To achieve the professional designation of IIBA Cybersecurity Analysis from the IIBA, candidates must clear the CCA Exam with the minimum cut-off score. For those who wish to pass the IIBA Cybersecurity Analysis certification exam with good percentage, please take a look at the following reference document detailing what should be included in IIBA Cybersecurity Analysis Exam preparation.
The IIBA CCA Exam Summary, Body of Knowledge (BOK), Sample Question Bank and Practice Exam provide the basis for the real IIBA Cybersecurity Analysis (CCA) exam. We have designed these resources to help you get ready to take IIBA Cybersecurity Analysis (CCA) exam. If you have made the decision to become a certified professional, we suggest you take authorized training and prepare with our online premium IIBA Cybersecurity Analysis Practice Exam to achieve the best result.
IIBA CCA Exam Summary:
| Exam Name | IIBA Cybersecurity Analysis |
| Exam Code | CCA |
| Exam Fee |
Exam Fee: Member - $250, Non-Member - $400 Retake Fee: Member - $195, Non-Member - $350 |
| Exam Duration | 90 Minutes |
| Number of Questions | 75 |
| Passing Score | Pass or Fail |
| Format | Multiple Choice Questions |
| Books / Trainings | CCA Cybersecurity Master Class |
| Schedule Exam | PROMETRIC |
| Sample Questions | IIBA Cybersecurity Analysis Exam Sample Questions and Answers |
| Practice Exam | IIBA Cybersecurity Analysis (CCA) Practice Test |
IIBA Cybersecurity Analysis Syllabus Topics:
| Topic | Details | Weights |
|---|---|---|
| Cybersecurity Overview and Basic Concepts |
- General Awareness: Understands the role of Business Analysis in Cybersecurity - Practical Knowledge: Follows Rules to conduct a stakeholder analysis - Practical Knowledge: Follows Rules using existing documentation to draft a RACI for a Cybersecurity project or program initiative - General Awareness: Understands how to locate the organization's security framework or model, or know that one does not yet exist - General Awareness: Understands what an Information Security Management System (ISMS) is and its objective - General Awareness: Understands what data privacy is - General Awareness: Understands the difference between an internal and external audit. - Practical Knowledge: Follows Rules and knows the difference between compliance and best practice |
14% |
| Enterprise Risk |
- General Awareness: Understands what a cyber risk is - General Awareness: Basic Knowledge of what a Cybersecurity Risk Assessment is - Practical Knowledge: Follows Rules for the inputs to a Business Case that BAs are typically responsible for - General Awareness: Understands what Disaster Recovery Plans and Business Continuity Plans are - Practical Knowledge: Follows Rules to develop a business process flow diagram, and identify steps along the path that present potential cybersecurity vulnerabilities |
14% |
| Cybersecurity Risks and Controls |
- General Awareness: Understands what Cybersecurity Controls are and where to find various versions - General Awareness: Understands the three attributes of secure information: confidentiality, integrity and availability - General Awareness: Understands the difference between a cyber threat and a cyber vulnerability - Practical Knowledge: Follows Rules to identify typical impacts of a cyber-attack to an organization |
12% |
| Securing the Layers |
- General Awareness: Understands that there are multiple layers of technology to protect - General Awareness: Understands what is meant by Endpoint Security |
5% |
| Data Security |
- General Awareness: Understands what Information Classification means - General Awareness: Understands what Information Categorization means - General Awareness: Understands what Data Security at Rest means - General Awareness: Understands what Data Security in Transit means - General Awareness: Understands what Encryption is - General Awareness: Understands what a Digital Signature is |
15% |
| User Access Control |
- Practical Knowledge: Follows Rules to set up authorization - General Awareness: Understands what authentication is - General Awareness: Understands what access control means - General Awareness: Understands what Privileged Account Management is - Practical Knowledge: Follows Rules and is familiar with key actions employees should take responsibility for to maintain security - General Awareness: Understands the principle of least privilege - Practical Knowledge: Follows Rules to elicit user access requirements |
15% |
| Solution Delivery |
- Practical Knowledge: Follows Rules to identify a Security Requirement when presented with a list of requirements - General Awareness: Understands what SaaS, IaaS and PaaS are - Practical Knowledge: Follows Rules to document a current state business process including current technology - General Awareness: Understands a target state business process for a cybersecurity initiative - Practical Knowledge: Follows Rules to map cybersecurity solution components back to security requirements |
13% |
| Operations |
- General Awareness: Understands how to create and maintain a risk log - General Awareness: Basic Knowledge of the four risk treatment options: Accept, Avoid, Transfer, Mitigate - General Awareness: Understands what residual risk is - General Awareness: Understands how to create a report template for Security metrics - General Awareness: Understands Root Cause Analysis |
12% |
Both IIBA and veterans who’ve earned multiple certifications maintain that the best preparation for a IIBA CCA professional certification exam is practical experience, hands-on training and practice exam. This is the most effective way to gain in-depth understanding of IIBA Cybersecurity Analysis concepts. When you understand techniques, it helps you retain IIBA Cybersecurity Analysis knowledge and recall that when needed.