CISA Domain 3 – Information Systems Acquisition, Development and Implementation- Part- 5

PART 5 – CISA Domain 3 – Information Systems Acquisition, development and implementation

• What does certification and accreditation mean?
• What does Artificial Intelligence (AI) and Expert systems mean?
• What is Agile development?
• What is software re-engineering?
• What is reverse engineering?

• Certification:
  • Certification is the process of evaluating, testing, and examining security controls that have been pre-determined based on the data type in an information system
  • The certification process ensures that security weaknesses are identified and plans for mitigation strategies are in place
  • Testing laboratories may also certify that certain products meet pre-established standards, or governmental agencies may certify that a company is meeting existing regulations(e.g., emission limits).

• Accreditation:
  • Accreditation is the formal declaration by a neutral third party that the certification program is administered in a way that meets the relevant norms or standards of certification program (e.g., ISO/IEC 17024).
  • Accreditation is the official management decision (given by a senior official) to authorize operation of an information system and to explicitly accept the risk to the organization’s operations, assets or individuals based on the implementation of an agreed-upon set of requirements and security controls.

• Artificial intelligence (AI) is the study and application of the principles by which:
  • Knowledge is acquired and used.
  • Goals are generated and achieved.
  • Information is communicated.
  • Collaboration is achieved.
  • Concepts are formed.
  • Languages are developed

• AI fields include, among others:
  • Expert systems
  • Natural and artificial (such as programming) languages
  • Neural networks
  • Intelligent text management
  • Theorem proving
  • Abstract reasoning
  • Pattern recognition
  • Voice recognition
  • Problem solving
  • Machine translation of foreign languages

• Expert systems:
  • Expert systems are an area of AI and perform a specific function or are prevalent in certain industries.
  • An expert system allows the user to specify certain basic assumptions or formulas and then uses these assumptions or formulas to analyze arbitrary events. Based on the information used as input to the system, a conclusion is produced.
  • Key to the system is the knowledge base (KB), which contains specific information or fact patterns associated with particular subject matter and the rules for interpreting these facts.
    • Knowledge base: This component consists of data, facts and rules for a certain topic, industry or skill, usually equivalent to that of a human expert. The information in the KB can be expressed in several ways:
    • Decision trees – Using questioners to lead the user through series of choices, until a conclusion is reached.
    • Rules – Expressing declarative knowledge through the use of if-then relationships. For example, if a patient’s body temperature is over 39°C (102.2°F) and his/her pulse is under 60, then the patient might be suffering from a certain disease.
    • Semantic nets – A semantic network is a system in which commonly understood labeling is used to show relationships between its parts 

• The term “agile development” refers to a family of similar development processes that espouse a nontraditional way of developing complex systems. One of the first agile processes, Scrum (a rugby analogy), emerged in the early 1990s

• A lightweight software engineering framework that promotes iterative development throughout the life-cycle of the project, close collaboration between the development team and business side, constant communication, and tightly-knit teams

• Re-engineering is a process of updating an existing system by extracting and reusing design and program components
• The act of recreating a core business process with the goal of
  • Improving product output,
  • Improving product quality, or
  • Reducing costs.
• The following are the steps involved in business process re-engineering
  • Define objectives and framework
  • Identify customer needs
  • Study the existing process
  • Formulate a Redesign Business plan
  • Implement and monitor the redesigned process
  • Establish continuous improvement process

• Reverse engineering is the process of studying and analyzing an application, a software application or a product to see how it functions and to use that information to develop a similar system
• This process can be carried out in several ways:
  • Decompiling object or executable code into source code and using it to analyze the program
  • Black box testing the application to be reverse-engineered to unveil its functionality

• Advantages:
  • Faster development and reduced SDLC duration
  • Possibility of introducing improvements by overcoming the reverse-engineered application drawbacks

Part 1, Part 2, Part 3, Part 4, Part 5, Part 6, Part 7, Part 8, Part 9

AUTHOR
Aswini Srinath ( )
Writer And Editor

“ I am a qualified Chartered Accountant based out of Chennai, with 8+ years of experience in various roles in finance domain including CA Practice, financial reporting and auditing. I have always been keen to challenge myself by exploring potential capabilities outside of my core competency. Picked up Information Security as one such thing. Cleared CISA with 2nd Rank in ISACA Chennai Chapter in 2019. Since then, i have been sharing my learning and experience to a small group of avid followers, helping them prepare for their CISA exams. This article is also one such attempt, where I summarize the key areas in each domain based on the importance and weightage from an exam point of view. “