Sign up to save your podcasts
Or
Share Episode 14 – The MFA Token That Still Worked After a Device Reset | CISA Domain 5: Authentication & Access Controls
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Episode 14 – The MFA Token That Still Worked After a Device Reset | CISA Domain 5: Authentication & Access Controls
CISA Domain 5: Authentication & Access Controls
This episode is part of the CISA Audit Judgment Series — a structured, scenario-based learning path focused on Domains 4 and 5, the highest-weighted sections of the CISA exam.
In this episode, we examine a scenario where a user resets their mobile device — but their old MFA token continues to authenticate across multiple systems. While the technology appears to work, the underlying governance has failed. This situation reveals a critical weakness in MFA lifecycle controls, token revocation, and identity assurance.
You’ll learn:
✔ Why MFA lifecycle governance is a major CISA Domain 5 topic
✔ Why technical fixes are not the point — governance is
✔ How junior auditors interpret authentication failures vs. how audit leaders see them
✔ What evidence auditors must review for MFA and IAM audits
✔ How to evaluate token issuance, revocation, and multi-system integration
✔ How to identify systemic IAM weaknesses using a CISA exam mindset
✔ The real risk when old credentials continue to authenticate
This episode blends CISA exam reasoning with real audit leadership judgment — the foundation of the CyberLex Audit Judgment Series.
If you’re preparing for CISA or sharpening your audit judgment,
explore the CISA Gold Standard Series by M.G. Vance on Amazon.
📘 Amazon link: https://www.amazon.com/dp/B0FX526S3V
We don’t just help you pass.
We prepare you to become formidable in the field.
View all episodes
By M.G. VanceCISA Domain 5: Authentication & Access Controls
This episode is part of the CISA Audit Judgment Series — a structured, scenario-based learning path focused on Domains 4 and 5, the highest-weighted sections of the CISA exam.
In this episode, we examine a scenario where a user resets their mobile device — but their old MFA token continues to authenticate across multiple systems. While the technology appears to work, the underlying governance has failed. This situation reveals a critical weakness in MFA lifecycle controls, token revocation, and identity assurance.
You’ll learn:
✔ Why MFA lifecycle governance is a major CISA Domain 5 topic
✔ Why technical fixes are not the point — governance is
✔ How junior auditors interpret authentication failures vs. how audit leaders see them
✔ What evidence auditors must review for MFA and IAM audits
✔ How to evaluate token issuance, revocation, and multi-system integration
✔ How to identify systemic IAM weaknesses using a CISA exam mindset
✔ The real risk when old credentials continue to authenticate
This episode blends CISA exam reasoning with real audit leadership judgment — the foundation of the CyberLex Audit Judgment Series.
If you’re preparing for CISA or sharpening your audit judgment,
explore the CISA Gold Standard Series by M.G. Vance on Amazon.
📘 Amazon link: https://www.amazon.com/dp/B0FX526S3V
We don’t just help you pass.
We prepare you to become formidable in the field.