CISA Study Notes CISA Study Notes 2026., Cheat Sheet of Computer Science

CISA Study Notes CISA Study Notes 2026.

Typology: Cheat Sheet

2025/2026

Available from 04/08/2026

Allen_Nelson
Allen_Nelson 🇺🇸

5.6K documents

1 / 17

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
1 | P a g e
CISA Study Notes CISA Study Notes 2026.
5 Task Statements - ANSWERSPCCA
Develop & implement risk-based IS audit Strategy
Plan specific audits
Conduct audits
Communicate issues, risks, results
Advise on risk mgmt & control practices
10 Knowledge Statements - ANSWERSPGE - CRP - CCC
standards
practices
gather
evidence
control
risk assessment
planning
communication
csa -Control self assessment
continuous
Standards/Code of Ethics
Auditing Practices/techniques
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff

Partial preview of the text

Download CISA Study Notes CISA Study Notes 2026. and more Cheat Sheet Computer Science in PDF only on Docsity!

CISA Study Notes CISA Study Notes 2026.

5 Task Statements - ANSWERSPCCA Develop & implement risk-based IS audit Strategy Plan specific audits Conduct audits Communicate issues, risks, results Advise on risk mgmt & control practices 10 Knowledge Statements - ANSWERSPGE - CRP - CCC standards practices gather evidence control risk assessment planning communication csa - Control self assessment continuous Standards/Code of Ethics Auditing Practices/techniques

Techniques to Gather/preserve evidence Evidence lifecycle (collection, protection, chain of custody) Control objectives & controls Risk Assessment Audit Planning & mgmt Reporting/Communication CSA Continuous audit techniques 7 Code of Ethics - ANSWERIPS PC DE implementation perform serve privacy disclose education Support the Implementation of appropriate policies, standards, guidelines, and procedures for information systems. Perform your duties with objectivity, professional care, and due diligence in accordance with professional standards. Support the use of best practices.

  • Closing Project management: Project is unique, progressive (planning starts high-level and gets more detailed), and has start and end dates. - ANSWERQRS and CDT Triple restraint
  • Quality
  • Resources (cost, time)
  • Scope
  • Cost/resources
  • Deliverables
  • Time/duration 10 Audit Stages - ANSWER1. Approving audit charter/engagement letter
  1. Preplanning audit
  2. Risk Assessment
  3. Determine whether audit is possible
  4. Performing the actual audit
  5. Gathering evidence
  6. Performing audit tests
  7. Analyzing results
  8. Report Results
  9. Follow-up activities

OSI

open systems interconnect - ANSWERPDNTSPA Please do not throw sausage pizza away TCP/IP - ANSWERNDITA Capability Maturity Model (CCM) Levels - ANSWERzero IRDMO

  • 13 to 25 months to move up a level
  • Idea started in auto assembly line
  1. Initial
  2. Repeatable
  3. Defined
  4. Managed
  5. Optimized 6 SDLC/ waterfall technique - ANSWERFRD DIP (don't forget differences if software purchased) Feasibility Requirements (Request for proposal)

Purpose of audit - ANSWERchallenge mgmt assertions and determine whether evidence supports mgmt claims types of audits - ANSWER• Internal - audit own organization, scope restrictions, cannot use for licensing

  • External - customer auditing your organization or you auditing supplier
  • Independent - 3rd party audit used for licensing, certification, product approval. Compliance audit- verify presence or absence Substantive audit - check the content/substance and integrity of a claim Risk - ANSWERthe potential that a given threat will exploit vulnerabilities of an asset (or group of assets) and thereby cause harm to the organization CobiT - ANSWERControl Objectives for Information and Related Technology. A framework consisting of strategies, processes, and procedures for leading IT organizations. Project is unique, progressive (planning starts high-level and gets more detailed), and has start and end dates. Triple restraint - ANSWERQRS Quality

Resources (cost, time) Scope 3 project elements - ANSWERCDT

  • Cost/resources
  • Deliverables
  • Time/duration Earned value - ANSWERcurrent value of work already performed in a project Project estimation - ANSWER• Source Lines of Code (SLOC) - traditional method (also Kilo LOC or KLOC) - direct size-oriented measures
  • Thousand Delivered Source Instructions (KDSI) - better with structured programming languages like BASIC, COBOL
  • Function Point Analysis (FPA) - indirect measure
  • Based on number and complexity of inputs, outputs, files, interfaces, and user queries
  • Functions are weighted by complexity Project Diagramming Gantt - ANSWERresource details;-schedule & sequence in waterfall-style (MS Project); serial view w/bars & diamonds o Shows concurrent and sequential activities o Show project progress and impact of completing a task early or late

2 foundational audit objectives: - ANSWER• Test control implementation to determine if adequate safeguards implemented

  • Comply with legal requirements Process technique - Shewhart - PDCA - ANSWER1. Plan - plan or method?
  1. Do - work match the plan?
  2. Check - anyone monitoring the process? What is acceptable criterion?
  3. Act - how are differences identified and dealt with? Controls - ANSWER• General - overall controls; all depts.
  • Pervasive (technology)
  • Detailed IS controls (tasks)
  • Application (most detailed, lowest level controls) Evidence Life Cycle - ICI SAP PR--> Chain of custody - ANSWER• Identification
  • Collection
  • Initial preservation
  • Storage
  • Analysis
  • Post analysis preservation storage
  • Presentation
  • Return of evidence

Sampling - ANSWERStatistical/Mathematical

  • Random
  • Cell - random selection at defined intervals
  • Fixed interval - select every n + increment Non-statistical
  • Haphazard
  • Haphazard Compliance Testing - presence/absence - ANSWERAttribute sampling - is attribute present in sample? Specified by rate of occurrence Stop & Go sampling - used when few errors expected, reduces overall sample size. Reduces effort. Auditor determines whether to stop testing or continue testing. Discovery sampling - 100 percent sampling to detect fraud (ex: forensics). Precision/expected error rate - acceptable margin of error between samples and subject population. Low error rate requires large sample. Substantive Testing- content/integrity - ANSWERVariable sampling - designating $ value or effectiveness (weight) of entire subject by prorating from a smaller sample (ex: weigh $50 bill and calculate value of stack of bills by total weight). Unstratified mean estimation - projects an estimated total for entire population
  • Each layer communicates with the layer above and below it, as well as virtually with the same layer on the remote system - ANSWER7 OSI layers Away - 7. Application: Pizza - 6. Presentation Sausage - 5. Session Throw - 4. Transport Not - 3. Network Do - 2. Data Link Please - 1. Phisical 4 TCP Layers Nor Do I Throw Anchovies - ANSWERAnchovies - 4. Application Throw - 3. Transport I - 2. Internet/Network Nor Do /1\ 1. Link (LAN/WAN) interface Point-to-Point Protocol (PPP) - ANSWERData link layer protocol for accessing remote network using IP over serial lines (replaced SLIP) Four IPs in each subnet are lost/reserved - ANSWER• Numeric name (e.g., 192.0.0.0) for routing table/network path
  • Starting IP
  • Ending IP (IPs in between start & end = IP address space)
  • Broadcast IP IP Addresses - ANSWER(32 bits) ARP - ANSWERMAC address to IP address VLANs (requires router to access other subnets) - ANSWER• Port-based: specific port configured to a specific VLAN. Small networks
  • MAC-based: ties MAC address into VLAN, reconfigures network port on switch
  • Policy or rule-based: Rule based on IP address or protocol in header. Switch ports reconfigure automatically DNS - ANSWERBootp using RARP! Dedicated Phone Circuits - ANSWER• POTS - 56Kbs (half of ISDN circuit)
  • Integrated Services Digital Network (ISDN) - 128Kbs, 23 channels of data, voice, video (conference); runs on POTS
  • Primary trunk line (T1) - 28 POTS circuits, 1.544 Mbps. Charged by the mile.
  • Digital Subscriber Line (DSL) - over POTS. 368 Kbps-1.544 Mbps. Packet Switching - ANSWER• Eliminated need for dedicated lines (Internet is PS'd)
  • Not limited by distance
  • Source & destination known, path is not
  • Charged according to packets transmitted, not distance

Syslog - ANSWERno message authentication/integrity; no message delivery verification Remote Monitoring Protocol (RMON1) - ANSWERmonitors only Data Link/MAC layers and below Remote Monitoring Protocol 2 (RMON2) - ANSWERunlike Sniffer that monitors layers 1-3, RMON2 monitors all 7 OSI layers IT Governance - leading and monitoring IT performance & investment - ANSWER• Strategic alignment between IT & business

  • Monitoring assurance practices for executive management
  • Intervention to stop, modify, or fix practices as they occur 3 IT Governance management levels: - ANSWER• Strategic (3+ yrs)
  • Tactical (6 months - 2 yrs)
  • Operational (daily) Balanced Scorecard - CB FG - ANSWER• Customer
  • Business process
  • Financial
  • Growth & Learning 3 layers that incorporate the 4 perspectives (MMS)
  • Mission
  • Metrics
  • Strategy

CMM vs. ISO 15504 (SPICE) - PME PO - ANSWERPerformed Managed Established Predictable Optimizing