Back to CPA Exam

CPA Exam · ISC — Information Systems & Controls (Discipline)

Security Confidentiality Privacy

ISC — Security, Confidentiality & Privacy Exam: CPA — ISC (Information Systems & Controls Discipline) Last Updated: June 2026 --- ## Cybersecurity Framework ### NIST Cybersecurity Framework (CSF) Five core functions: | Function | Activities | |---|---| | Identify | Asset management, risk assessment, governance | | Protect | Access control, data security, awareness training, maintenance | | Detect | Anomaly detection, continuous monitoring, detection processes | | Respond | Incident response planning, communications, analysis, mitigation | | Recover | Recovery planning, improvements, communications | > Exam Tip: The NIST CSF is widely referenced in ISC questions. Know the five functions and their sequence. ### Defense in Depth Layered security approach — multiple controls so no single failure exposes the system: 1. Physical security (facilities, hardware) 2. Network security (firewalls, IDS/IPS) 3. Host security (OS hardening, endpoint protection) 4. Application security (input validation, authentication) 5. Data security (encryption, DLP) --- ## Access Control ### Authentication Methods | Factor | Examples | |---|---| | Something you know | Password, PIN, security question | | Something you have | Smart card, hardware token, mobile phone (OTP) | | Something you are | Fingerprint, facial recognition, retina scan (biometrics) | Multi-Factor Authentication (MFA): Requires 2+ factors — significantly stronger than single-factor. ### Access Control Models | Model | Description | |---|---| | Discretionary Access Control (DAC) | Resource owner sets permissions (e.g., file sharing permissions) | | Mandatory Access Control (MAC) | System enforces access based on labels/classification (government/military) | | Role-Based Access Control (RBAC) | Permissions granted based on job role (most common in enterprise) | | Attribute-Based Access Control (ABAC) | Access based on attributes (user role + time +…

Keep reading: Security Confidentiality Privacy

Unlock the full CPA Exam course — every lesson, the AI tutor, and full mock exams.

  • Full lesson content
  • AI tutor for this section
  • Practice questions