CISA Exam Syllabus - 2024

EVERYTHING YOU NEED TO KNOW ABOUT

NEW CISA JOB PRACTICE -2024

SPEAKER
SACHINSACHIN
HISSARIA
HISSARIA
 Domain 1

Information System Auditing

Process

Domains 2019 ECO 2024 ECO

Domain 1: Information System Auditing Process 21% 18%

SACHIN HISSARIA
 Domain 1
Table of Contents -
• Artificial Intelligence in IS Audit - (1.8.4)

• The Role of RPA and AI Within the Audit Life Cycle

• Audit Algorithms
• AI / ML Techniques
• Interpretation of AI/ML Results
• AI/ML Audit Risk and Considerations

SACHIN HISSARIA
 Domain 2

Governance And Management

of IT

Domains 2019 ECO 2024 ECO

Domain 2: Governance And Management of IT 17% 18%

SACHIN HISSARIA
 Domain 2
Table of Contents -
• Data Privacy Program and Principles- (2.6)
• Privacy Documentation (2.6.1)
• Type of Documentation
• Privacy Notice
• Consent Form
• Personal Information inventory
• Other type of documentation
• Activity log
• Data protection legal requirements
• Privacy risk assessment records
• Privacy impact assessment (PIA) reports
• Privacy governance reports
• Training activities
• Data incident register
• Individual rights register
• Audit Process (2.6.2) SACHIN HISSARIA
 Domain 2
Table of Contents -
• Data governance and classification (2.7)
Classification – Public, Internal, Confidential, Restricted
• Data Inventory and Classification (2.7.1)
• Legal Purpose, Consent, Legitimate Interest (2.7.2)
• Transborder Data Flow

• Information Security Management (2.8.7)

SACHIN HISSARIA
 Domain 4
Information System
Operations and Business
Resilience

Domains 2019 ECO 2024 ECO

Domain 4: Information System Operations and Business Resilience 23% 26%

SACHIN HISSARIA
 Domain 4
Table of Contents -
• Wireless Communication Technologies - (4.1.5)
(Wi-Fi, Bluetooth, RFID)

• IT Assets Management (4.2)

• Operation Log management (4.9)

• Type of Logs
• Log Management

SACHIN HISSARIA
 Domain 5
Protection of Information Assets

Domains 2019 ECO 2024 ECO

Domain 5: Protection of Information Assets 27% 26%

SACHIN HISSARIA
 Domain 5
Table of Contents -
• Industrial Control Systems Security (5.2.3)
• Zero-Trust Architecture (5.3.3)
• Privileged Access Management (5.3.4)
• Directory Services (5.3.5)
• Identity Governance and Administration (5.3.6)
• Identity as a Service (5.3.7)
• System Access Permission (5.3.8)
• Digital Rights Management (5.3.11)
• Remote Access Security (5.3.15)
• Federated Identity Management (5.3.18)
• Network Attached Storage (5.4.7)
• Content Delivery Networks (5.4.8)
• Network Time Protocol (5.4.9)
• Next Generation Firewalls (5.4.12)
• Unified Threat Management (UTM) (5.4.13)
• Network Segmentation (5.4.14)
• Endpoint Security (5.4.15) SACHIN HISSARIA
 Domain 5
Table of Contents -
• Data Loss Prevention - (5.5)
• Type of DLP
• Data Loss Risk
• DLP Solution and Data States
• DLP Controls
• DLP content Analysis Method
• DLP Deployment Best Practice
• DLP Risk, Limitations, and considerations
• Elliptic Curve Cryptography (5.6.5)
• Quantum Cryptography (5.6.6)
• Homomorphic Encryption (5.6.7)
• Domain Name System Security Extensions (5.6.13)
• Encryption Audit Procedures (5.6.15)
• Virtual Circuits (5.8.2)
• Virtual Local Area Network (5.8.3)
• Virtual Storage Area Networks (5.8.4)
SACHIN HISSARIA
 Domain 5
Table of Contents -
• Software-Defined Networking (5.8.5)
• Containerization (5.8.6 )
• Secure Cloud Migration (5.8.7)
• The Shared Responsibility Model (5.8.8)
• The Information Security Learning Continuum (5.10.1)
• Approach to Security Awareness, Training, and Education (5.10.3)
• Conditions for a Successful Security Awareness Training and Education Program (5.10.4)
• Security Operations Center (5.12.7)
• Audit Logging in Monitoring System Access (5.13.4)
• Protecting Log Data (5.13.5)
• Security Information and Event Management (5.13.6)
• Security Monitoring Tools (5.13.7)
• Security Orchestration, Automation and Response (5.14.4)

SACHIN HISSARIA
Thank You for Joining us!

SACHIN HISSARIA