Skip to content
IIBA.org Certificate in Cybersecurity Analysis (IIBA®- CCA)

Help Protect Your Business With the Certificate in Cybersecurity Analysis

Empower Business Analysis With Cybersecurity Expertise

The Certificate in Cybersecurity Analysis (IIBA-CCA) equips business analysis professionals with the critical skills needed to address today’s cybersecurity challenges. Learn how to identify threats, assess risks, and deliver secure, business-aligned solutions. Enhance your expertise and help organizations protect their most valuable assets.

 

Enjoy a 20% Rebate on Any Exam

For a limited time, IIBA members save 20%* on IIBA’s full suite of certification exams including, ECBA, CCBA, CBAP, IIBA-AAC, IIBA-CBDA, IIBA-CCA, and IIBA-CPOA when they purchase and write the exam between November 1 and December 30, 2024.

Not an IIBA Member? Purchase your membership here first to unlock this special offer.

Questions about the exam rebate? Learn more in the FAQs

Get Started

  

 

Boost Your Salary with IIBA-CCA Certification

 

Certificate in Cybersecurity Analysis (IIBA-CCA)

The IIBA-CCA equips professionals with vital cybersecurity analysis knowledge and skills through a robust learning and certification program.

 

 

The Certificate in Cybersecurity Analysis (IIBA-CCA) offers numerous advantages, particularly in enhancing your salary and advancing your career. Here’s how the IIBA-CCA certification can improve your earning potential: 

  • Higher Earnings: IIBA-CCA-certified professionals often command higher salaries compared to their non-certified counterparts. Employers highly value the certification as proof of your advanced knowledge and skills in cybersecurity analysis.
  • Improved Salary Negotiation: With an IIBA-CCA certification, you have a significant advantage during salary negotiations. The certification is recognized as a testament to your expertise, leading to better compensation offers.
  • Faster Promotions: The IIBA-CCA certification can accelerate your career progression, making you eligible for promotions and higher-level roles. Certified professionals are often considered for strategic positions, which come with increased salary prospects. 
  • Professional Recognition: The certification enhances your credibility and demonstrates your commitment to cybersecurity analysis, resulting in greater chances of receiving pay raises and career advancement opportunities. 
  • International Credibility: The IIBA-CCA certification is recognized globally, improving your job prospects in various regions. This global recognition can lead to job offers with higher salary ranges in different markets.
  • Industry Applicability: The skills and knowledge gained through IIBA-CCA certification are applicable across multiple industries. This versatility can open up diverse job roles with competitive salaries. 
  • High ROI: The investment in obtaining an IIBA-CCA certification is often recouped through salary increases and enhanced career opportunities. The financial and professional benefits make the certification a valuable investment.
  • Long-Term Career Benefits: Compared to other certifications, the IIBA-CCA offers long-term benefits in terms of salary growth and career sustainability. 
  • Employer Preference: Many employers prioritize IIBA-CCA-certified candidates for cybersecurity analysis positions. This preference can lead to higher salary offers and better job roles. 
  • Market Advantage: IIBA-CCA-certified professionals are better prepared to meet the demands of the job market. The certification ensures you have the necessary skills and knowledge to excel, making you a top choice for employers. 

I want to become a CCA professional now!

By obtaining the IIBA-CCA certification, you validate your cybersecurity analysis capabilities and position yourself for significant financial rewards and career growth. Invest in your future and maximize your salary potential with the IIBA-CCA certification.

Cybersecurity Analysis Certification Program

Industry Best Practices

Courses are presented by two leading experts in cybersecurity analysis and the learning material is aligned with leading industry standards in cybersecurity.

IIBA and IEEE Computer Society’s program provides the credibility of a joint certification and the opportunity to learn key cybersecurity concepts and tools business analysis professionals need to demonstrate core competencies.

 

 

A Reinvigorated Online Experience

 

Test Your Knowledge

The exam consists of 75 multiple choice, knowledge-based questions and must be completed within 90 minutes.

It is a live, online-delivered exam that requires a computer, webcam, microphone, and access to the Internet.

Find additional useful CCA exam information such as:

  • IIBA®- CCA Exam Competencies
  • IIBA®- CCA Exam Sample Questions
  • IIBA®- CCA Exam Blueprint
Explore Exam Resources

Cybersecurity Analysis Handbooks

The cybersecurity learning modules provide the basics of cybersecurity needed to assist in the overall cybersecurity solution. The comprehensive resources provide the essential concepts to assist in the overall cybersecurity solution.

To complement our Cybersecurity Analysis Certification (IIBA-CCA), the IIBA®-CCA Certification Handbook is now available. 

Read the Certification Handbook

Dynamic Multimedia

Upgraded video experience with improved accessibility (closed captioning), interactive “drag and drop”, “flip cards”, and “identify the markers” functionalities have been incorporated.

 

 

Cybersecurity Analysis Packages

Cybersecurity Analysis Online Materials & Exam Bundle

Best Value Option Includes:

  • PDF format
  • Online Modules
  • Exam Fee

    Note: IIBA exams are fully available online.

Special pricing for members when logged in.

Bundle: $550 (Non-Member)

IIBA members save 20%* until December 30! Join IIBA to unlock this special offer.

 

* All amounts are in USD currency. *Prices are subject to change without notice.

Cybersecurity Analysis Exam Only

This Includes:

  • Exam Fee

    Note: IIBA exams are fully available online.

Special pricing for members when logged in.

$400 (Non-Member)

IIBA members save 20%* until December 30! Join IIBA to unlock this special offer.

Cybersecurity Analysis Online Module Resources

This Includes:

  • PDF format
  • Online Modules

Special pricing for members when logged in.

$250 (Non-Member)

IIBA members save 20%* until December 30! Join IIBA to unlock this special offer.

Cybersecurity Analysis

An Overview: The Elements of Cybersecurity Analysis (Modules 1-9)

This member-exclusive PDF provides business professionals with a solid understanding of cybersecurity analysis and the essential concepts to assist in the overall cybersecurity solution.

Certificate in Cybersecurity Analysis Exam Resources

Certificate in Cybersecurity Analysis Competencies and Proficiency Levels per Knowledge Area


Definitions of skill and knowledge levels used:

Level 1 (CCA) - Practical Knowledge or General Awareness:

Limited practical experience. Expertise is developed in a safe, structured environment (small, less complex efforts) where guidance is both sought and provided

Basic Knowledge: Has a fundamental awareness of basic skills and knowledge involved in the work.

Understands: Recognizes the key elements of the work and why they are important. However, not expected to have the experience nor skill to execute

Follows Rules: Adheres to prescribed ways to complete the work but needs rules and guidelines to successfully execute.

The competency elements are grouped into eight Knowledge Areas:

/
1: Cybersecurity Overview and Basic Concepts

1.1 General Awareness: Understands the role of Business Analysis in Cybersecurity
1.2 Practical Knowledge: Follows Rules to conduct a stakeholder analysis
1.3 Practical Knowledge: Follows Rules using existing documentation to draft a RACI for a Cybersecurity project or program initiative
1.4 General Awareness: Understands how to locate the organization's security framework or model, or know that one does not yet exist
1.5 General Awareness: Understands what an Information Security Management System (ISMS) is and its objective
1.6 General Awareness: Understands what data privacy is
1.7 General Awareness: Understands the difference between an internal and external audit.
1.8 Practical Knowledge: Follows Rules and knows the difference between compliance and best practice

2: Enterprise Risk

2.1 General Awareness: Understands what a cyber risk is
2.2 General Awareness: Basic Knowledge of what a Cybersecurity Risk Assessment is
2.3 Practical Knowledge: Follows Rules for the inputs to a Business Case that BAs are typically responsible for
2.4 General Awareness: Understands what Disaster Recovery Plans and Business Continuity Plans are
2.5 Practical Knowledge: Follows Rules to develop a business process flow diagram, and identify steps along the path that present potential cybersecurity vulnerabilities

3: Cybersecurity Risks and Controls

3.1 General Awareness: Understands what Cybersecurity Controls are and where to find various versions
3.2 General Awareness: Understands the three attributes of secure information: confidentiality, integrity and availability
3.3 General Awareness: Understands the difference between a cyber threat and a cyber vulnerability
3.4 Practical Knowledge: Follows Rules to identify typical impacts of a cyber-attack to an organization

4: Securing the Layers

4.1 General Awareness: Understands that there are multiple layers of technology to protect
4.2 General Awareness: Understands what is meant by Endpoint Security

5: Data Security

5.1 General Awareness: Understands what Information Classification means
5.2 General Awareness: Understands what Information Categorization means
5.3 General Awareness: Understands what Data Security at Rest means
5.4 General Awareness: Understands what Data Security in Transit means
5.5 General Awareness: Understands what Encryption is
5.6 General Awareness: Understands what a Digital Signature is

6: User Access Control

6.1 Practical Knowledge: Follows Rules to set up authorization
6.2 General Awareness: Understands what authentication is
6.3 General Awareness: Understands what access control means
6.4 General Awareness: Understands what Privileged Account Management is
6.5 Practical Knowledge: Follows Rules and is familiar with key actions employees should take responsibility for to maintain security
6.6 General Awareness: Understands the principle of least privilege
6.7 Practical Knowledge: Follows Rules to elicit user access requirements

7: Solution Delivery

7.1 Practical Knowledge: Follows Rules to identify a Security Requirement when presented with a list of requirements
7.2 General Awareness: Understands what SaaS, IaaS and PaaS are
7.3 Practical Knowledge: Follows Rules to document a current state business process including current technology
7.4 General Awareness: Understands a target state business process for a cybersecurity initiative
7.5 Practical Knowledge: Follows Rules to map cybersecurity solution components back to security requirements

8: Operations

8.1 General Awareness: Understands how to create and maintain a risk log
8.2 General Awareness: Basic Knowledge of the four risk treatment options: Accept, Avoid, Transfer, Mitigate
8.3 General Awareness: Understands what residual risk is
8.4 General Awareness: Understands how to create a report template for Security metrics
8.5 General Awareness: Understands Root Cause Analysis

Certificate in Cybersecurity Analysis Exam Sample Questions

/
1. What risk attribute must be tracked on a Risk Log to ensure someone is held accountable for the risk?

A) Risk Response Plan.
B) Risk Owner.
C) Risk Category.
D) Risk Score.

2. What is the difference between a policy and a standard for cybersecurity?

A) A policy defines objectives and governance; a standard describes how to implement policies through specific controls.
B) A policy is a guideline, whereas a standard must be followed.
C) Policies are internal to the enterprise; standards are mandated by external regulators.
D) Standards define what an enterprise must do, whereas policies describe how a standard is implemented.

3. The business case for cybersecurity support should include:

A) Assessment of potential providers and a ranking of their capabilities.
B) Implementation plans describing outsourcing arrangements.
C) Analysis of potential risks, including the probability and impact of the risk.
D) Detailed metrics that will be used to assess the performance of the selected vendor.

4. Examples of encryption technology controls for data in transit are:

A) information categorization and multi-factor authentication.
B) cryptographic policy management and training.
C) concurrent session control and firewalls.
D) hardware security modules and certificate authorities.

5. The law of diminishing returns needs to be considered as the:

A) cost can decrease exponentially along with the returns.
B) cost can decrease exponentially while the returns may not.
C) cost can increase exponentially while the returns may not.
D) cost can increase exponentially along with the returns.

6. Application Programming Interface (API) is a mechanism:

A) for calling functions usually real-time.
B) for accessing databases usually overnight.
C) for triggering operations usually real-time.
D) for initiating updates usually overnight.

7. What is benchmarking?

A) A survey of the market.
B) A comparison of practices or results to those of other organizations.
C) A risk assessment method that compares vulnerabilities to known attacks on other peer organizations.
D) A way to identify and implement innovative practices not found in other organizations.

8. In Security Engineering, the Business Analyst's role is to represent the enterprise-level security requirements, to ensure that:

A) the architecture and designs align with the organization's core goals and strategic direction.
B) employees are trained to recognize phishing attacks.
C) a control framework is in place.
D) an organizational risk assessment includes assets used by engineering teams.

9. A certificate chain is a series of certificates issued by successive 'Certificate Authorities' that trace a path of certificates

A) from the branch in the hierarchy to a leaf in the hierarchy.
B) from a leaf in the hierarchy to the branch in the hierarchy.
C) from the root in the hierarchy to a branch in the hierarchy.
D) from a branch in the hierarchy to the root of the hierarchy.

10. Root cause analysis is used to:

A) monitor ongoing, problematic data access.
B) secure information stored in databases.
C) eliminate threats.
D) identify classification categories.

11. What is the primary purpose of bolstering the physical security of IT assets?

A) To preserve the cost that was invested in those IT assets.
B) To protect the data and information within the IT assets where it is stored and transmitted.
C) To comply with the regulations.
D) To match what the peer companies are doing.

12. What type of access is granted for groups of employees based on job classification and function?

A) Information Classification.
B) Role Based Access.
C) Preferred Access.
D) Shared Account.

13. The amount of risk an organization requires to meet their goals is called:

A) risk appetite.
B) vulnerability impact.
C) risk management.
D) risk capacity.

14. Which principle should be followed when gathering access control requirements?

A) Principle of Least Privilege.
B) Principle of Defense in Depth.
C) Principle of Thinking Evil.
D) Principle of Simplicity.

15. Unchecked user input is a cause of vulnerabilities because:

A) the users may be able to exploit a bug.
B) the user may have malware installed on their computer that will be able to intercept information.
C) it may allow unintended direct execution of commands.
D) passwords may be easily guessed by outsiders.

1. B)
2. A)
3. C)
4. D)
5. C)
6. A)
7. B)
8. A)
9. D)
10. C)
11. B)
12. B)
13. D)
14. A)
15. C)

Certificate in Cybersecurity Analysis Exam Blueprint

/
Cybersecurity Overview and Basic Concepts 14%
Enterprise Risk 14%
Cybersecurity Risks and Controls 12%
Securing the Layers 5%
Data Security 15%
User Access Control 15%
Solution Delivery 13%
Operations 12%

Endorsed Business Analysis Education and Training

IIBA endorses education and training delivered by EEPs and Academic Members to support the ongoing development of business analysis professionals from entry level to seniority.

Find Endorsed Education and Training

Upcoming Certification Exam Preparation Courses

How To Ask Your Employer To Invest In Business Analyst Career Development

71% of respondents report their employer pays for training and professional development - 2020 Global Business Analysis Salary Survey

Step1-light.jpg
Step2-light.jpg
Step3-light.jpg
Step4-light.jpg
 

Business Analysis Career Resources

Business Analysis Resources

A curated body of knowledge dedicated to advancing your career in business analysis to create better business outcomes for your organization.
take advantage

Develop Your Business Analysis Career

It's important for you to know what your options are and pursue opportunities for experience, training, and certification that will take you to where you want to go.
Professional Growth Starts Here

Business Analysis Specialization

Business analysis professionals come from many different backgrounds and fulfill different needs to deliver the best business outcome for their organization. Find the resources you need for best practices and specializations relevant to business analysis in today’s transformative world.
Get Started

*Terms & Conditions:

The 20% exam rebate offer applies to IIBA members in good standing, and who purchase and write the following exams: ECBA™, CCBA®, CBAP®, IIBA®-AAC, IIBA®-CBDA, IIBA®-CCA, and IIBA®-CPOA, between November 1 and December 30, 2024, 11:59 PM, Eastern Time (ET). This promotion only applies to new purchases made during the promotional period. The exam cannot be taken on the same day as the exam purchase. The exam fulfillment provider determines exam scheduling availability. The rebate applies to exam fees and exam rewrite fees only. Only payments made via credit card are eligible for the rebate and refunds will be applied in USD after the exam is completed, with processing taking up to January 15, 2025. Currency exchange rates fluctuate daily, so the refunded amount may differ slightly based on exchange rates. The exam rebate applies only to the exam portion of the IIBA®-CCA and IIBA®-CPOA bundled prices. Non-members are welcome to take advantage of this discount by first becoming an IIBA member before making their eligible purchase and exam booking. The offer does not apply to bulk or volume purchase agreements (VPAs), or members of the partner program (formerly the corporate program). The offer may not be used in conjunction with any other promotional code, discount, or offer. This offer is subject to change without notice. Certain exclusions may apply.