CCOA Certification

The Information Systems Audit and Control Association (ISACA) is an international professional association that offers policy guidance, benchmarks, and governance tools for organisations that use information technology (IT) systems.

Overview

ISACA’s Certified Cybersecurity Operations Analyst (CCOA™) certification focuses on the technical skills to evaluate threats, identify vulnerabilities, and recommend countermeasures to prevent cyber incidents. As emerging technologies like automated systems using AI evolve, the role of the cyber analyst will only become more critical in protecting digital ecosystems. Analysts specialize in understanding the what, where and how behind cybersecurity incidents. By identifying patterns, anomalies and indicators of compromise, you become the eyes and ears of your organisation’s defense.

CCOA is administered through a hybrid exam that assesses a candidate’s knowledge and skills using a blend of traditional multiple-choice and performance-based questions.

A copy of ISACA’s CCOA Exam Candidate Guide can be downloaded here.

Taking and passing the CCOA certification exam is just the first step in becoming certified. To become CCOA certified, an individual must first meet the necessary requirements.

Request Certification Information

Prepare for the Certified Cybersecurity Operations Analyst (CCOA) exam with training from Lumify Work, an Accredited Partner of ISACA.

Courses

Certified Cybersecurity Operations Analyst (CCOA™)

Exam Content and Weightings

Following are the key domains and topics on which CCOA candidates will be tested, with weightings.

Domain 1: Technology Essentials

Identify the key components of computer and cloud networking, understand how databases, virtualisation, and containerisation are leveraged, and become familiar with command-line interfaces, programming, scripting, and more.

A. Networking

Cloud Networking
Computer Networking
Devices, Ports, and Protocols
Network Access
Network Tools
Network Topology
Segmentation (Logical, Physical)

B. Systems/Endpoint

Databases
Command Line
Containerisation/Virtualisation
Middleware
Operating Systems

C. Applications

Application Programming Interface (API)
Automated Deployment
Cloud Applications
Scripting/Coding

Domain 2: Cybersecurity Principles and Risk

Understand cybersecurity governance and alignment with business drivers, define cybersecurity strategy based on enterprise objectives, establish effective cross-organisational communication for cybersecurity and more.

A. Cybersecurity Principles

Compliance
Cybersecurity Objectives
Governance
Risk Management
Roles and Responsibilities
Cybersecurity Models

B. Cybersecurity Risk

Application Risk
Cloud Technology Risk
Data Risk
Network Risk
Supply Chain Risk
System/Endpoint Risk
Web Application Risk

Domain 3: Adversarial Tactics, Techniques, and Procedures

Understand common adversarial tactics, techniques, and procedures (TTPs), develop critical and creative thinking skills for threat detection and response, differentiate between dashboard events, attacker mindset insights and more.

A. Threat Landscape

Attack Vectors
Threat Actors/Agents
Threat Intelligence Sources

B. Means and Methods

Attack Types
Cyber Attack Stages
Exploit Techniques
Penetration Testing

Domain 4: Incident Detection and Response

Understand the importance of cybersecurity-incident preparedness, recognise the significance of incident detection and response in mitigating their impact, appreciate the role of proactive planning, practice, process refinement and more.

A. Incident Detection

Data Analytics
Detection Use Cases
Indicators of Compromise and/or Attack
Logs and Alerts
Monitoring Tools and Technologies

B. Incident Response

Incident Containment
Incident Handling
Forensic Analysis
Malware Analysis
Network Traffic Analysis
Packet Analysis
Threat Analysis

Domain 5: Securing Assets

Understand the importance of designing countermeasures to protect digital assets, recognise the iterative nature of securing systems and their ecosystems, appreciate the holistic approach to securing assets, consider technical aspects and organisational products, services and critical business processes, and more.

A. Controls

Contingency Planning
Controls and Techniques
Identity and Access Management
Industry Best Practices, Guidance, Frameworks, and Standards

B. Vulnerability Management

Vulnerability Assessment
Vulnerability Identification
Vulnerability Remediation
Vulnerability Tracking

Supporting Tasks

Identify and analyse threats applicable to the organisation.
Identify and analyse vulnerabilities applicable to the organisation.
Monitor the threat landscape of an organisation.
Synthesise information to protect the organisation from cybersecurity risks.
Contextualise information to aid in the identification of threats/vulnerabilities to protect the organisation from risk.
Develop detection use cases and rule sets for monitoring.
Monitor events for potential cybersecurity incidents.
Triage events to determine if an incident has occurred.
Handle cybersecurity incidents according to incident response documentation, including classification, escalation, and notification.
Perform analysis considering type, volume, and impact/scale.
Aid in determining business impact.
Aid in the prioritisation of cybersecurity incidents for management.
Propose containment measures for a cybersecurity incident.
Support forensic investigation processes.
Interpret analysis results.
Document and report on cybersecurity incidents, including the analysis process and results.
Consult with external stakeholders (e.g., clients/customers/suppliers) regarding cybersecurity.
Learn from cybersecurity incidents for continuous improvement.
Support business objectives for an organisation.
Communicate and/or advise other departments regarding cybersecurity operations and risks.
Contribute to cybersecurity policies and procedures to align with business objectives.