0%

Book Description

Publisher's Note: Products purchased from Third Party sellers are not guaranteed by the publisher for quality, authenticity, or access to any online entitlements included with the product.


This up-to-date self-study system delivers complete coverage of every topic on the 2019 version of the CISA exam

The latest edition of this trusted resource offers complete,up-to-date coverage of all the material included on the latest release of the Certified Information Systems Auditor exam. Written by an IT security and audit expert, CISA Certified Information Systems Auditor All-in-One Exam Guide, Fourth Edition covers all five exam domains developed by ISACA®. You’ll find learning objectives at the beginning of each chapter, exam tips, practice exam questions, and in-depth explanations. Designed to help you pass the CISA exam with ease, this comprehensive guide also serves as an essential on-the-job reference for new and established IS auditors.

COVERS ALL EXAM TOPICS, INCLUDING:

• IT governance and management
• Information systems audit process
• IT service delivery and infrastructure
• Information asset protection

Online content includes:

• 300 practice exam questions
• Test engine that provides full-length practice exams and customizable quizzes by exam topic

Table of Contents

  1. Cover
  2. ABOUT THE AUTHOR
  3. Title Page
  4. Copyright Page
  5. Dedication
  6. CONTENTS AT A GLANCE
  7. CONTENTS
  8. Acknowledgments
  9. Introduction
  10. Chapter 1 Becoming a CISA
    1. Benefits of CISA Certification
    2. The CISA Certification Process
      1. Experience Requirements
    3. ISACA Code of Professional Ethics
    4. ISACA IS Standards
    5. The Certification Exam
    6. Exam Preparation
      1. Before the Exam
      2. Day of the Exam
      3. After the Exam
    7. Applying for CISA Certification
    8. Retaining Your CISA Certification
      1. Continuing Education
      2. CPE Maintenance Fees
    9. Revocation of Certification
    10. CISA Exam Preparation Pointers
    11. Summary
  11. Chapter 2 IT Governance and Management
    1. IT Governance Practices for Executives and Boards of Directors
      1. IT Governance
      2. IT Governance Frameworks
      3. IT Strategy Committee
      4. The Balanced Scorecard
      5. Information Security Governance
    2. IT Strategic Planning
      1. The IT Steering Committee
    3. Policies, Processes, Procedures, and Standards
      1. Information Security Policy
      2. Privacy Policy
      3. Data Classification Policy
      4. System Classification Policy
      5. Site Classification Policy
      6. Access Control Policy
      7. Mobile Device Policy
      8. Social Media Policy
      9. Other Policies
      10. Processes and Procedures
      11. Standards
      12. Enterprise Architecture
      13. Applicable Laws, Regulations, and Standards
    4. Risk Management
      1. The Risk Management Program
      2. The Risk Management Process
      3. Risk Treatment
    5. IT Management Practices
      1. Personnel Management
      2. Sourcing
      3. Change Management
      4. Financial Management
      5. Quality Management
      6. Portfolio Management
      7. Controls Management
      8. Security Management
      9. Performance and Capacity Management
    6. Organization Structure and Responsibilities
      1. Roles and Responsibilities
      2. Segregation of Duties
    7. Auditing IT Governance
      1. Auditing Documentation and Records
      2. Auditing Contracts
      3. Auditing Outsourcing
    8. Chapter Review
      1. Quick Review
      2. Questions
      3. Answers
  12. Chapter 3 The Audit Process
    1. Audit Management
      1. The Audit Charter
      2. The Audit Program
      3. Strategic Audit Planning
      4. Audit and Technology
      5. Audit Laws and Regulations
    2. ISACA Auditing Standards
      1. ISACA Code of Professional Ethics
      2. ISACA Audit and Assurance Standards
      3. ISACA Audit and Assurance Guidelines
    3. Risk Analysis
      1. Auditors’ Risk Analysis and the Corporate Risk Management Program
      2. Evaluating Business Processes
      3. Identifying Business Risks
      4. Risk Mitigation
      5. Countermeasures Assessment
      6. Monitoring
    4. Controls
      1. Control Classification
      2. Internal Control Objectives
      3. IS Control Objectives
      4. General Computing Controls
      5. IS Controls
    5. Performing an Audit
      1. Audit Objectives
      2. Types of Audits
      3. Compliance vs. Substantive Testing
      4. Audit Methodology and Project Management
      5. Audit Evidence
      6. Reliance on the Work of Other Auditors
      7. Audit Data Analytics
      8. Reporting Audit Results
      9. Other Audit Topics
    6. Control Self-Assessment
      1. CSA Advantages and Disadvantages
      2. The CSA Life Cycle
      3. Self-Assessment Objectives
      4. Auditors and Self-Assessment
    7. Implementation of Audit Recommendations
    8. Chapter Review
      1. Quick Review
      2. Questions
      3. Answers
  13. Chapter 4 IT Life Cycle Management
    1. Benefits Realization
      1. Portfolio and Program Management
      2. Business Case Development
      3. Measuring Business Benefits
    2. Project Management
      1. Organizing Projects
      2. Developing Project Objectives
      3. Managing Projects
      4. Project Roles and Responsibilities
      5. Project Planning
      6. Project Management Methodologies
    3. The Systems Development Life Cycle (SDLC)
      1. SDLC Phases
      2. Software Development Risks
      3. Alternative Software Development Approaches and Techniques
      4. System Development Tools
      5. Acquiring Cloud-Based Infrastructure and Applications
    4. Infrastructure Development and Implementation
      1. Review of Existing Architecture
      2. Requirements
      3. Design
      4. Procurement
      5. Testing
      6. Implementation
      7. Maintenance
    5. Maintaining Information Systems
      1. Change Management
      2. Configuration Management
    6. Business Processes
      1. The Business Process Life Cycle and Business Process Reengineering
      2. Capability Maturity Models
    7. Managing Third Parties
      1. Risk Factors
      2. Onboarding and Due Diligence
      3. Classification
      4. Assessment
      5. Remediation
      6. Risk Reporting
    8. Application Controls
      1. Input Controls
      2. Processing Controls
      3. Output Controls
    9. Auditing the Systems Development Life Cycle
      1. Auditing Program and Project Management
      2. Auditing the Feasibility Study
      3. Auditing Requirements
      4. Auditing Design
      5. Auditing Software Acquisition
      6. Auditing Development
      7. Auditing Testing
      8. Auditing Implementation
      9. Auditing Post-Implementation
      10. Auditing Change Management
      11. Auditing Configuration Management
    10. Auditing Business Controls
    11. Auditing Application Controls
      1. Transaction Flow
      2. Observations
      3. Data Integrity Testing
      4. Testing Online Processing Systems
      5. Auditing Applications
      6. Continuous Auditing
    12. Auditing Third-Party Risk Management
    13. Chapter Review
      1. Quick Review
      2. Questions
      3. Answers
  14. Chapter 5 IT Service Management and Continuity
    1. Information Systems Operations
      1. Management and Control of Operations
      2. IT Service Management
      3. IT Operations and Exception Handling
      4. End-User Computing
      5. Software Program Library Management
      6. Quality Assurance
      7. Security Management
      8. Media Control
      9. Data Management
    2. Information Systems Hardware
      1. Computer Usage
      2. Computer Hardware Architecture
      3. Hardware Maintenance
      4. Hardware Monitoring
    3. Information Systems Architecture and Software
      1. Computer Operating Systems
      2. Data Communications Software
      3. File Systems
      4. Database Management Systems
      5. Media Management Systems
      6. Utility Software
      7. Software Licensing
      8. Digital Rights Management
    4. Network Infrastructure
      1. Enterprise Architecture
      2. Network Architecture
      3. Network-Based Services
      4. Network Models
      5. Network Technologies
    5. Business Resilience
      1. Business Continuity Planning
      2. Disaster Recovery Planning
    6. Auditing IT Infrastructure and Operations
      1. Auditing Information Systems Hardware
      2. Auditing Operating Systems
      3. Auditing File Systems
      4. Auditing Database Management Systems
      5. Auditing Network Infrastructure
      6. Auditing Network Operating Controls
      7. Auditing IT Operations
      8. Auditing Lights-Out Operations
      9. Auditing Problem Management Operations
      10. Auditing Monitoring Operations
      11. Auditing Procurement
      12. Auditing Business Continuity Planning
      13. Auditing Disaster Recovery Planning
    7. Chapter Review
      1. Quick Review
      2. Questions
      3. Answers
  15. Chapter 6 Information Asset Protection
    1. Information Security Management
      1. Aspects of Information Security Management
      2. Roles and Responsibilities
      3. Business Alignment
      4. Asset Inventory and Classification
      5. Access Controls
      6. Privacy
      7. Third-Party Management
      8. Human Resources Security
      9. Computer Crime
      10. Security Incident Management
      11. Forensic Investigations
    2. Logical Access Controls
      1. Access Control Concepts
      2. Access Control Models
      3. Access Control Threats
      4. Access Control Vulnerabilities
      5. Access Points and Methods of Entry
      6. Identification, Authentication, and Authorization
      7. Protecting Stored Information
      8. Managing User Access
      9. Protecting Mobile Computing
    3. Network Security Controls
      1. Network Security
      2. IoT Security
      3. Securing Client-Server Applications
      4. Securing Wireless Networks
      5. Protecting Internet Communications
      6. Encryption
      7. Voice over IP
      8. Private Branch Exchange
      9. Malware
      10. Information Leakage
    4. Environmental Controls
      1. Environmental Threats and Vulnerabilities
      2. Environmental Controls and Countermeasures
    5. Physical Security Controls
      1. Physical Access Threats and Vulnerabilities
      2. Physical Access Controls and Countermeasures
    6. Auditing Asset Protection
      1. Auditing Security Management
      2. Auditing Logical Access Controls
      3. Auditing Network Security Controls
      4. Auditing Environmental Controls
      5. Auditing Physical Security Controls
    7. Chapter Review
      1. Quick Review
      2. Questions
      3. Answers
  16. Appendix A Conducting a Professional Audit
    1. Understanding the Audit Cycle
    2. How the IS Audit Cycle Is Discussed
      1. “Client” and Other Terms in This Appendix
    3. Overview of the IS Audit Cycle
      1. Project Origination
      2. Engagement Letters and Audit Charters
      3. Ethics and Independence
      4. Launching a New Project: Planning an Audit
      5. Developing the Audit Plan
      6. Developing a Test Plan
      7. Performing a Pre-Audit (or Readiness Assessment)
      8. Organizing a Testing Plan
      9. Resource Planning for the Audit Team
      10. Performing Control Testing
      11. Developing Audit Opinions
      12. Developing Audit Recommendations
      13. Managing Supporting Documentation
      14. Delivering Audit Results
      15. Management Response
      16. Audit Closing Procedures
      17. Audit Follow-up
    4. Summary
  17. Appendix B Popular Methodologies, Frameworks, and Guidance
    1. Common Terms and Concepts
      1. Governance
      2. Goals, Objectives, and Strategies
      3. Processes
      4. Capability Maturity Models
      5. Controls
      6. The Deming Cycle
      7. Projects
    2. Frameworks, Methodologies, and Guidance
      1. Business Model for Information Security (BMIS)
      2. COSO Internal Control – Integrated Framework
      3. COBIT
      4. GTAG
      5. GAIT
      6. ISF Standard of Good Practice for Information Security
      7. ISO/IEC 27001 and 27002
      8. NIST SP 800-53 and NIST SP 800-53A
      9. NIST Cybersecurity Framework
      10. Payment Card Industry Data Security Standard
      11. CIS Controls
      12. IT Assurance Framework
      13. ITIL
      14. PMBOK Guide
      15. PRINCE2
      16. Risk IT
      17. Val IT
      18. Summary of Frameworks
      19. Pointers for Successful Use of Frameworks
    3. Notes
    4. References
  18. Appendix C About the Online Content
    1. System Requirements
    2. Your Total Seminars Training Hub Account
      1. Privacy Notice
    3. Single User License Terms and Conditions
    4. TotalTester Online
    5. Technical Support
  19. Glossary
  20. Index
18.212.242.203