DOMAIN 1 β Information Systems Auditing Process |
| Tests your ability to plan and perform industry-standard information systems audits, evaluate an organizationβs IS/IT security, risks, and controls, and communicate conclusions that help protect and control its information systems. |
1A β Planning |
| Item | Exam Content Area | | | | |
| 1A-1 | IS Audit Standards, Guidelines, and Codes of Ethics | Test 1 | Test 2 | Test 3 | Test 4 |
| 1A-2 | Types of Audits, Assessments, and Reviews | Test 1 | Test 2 | Test 3 | Test 4 |
| 1A-3 | Risk-Based Audit Planning | Test 1 | Test 2 | Test 3 | Test 4 |
| 1A-4 | Types of Controls and Considerations | Test 1 | Test 2 | Test 3 | Test 4 |
1B β Execution |
| Item | Exam Content Area | | | | |
| 1B-1 | Audit Project Management | Test 1 | Test 2 | Test 3 | Test 4 |
| 1B-2 | Audit Testing and Sampling Methodology | Test 1 | Test 2 | Test 3 | Test 4 |
| 1B-3 | Audit Evidence Collection Techniques | Test 1 | Test 2 | Test 3 | Test 4 |
| 1B-4 | Audit Data Analytics | Test 1 | Test 2 | Test 3 | Test 4 |
| 1B-5 | Reporting and Communication Techniques | Test 1 | Test 2 | Test 3 | Test 4 |
| 1B-6 | Quality Assurance and Improvement of Audit Process | Test 1 | Test 2 | Test 3 | Test 4 |
DOMAIN 2 β Governance & Management of IT |
| Tests your ability to identify critical IT governance and management issues and recommend enterprise-specific practices that support and safeguard the governance of information and related technologies. |
2A β IT Governance |
| Item | Exam Content Area | | | | |
| 2A-1 | Laws, Regulations, and Industry Standards | Test 1 | Test 2 | Test 3 | Test 4 |
| 2A-2 | Organizational Structure, IT Governance, and IT Strategy | Test 1 | Test 2 | Test 3 | Test 4 |
| 2A-3 | IT Policies, Standards, Procedures and Practices | Test 1 | Test 2 | Test 3 | Test 4 |
| 2A-4 | Enterprise Architecture and Considerations | Test 1 | Test 2 | Test 3 | Test 4 |
| 2A-5 | Enterprise Risk Management | Test 1 | Test 2 | Test 3 | Test 4 |
| 2A-6 | Privacy Program and Principles | Test 1 | Test 2 | Test 3 | Test 4 |
| 2A-7 | Data Governance and Classification | Test 1 | Test 2 | Test 3 | Test 4 |
2B β IT Management |
| Item | Exam Content Area | | | | |
| 2B-1 | IT Resource Management | Test 1 | Test 2 | Test 3 | Test 4 |
| 2B-2 | IT Vendor Management | Test 1 | Test 2 | Test 3 | Test 4 |
| 2B-3 | IT Performance Monitoring and Reporting | Test 1 | Test 2 | Test 3 | Test 4 |
| 2B-4 | Quality Assurance and Quality Management of IT | Test 1 | Test 2 | Test 3 | Test 4 |
DOMAIN 3 β Information Systems Acquisition, Development & Implementation |
| Tests your ability to evaluate the acquisition, development, and implementation of information systems, demonstrating your understanding of IT controls and how technology supports business objectives. |
3A β Information Systems Acquisition and Development |
| Item | Exam Content Area | | | | |
| 3A-1 | Project Governance and Management | Test 1 | Test 2 | Test 3 | Test 4 |
| 3A-2 | Business Case and Feasibility Analysis | Test 1 | Test 2 | Test 3 | Test 4 |
| 3A-3 | System Development Methodologies | Test 1 | Test 2 | Test 3 | Test 4 |
| 3A-4 | Control Identification and Design | Test 1 | Test 2 | Test 3 | Test 4 |
3B β Information Systems Implementation |
| Item | Exam Content Area | | | | |
| 3B-1 | System Readiness and Implementation Testing | Test 1 | Test 2 | Test 3 | Test 4 |
| 3B-2 | Implementation Configuration and Release Management | Test 1 | Test 2 | Test 3 | Test 4 |
| 3B-3 | System Migration, Infrastructure Deployment, and Data Conversion | Test 1 | Test 2 | Test 3 | Test 4 |
| 3B-4 | Post-implementation Review | Test 1 | Test 2 | Test 3 | Test 4 |
DOMAIN 4 β Information Systems Operations & Business Resilience |
| Tests your ability to evaluate information systems operations and business resilience, demonstrating your understanding of IT controls and how reliable, recoverable technology services support business objectives. |
4A β Information Systems Operations |
| Item | Exam Content Area | | | | |
| 4A-1 | IT Components | Test 1 | Test 2 | Test 3 | Test 4 |
| 4A-2 | IT Asset Management | Test 1 | Test 2 | Test 3 | Test 4 |
| 4A-3 | Job Scheduling and Production Process Automation | Test 1 | Test 2 | Test 3 | Test 4 |
| 4A-4 | System Interfaces | Test 1 | Test 2 | Test 3 | Test 4 |
| 4A-5 | Shadow IT and End-User Computing | Test 1 | Test 2 | Test 3 | Test 4 |
| 4A-6 | Systems Availability and Capacity Management | Test 1 | Test 2 | Test 3 | Test 4 |
| 4A-7 | Problem and Incident Management | Test 1 | Test 2 | Test 3 | Test 4 |
| 4A-8 | IT Change, Configuration, and Patch Management | Test 1 | Test 2 | Test 3 | Test 4 |
| 4A-9 | Operational Log Management | Test 1 | Test 2 | Test 3 | Test 4 |
| 4A-10 | IT Service Level Management | Test 1 | Test 2 | Test 3 | Test 4 |
| 4A-11 | Database Management | Test 1 | Test 2 | Test 3 | Test 4 |
4B β Business Resilience |
| Item | Exam Content Area | | | | |
| 4B-1 | Business Impact Analysis | Test 1 | Test 2 | Test 3 | Test 4 |
| 4B-2 | System and Operational Resilience | Test 1 | Test 2 | Test 3 | Test 4 |
| 4B-3 | Data Backup, Storage, and Restoration | Test 1 | Test 2 | Test 3 | Test 4 |
| 4B-4 | Business Continuity Plan | Test 1 | Test 2 | Test 3 | Test 4 |
| 4B-5 | Disaster Recovery Plans | Test 1 | Test 2 | Test 3 | Test 4 |
DOMAIN 5 β Protection of Information Assets |
| Tests your understanding of cybersecurity principles, best practices, and common pitfalls involved in protecting information assets and managing security events. |
5A β Information Asset Security and Control |
| Item | Exam Content Area | | | | |
| 5A-1 | Information Asset Security Frameworks, Standards, and Guidelines | Test 1 | Test 2 | Test 3 | Test 4 |
| 5A-2 | Physical and Environmental Controls | Test 1 | Test 2 | Test 3 | Test 4 |
| 5A-3 | Identity and Access Management | Test 1 | Test 2 | Test 3 | Test 4 |
| 5A-4 | Network and End-Point Security | Test 1 | Test 2 | Test 3 | Test 4 |
| 5A-5 | Data Loss Prevention | Test 1 | Test 2 | Test 3 | Test 4 |
| 5A-6 | Data Encryption | Test 1 | Test 2 | Test 3 | Test 4 |
| 5A-7 | Public Key Infrastructure | Test 1 | Test 2 | Test 3 | Test 4 |
| 5A-8 | Cloud and Virtualized Environments | Test 1 | Test 2 | Test 3 | Test 4 |
| 5A-9 | Mobile, Wireless, and Internet-of-Things Devices | Test 1 | Test 2 | Test 3 | Test 4 |
5B β Security Event Management |
| Item | Exam Content Area | | | | |
| 5B-1 | Security Awareness Training and Programs | Test 1 | Test 2 | Test 3 | Test 4 |
| 5B-2 | Information System Attack Methods and Techniques | Test 1 | Test 2 | Test 3 | Test 4 |
| 5B-3 | Security Testing Tools and Techniques | Test 1 | Test 2 | Test 3 | Test 4 |
| 5B-4 | Security Monitoring Tools and Techniques | Test 1 | Test 2 | Test 3 | Test 4 |
| 5B-5 | Security Incident Response Management | Test 1 | Test 2 | Test 3 | Test 4 |
| 5B-6 | Evidence Collection and Forensics | Test 1 | Test 2 | Test 3 | Test 4 |