The Domain 2 – Governance and Management of IT of CISA exam holds a total weightage of 17% in the exam.
Domain 2 – Governance and Management of IT of the CISA exam delves into the strategic and operational aspects of managing information technology within an organization. Here’s a summary of the key objectives within Part A and Part B:
Part A: IT Governance
- IT Governance and IT Strategy: Understand the principles and frameworks for aligning IT activities with organizational goals and achieving the desired vision.
- IT-related Frameworks: Learn about popular IT governance frameworks like COBIT, ITIL, understanding their key components and applicability.
- IT Standards, Policies and Procedures: Grasp the importance of establishing and enforcing documented standards, policies, and procedures for secure and efficient IT operations.
- Organizational Structure: Understand the various models for structuring an IT organization and aligning it with the overall organizational structure.
- Enterprise Architecture: Learn about the principles and benefits of designing and maintaining a robust enterprise architecture that aligns IT components with business requirements.
- Enterprise Risk Management: Understand how to identify, assess, and mitigate IT-related risks within the context of the organization’s overall risk management framework.
- Maturity Models: Learn about using maturity models like CMMI to assess the effectiveness of IT processes and identify areas for improvement.
- Laws, Regulations and Industry Standards Affecting the Organization: Understand how legal and regulatory requirements, as well as industry standards, impact IT governance and compliance.
Part B: IT Management
- IT Resource Management: Learn about optimizing and efficiently managing IT resources such as hardware, software, personnel, and budget.
- IT Service Provider Acquisition and Management: Understand the processes for selecting, contracting, and managing external IT service providers.
- IT Performance Monitoring and Reporting: Grasp the importance of monitoring key performance indicators (KPIs) for IT services and reporting on performance metrics to stakeholders.
- Quality Assurance and Quality Management of IT: Learn about implementing quality assurance and quality management practices to ensure the delivery of high-quality IT services.
Unique Terms and Definitions from Domain 2 – Governance and Management of IT
- IT governance: The leadership and organizational structures and processes that ensure the enterprise sustains and extends strategies and objectives.
- Corporate governance: The system by which enterprises are directed and controlled, involving a set of relationships among a company’s management, its board, its shareholders and other stakeholders.
- Enterprise governance of information and technology (EGIT): The process of establishing and maintaining a framework and supporting management structure and processes to provide assurance that information and technology strategies are aligned with and support business objectives, are consistent with applicable laws and regulations, and provide assignment of responsibility, all in an effort to manage risk.
- COBIT: A framework developed by ISACA to help enterprises optimize the value of information assets, by providing guidance on governance and management of information and technology.
- ISO/IEC 27000 series: A set of best practices that provides guidance to organizations implementing and maintaining information security programs.
- Information Technology Infrastructure Library (ITIL): A detailed framework with hands-on information regarding how to achieve successful operational service management of IT, developed by the UK Office of Government Commerce (OGC) in partnership with the IT Service Management Forum.
- Open Information Security Management Maturity Model (O-ISM3): A process-based ISM maturity model for security.
- ISO/IEC 38500: A standard that provides guiding principles for members of governing bodies of organizations on the effective, efficient and acceptable use of IT within an organization.
- ISO/IEC 20000: A specification for service management that is aligned with ITIL’s service management framework, consisting of specific requirements for service management improvement and guidance and examples for the application of those requirements.
- ISO 31000: A standard that provides guidelines on and a common approach to risk management for organizations.
- Standards: Documents that establish specifications and procedures designed to ensure the reliability of the materials, products, methods and/or services people use every day.
- Policies: Statements of management intent, supporting the goals and principles of information security in line with the business strategy and objectives.
- Procedures: Step-by-step instructions that detail the exact manner in which a task or process is to be performed.
- Guidelines: Information that will be helpful in executing the procedures, such as clarification of policies and standards, dependencies, suggestions and examples, narrative clarifying the procedures, background information and tools that can be used.
- Systems administrator: A person responsible for maintaining major multiuser computer systems, including local area networks (LANs), wireless local area networks (WLANs), wide area networks (WANs), virtual machine/server/network environments, personal area networks (PANs), storage area networks (SANs), intranets and extranets, and mid-range and mainframe systems.
- Security administrator: A person responsible for the security of the shared data stored on database systems, implementing and monitoring security policies and controls, and ensuring compliance with legal and regulatory requirements.
- Database administrator (DBA): A person who defines and maintains the data structures in the corporate database system, understanding the organization and user data and data relationship requirements, and ensuring the security and integrity of the data.
- Business intelligence (BI): A broad field of IT that encompasses the collection and analysis of information to assist decision-making and assess organizational performance.
- Data architecture: A framework that consists of the enterprise data flow architecture (EDFA) and a logical data architecture, which define and organize the data entities and how they relate and flow within and between the various layers of the data environment.
- Data governance: A process that involves determining which BI initiatives to fund, what priority to assign to initiatives and how to measure their return on investment (ROI), as well as establishing standard definitions for data, business rules and metrics, identifying approved data sources, and establishing standards for data reconciliation and balancing.
- Risk: The combination of the probability of an event and its consequence.
- Risk management: The coordinated activities to direct and control an organization with regard to risk.
- Risk assessment: The overall process of risk identification, risk analysis and risk evaluation.
- Risk identification: The process of finding, recognizing and describing risks.
- Risk analysis: The process of comprehending the nature of risk and determining the level of risk.
- Risk evaluation: The process of comparing the results of risk analysis with risk criteria to determine whether the risk and/or its magnitude is acceptable or tolerable.
- Risk treatment: The process of selecting and implementing measures to modify risk.
- Risk appetite: The amount and type of risk that an organization is willing to pursue or retain.
- Risk tolerance: The organization’s or stakeholder’s readiness to bear the risk after risk treatment in order to achieve its objectives.
- Risk register: A record of information about identified risks.
- Control: A measure that is modifying risk.
- Control objective: A statement of the desired result or purpose to be achieved by implementing control procedures.
- Control procedure: A policy, standard or rule that reduces the impact or likelihood of an adverse event.
- Control self-assessment (CSA): A technique that involves the participation of operational management and staff in assessing the effectiveness of controls within their own area of responsibility.
- Key performance indicator (KPI): A metric that evaluates the success of an organization or of a particular activity in which it engages.
Multiple Choice Questions quiz
|
Flashcard quiz
|