PART 5 – CISA Domain3 – Information Systems Acquisition and Development, and Implementation
What does accreditation and certification mean?
What does Artificial Intelligence (AI), Expert systems, and Expert Systems mean?
What is Agile development?
What is software reengineering?
What is reverse engineering?
1 Certification and Accreditation
Certification:Certification is the process of evaluating, testing, and examining security controls that have been pre-determined based on the data type in an information system
The certification process ensures that security flaws are identified and mitigation strategies are in place.
Test laboratories can also certify that certain products meet predetermined standards. Government agencies may also certify that a company meets existing regulations (e.g. emission limits).
Accreditation:Accreditation is the formal declaration by a neutral third party that the certification program is administered in a way that meets the relevant norms or standards of certification program (e.g., ISO/IEC 17024).
Accreditation refers to the decision of a senior manager to authorize the operation of an information system. It also means that the organization accepts the risk of its assets, operations, or personnel as a result of the implementation of a set of security controls and requirements.
Here are some points to keep in mind:
CISA candidates should be familiarized with the role of the auditor in the certification process
2. Artificial Intelligence (AI), Expert Systems:
Artificial intelligence (AI), is the study and application: of the principles that: Knowledge is acquired and used.
Goals can be set and achieved.
Information is communicated.
Collaboration is possible.
Concepts are created.
Languages are created
AI fields include, among other things:Expert systems
Languages, both natural and artificial (such programming)
Intelligent text management
Recognition of patterns
Machine translation of foreign languages
Expert systems: Expert systems are an area in AI that perform a specific function. They are also common in certain industries.
An expert system allows users to specify basic assumptions and formulas. These assumptions or formulas are then used to analyze arbitrary events. A conclusion is drawn based on the input information.
The knowledge base (KB) is the key component of the system. It contains data, facts, and rules for a specific topic, industry, or skill. These are usually equivalent to those of a human expert. The KB information can be expressed in many ways:
Decision trees – Use questioners to guide the user through a series of choices until they reach a conclusion.
Rules – Using if-then relationships to express declarative knowledge. If a patient’s body temperature exceeds 39 degrees Celsius (102.2 degrees Fahrenheit) and their pulse is below 60, it could be a sign that the patient is suffering from a specific disease.
Semantic networks – A semantic net is a system that uses commonly understood labeling to show the relationships between its parts.
3. Agile development:
Agile development refers to a group of similar development processes that use a nontraditional approach to developing complex systems. Scrum, a rugby analogy, was one of the first agile processes to emerge in the 1990s.
Iterative software engineering framework for lightweight software development. This encourages close collaboration between the business side and the development team, constant communication, and tight-knit teams.
4. Software re-engineering
Re-engineering refers to the process of updating an existing system through the extraction and reuse of de