CCA: IIBA Cybersecurity Analysis

IIBA and IEEE Computer Society have partnered to offer a robust learning and certification program on Cybersecurity Analysis.

IIBA Cybersecurity Analysis (CCA)

IIBA CCA Exam Summary:

Exam Name	IIBA Cybersecurity Analysis
Exam Code	CCA
Exam Fee	Exam Fee: Member - $250, Non-Member - $400 Retake Fee: Member - $195, Non-Member - $350
Exam Duration	90 Minutes
Number of Questions	75
Passing Score	Pass or Fail
Format	Multiple Choice Questions
Sample Questions	IIBA Cybersecurity Analysis Exam Sample Questions and Answers
Practice Exam	IIBA Cybersecurity Analysis (CCA) Practice Test

IIBA Cybersecurity Analysis Syllabus Topics:

 

Topic	Details	Weights
Cybersecurity Overview and Basic Concepts	- General Awareness: Understands the role of Business Analysis in Cybersecurity - Practical Knowledge: Follows Rules to conduct a stakeholder analysis - Practical Knowledge: Follows Rules using existing documentation to draft a RACI for a Cybersecurity project or program initiative - General Awareness: Understands how to locate the organization's security framework or model, or know that one does not yet exist - General Awareness: Understands what an Information Security Management System (ISMS) is and its objective - General Awareness: Understands what data privacy is - General Awareness: Understands the difference between an internal and external audit. - Practical Knowledge: Follows Rules and knows the difference between compliance and best practice	14%
Enterprise Risk	- General Awareness: Understands what a cyber risk is - General Awareness: Basic Knowledge of what a Cybersecurity Risk Assessment is - Practical Knowledge: Follows Rules for the inputs to a Business Case that BAs are typically responsible for - General Awareness: Understands what Disaster Recovery Plans and Business Continuity Plans are - Practical Knowledge: Follows Rules to develop a business process flow diagram, and identify steps along the path that present potential cybersecurity vulnerabilities	14%
Cybersecurity Risks and Controls	- General Awareness: Understands what Cybersecurity Controls are and where to find various versions - General Awareness: Understands the three attributes of secure information: confidentiality, integrity and availability - General Awareness: Understands the difference between a cyber threat and a cyber vulnerability - Practical Knowledge: Follows Rules to identify typical impacts of a cyber-attack to an organization	12%
Securing the Layers	- General Awareness: Understands that there are multiple layers of technology to protect - General Awareness: Understands what is meant by Endpoint Security	5%
Data Security	- General Awareness: Understands what Information Classification means - General Awareness: Understands what Information Categorization means - General Awareness: Understands what Data Security at Rest means - General Awareness: Understands what Data Security in Transit means - General Awareness: Understands what Encryption is - General Awareness: Understands what a Digital Signature is	15%
User Access Control	- Practical Knowledge: Follows Rules to set up authorization - General Awareness: Understands what authentication is - General Awareness: Understands what access control means - General Awareness: Understands what Privileged Account Management is - Practical Knowledge: Follows Rules and is familiar with key actions employees should take responsibility for to maintain security - General Awareness: Understands the principle of least privilege - Practical Knowledge: Follows Rules to elicit user access requirements	15%
Solution Delivery	- Practical Knowledge: Follows Rules to identify a Security Requirement when presented with a list of requirements - General Awareness: Understands what SaaS, IaaS and PaaS are - Practical Knowledge: Follows Rules to document a current state business process including current technology - General Awareness: Understands a target state business process for a cybersecurity initiative - Practical Knowledge: Follows Rules to map cybersecurity solution components back to security requirements	13%
Operations	- General Awareness: Understands how to create and maintain a risk log - General Awareness: Basic Knowledge of the four risk treatment options: Accept, Avoid, Transfer, Mitigate - General Awareness: Understands what residual risk is - General Awareness: Understands how to create a report template for Security metrics - General Awareness: Understands Root Cause Analysis	12%