and you then got in touch with auditee team.

Level 2 check :

https://drive.google.com/drive/folders/1-bOY1YB9PDoWQtTaew-NCIq6apHHB3UP?
usp=sharing

1.CISA

ISO 27001 Lead Auditor

PCI-DSS QSA

Cloud Auditor -- CCAK ( Cerfiricate of Cloud Auditing Knowledge) -- CCM

Cryptocurrency Auditor -- CCSS

IOT --Certified IOT Security practitioner


PECB , 4mwdplus

Audit Planning

BIA

Previous Audit Reports

Exception Reports

SLA

SBOM -- Software Bills of Material

Audit Risk -- Risk that was not detected by the auditor during the course of the
auditee

1. Data Privacy Aspect is actually being considered a right and it is being taken
seriously

2. Anti Privacy Aspect ---

2010 -- Blackberry encryption was extremely strong it.Middle East

2017 - CLOUD ACT extension of USA PAtriot Act

Database WorldCheck Thomson Reuters -- Refinitiv -- Risk management database


company

GRC policies

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy