CISA Domain 4: Information Systems Operations and Business Resilience

The Domain 4: Information Systems Operations and Business Resilience of CISA exam holds a total weightage of 23% in the exam.

Domain 4: Information Systems Operations and Business Resilience of the CISA exam focuses on the operational aspects of maintaining information systems and ensuring business continuity in the face of disruptions. Here’s a summary of the key objectives within Part A and Part B:

Part A: Information Systems Operations

1. Common Technology Components: Understand the fundamental hardware and software components that make up a typical IT infrastructure.
2. IT Asset Management: Learn about effective asset tracking, lifecycle management, and security practices for all IT assets, including hardware, software, and data.
3. Job Scheduling and Production Process Automation: This objective covers techniques for automating routine tasks and scheduling jobs to optimize IT operations and resource utilization.
4. System Interfaces: Understand the different types of system interfaces and how they facilitate data exchange and communication between various systems.
5. End-user Computing: Learn about effective methods for supporting and managing end-user computing environments, including desktop computers, laptops, mobile devices, and applications.
6. Data Governance: This objective covers policies and procedures for managing data assets effectively, ensuring data quality, accessibility, and compliance with regulations.
7. Systems Performance Management: Learn about techniques for monitoring system performance, identifying bottlenecks, and optimizing resource allocation to maintain efficient IT operations.
8. Problem and Incident Management: Understand the processes for identifying, diagnosing, and resolving IT problems and incidents, minimizing downtime and disruptions.
9. Change, Configuration, Release and Patch Management: This objective delves into the controlled processes for implementing changes, configurations, releases, and patches to ensure minimal disruption and maintain system stability.
10. IT Service Level Management (ITSLM): Learn about defining, measuring, and meeting agreed-upon service levels for IT services, ensuring efficient delivery and user satisfaction.
11. Database Management: Understand the principles and best practices for managing databases effectively, including security, backups, and performance optimization.

Part B: Business Resilience

1. Business Impact Analysis (BIA): This objective covers techniques for identifying and prioritizing critical business processes and assessing the potential impact of disruptions on the organization.
2. System Resiliency: Learn about methods for designing and implementing resilient systems that can withstand disruptions and continue functioning with minimal impact.
3. Data Backup, Storage and Restoration: Understand the strategies and best practices for backing up, storing, and restoring data efficiently in the event of data loss or disaster.
4. Business Continuity Plan (BCP): This objective delves into the development and implementation of BCPs that outline response procedures and recovery strategies for potential disruptions.
5. Disaster Recovery Plans (DRP): Learn about developing and implementing DRPs that address large-scale disasters and outline evacuation procedures, data recovery, and alternative operating locations.

Unique Terms and Definitions from Domain 4: Information Systems Operations and Business Resilience

• Technology components: Hardware, software, network and data resources that enable the processing and delivery of information in an organization.
• Hardware platforms: The physical devices and equipment that support the operation and use of information systems, such as servers, workstations, routers, switches, printers and scanners.
• Central processing unit (CPU): The main component of a computer that performs arithmetic and logical operations, controls the execution of instructions and communicates with other devices.
• Microprocessor: A CPU on a single chip that can be embedded in various devices, such as personal computers, smartphones, tablets and appliances.
• Multi-processor: A computer system that has more than one CPU, which can work in parallel to increase the processing speed and performance.
• Multi-core processor: A CPU that contains multiple processing units or cores on a single chip, which can execute multiple instructions simultaneously.
• Motherboard: The main circuit board of a computer that connects and supports the CPU, memory, storage devices and other components.
• Random access memory (RAM): A type of volatile memory that stores data and instructions that are currently being used by the CPU. RAM can be read and written quickly, but it loses its content when the power is turned off.
• Read-only memory (ROM): A type of non-volatile memory that stores data and instructions that are essential for the basic operation of a computer, such as the boot process. ROM can only be read, not written, and it retains its content even when the power is turned off.
• Permanent storage devices: Devices that store data and programs permanently, such as hard disk drives and solid-state drives. Permanent storage devices have larger capacity and slower access speed than RAM, but they do not lose their content when the power is turned off.
• Solid-state drive (SSD): A type of permanent storage device that uses flash memory to store data, without any moving parts. SSDs are faster, more reliable, more energy-efficient and more durable than hard disk drives, but they are also more expensive and have a limited number of write cycles.
• Input/output (I/O) components: Devices that allow the computer to interact with the external environment, such as users, networks and other systems. Examples of input devices are keyboards, mice, scanners and cameras. Examples of output devices are monitors, printers and speakers.
• Types of computers: Computers can be categorized according to their processing power, size and architecture, such as supercomputers, mainframes, high-end/midrange servers, personal computers, thin client computers, laptop computers, smartphones, tablets and other handheld devices.
• Universal serial bus (USB): A serial bus standard that connects devices to a host computer, allowing data transfer, power supply and plug-and-play functionality. USB devices include flash drives, external hard drives, keyboards, mice, printers and cameras.
• Radio frequency identification (RFID): A technology that uses radio waves to identify tagged objects within a limited range. An RFID tag consists of a microchip and an antenna that store and transmit information to an RFID reader. RFID tags can be passive or active, depending on their power source. RFID applications include asset management, tracking, authenticity verification, matching, process control, access control and supply chain management.
• Hardware maintenance program: A program that documents the performance of routine cleaning and servicing of hardware to ensure proper operation and availability. The program includes information such as service company, maintenance schedule, maintenance cost and maintenance history.
• Hardware monitoring procedures: Procedures and reports that measure and evaluate the use and performance of hardware resources, such as availability, errors, utilization and capacity.
• Hardware reviews: Reviews that assess the hardware acquisition plan, the hardware acquisition process, the IT asset management, the capacity management and monitoring, and the preventive maintenance schedule.
• IT asset management: A process of identifying, inventorying, managing and protecting IT assets, such as hardware, software, data and information. IT asset management includes assigning owners, custodians, values, locations, security classifications and loss implications to IT assets.
• Job scheduling and production process automation: A process of planning, executing and controlling the batch and online jobs that run on a computer system, using automated job scheduling software. Job scheduling aims to optimize the use of IT resources, meet the user and business requirements, and reduce the errors and delays in processing.
• Job scheduling software: System software that sets up daily work schedules and automatically determines which jobs are to be submitted to the system for processing. Job scheduling software can also handle job dependencies, job priorities, job failures, job security, job backups and job performance.
• Database management system (DBMS): System software that manages the creation, storage, retrieval, manipulation and security of data in a database. A DBMS provides a logical view of the data and hides the physical details of how the data are stored and organized. A DBMS also supports data integrity, data consistency, data concurrency, data recovery and data performance.
• Metadata: Data that describe the characteristics and structure of other data, such as data definitions, data types, data relationships and data constraints. Metadata are stored in a data dictionary or a data directory within a DBMS.
• Data schema: A representation of the logical organization of data in a database. A data schema defines the data elements, their attributes, their domains and their relationships. There are three types of data schema: conceptual schema, external schema and internal schema.
• Conceptual schema: A data schema that describes the overall structure and meaning of the data for the entire organization, independent of any physical or logical implementation. A conceptual schema defines the entities, attributes and relationships in an entity-relationship diagram (ERD).
• External schema: A data schema that describes the structure and meaning of the data for a specific user or application, based on the conceptual schema. An external schema defines the views, queries and transactions that are relevant to a user or application.
• Internal schema: A data schema that describes the physical storage and organization of the data in a database, based on the conceptual schema. An internal schema defines the data files, records, fields, indexes and access methods that are used to store and retrieve the data.
• Database structure: The way that data are organized and stored in a database, based on a data model. There are three major types of database structure: hierarchical, network and relational. Other types include object-oriented, NoSQL and XML.
• Hierarchical database model: A database model that organizes data in a tree-like structure, using parent-child relationships. A child record can have only one parent record, but a parent record can have multiple child records. Hierarchical databases are easy to implement and search when the data relationships are hierarchical, but they require data duplication and do not support high-level queries.
• Network database model: A database model that organizes data in a graph-like structure, using owner-member relationships. A member record can have multiple owner records, and an owner record can have multiple member records. Network databases can represent complex data relationships, but they are difficult to understand and modify, and they do not support high-level queries.
• Relational database model: A database model that organizes data in tables, using rows and columns. A row represents a record, and a column represents an attribute. Tables can be linked by using common attributes, called keys. Relational databases are independent of the physical data structure, and they support high-level queries using SQL.