CPA Exam Lab

ISC Study Guide

Information Systems and Controls — IT, Security, Privacy, and SOC

Your Study Progress
0 / 13 topics

Mock Exam

33 questions · exam conditions · full breakdown

Review Queue

Spaced repetition - wrong answers resurface automatically

Study Modes

Skip to what you need — MCQs only or simulation strategy only.

MCQ Blitz Mode

Jump straight to practice questions across all ISC topics.

I1I2I3I4I5I6I7I8I9I10I11I12I13

Sim Strategy Focus

Review simulation strategies and TBS tips for every topic.

I1I2I3I4I5I6I7I8I9I10I11I12I13

Section 1

Information Systems and Data Management

3545% of the ISC exam

Section Overview

Covers IT governance and the IT function, the system development life cycle and change management, IT general and application controls, data management, and business resilience.

5 topics-

I1 · IT Governance and the IT Function

Available

I2 · Systems Development and Change Management

Available

I3 · IT General Controls and Application Controls

Available

I4 · Data Management and the Data Life Cycle

Available

I5 · Business Resilience: Backup, Recovery, and Continuity

Available

Section 2

Security, Confidentiality, and Privacy

3545% of the ISC exam

Section Overview

Covers information security programs and frameworks, logical and physical access controls, threats and vulnerabilities, data confidentiality and privacy, and incident response.

5 topics-

I6 · Information Security Programs and Frameworks

Available

I7 · Logical and Physical Access Controls

Available

I8 · Threats, Vulnerabilities, and Attacks

Available

I9 · Confidentiality and Privacy

Available

I10 · Incident Response and Security Monitoring

Available

Section 3

System and Organization Controls (SOC) Engagements

1525% of the ISC exam

Section Overview

Covers the types of SOC engagements, the trust services criteria, and performing and reporting on SOC 1 and SOC 2 engagements.

3 topics-

I11 · Types of SOC Engagements (SOC 1, 2, and 3)

Available

I12 · Trust Services Criteria and SOC 2 Reporting

Available

I13 · Performing and Reporting on SOC Engagements

Available