Home Page Icon
Home Page
Table of Contents for
Cover Page
Close
Cover Page
by Peter H. Gregory
CISA® Certified Information Systems Auditor All-in-One Exam Guide
Cover Page
CISA Certified Information Systems Auditor All-in-One Exam Guide
Copyright Page
CD Page
Contents at a Glance
Contents
Acknowledgments
Introduction
Chapter 2 IT Governance and Risk Management
Practices for Executives and Board of Directors
IT Governance
IT Strategy Committee
The Balanced Scorecard
Information Security Governance
Enterprise Architecture
IT Strategic Planning
The IT Steering Committee
Policy, Processes, Procedures, and Standards
Information Security Policy
Privacy Policy
Procedures
Standards
Risk Management
The Risk Management Program
The Risk Management Process
Risk Treatment
IT Management Practices
Personnel Management
Sourcing
Change Management
Financial Management
Quality Management
Security Management
Optimizing Performance
Organization Structure and Responsibilities
Roles and Responsibilities
Segregation of Duties
Auditing IT Governance
Reviewing Documentation and Records
Reviewing Contracts
Reviewing Outsourcing
Summary
Notes
Questions
Answers
Chapter 3 The Audit Process
Audit Management
The Audit Charter
The Audit Program
Strategic Audit Planning
Audit and Technology
Audit Laws and Regulations
ISACA Auditing Standards
ISACA Code of Professional Ethics
ISACA Audit Standards
ISACA Audit Guidelines
ISACA Audit Procedures
Risk Analysis
Auditors’ Risk Analysis and the Corporate Risk Management Program
Evaluating Business Processes
Identifying Business Risks
Risk Mitigation
Countermeasures Assessment
Monitoring
Internal Controls
Control Classification
Internal Control Objectives
IS Control Objectives
General Computing Controls
IS Controls
Performing an Audit
Audit Objectives
Types of Audits
Compliance vs. Substantive Testing
Audit Methodology
Audit Evidence
Computer-Assisted Audit
Reporting Audit Results
Other Audit Topics
Using External Auditors
Control Self-Assessment
Advantages and Disadvantages
The Self-Assessment Life Cycle
Self-Assessment Objectives
Auditors and Self-Assessment
Implementation of Audit Recommendations
Notes
Summary
Questions
Answers
Chapter 4 IT Life-Cycle Management
Business Realization
Portfolio and Program Management
Business Case Development
Measuring Business Benefits
Project Management
Organizing Projects
Developing Project Objectives
Managing Projects
Project Roles and Responsibilities
Project Planning
Project Management Methodologies
The Software Development Life Cycle (SDLC)
SDLC Phases
Software Development Risks
Alternative Software Development Approaches and Techniques
System Development Tools
Infrastructure Development and Implementation
Infrastructure
Maintaining Information Systems
The Change Management Process
Configuration Management
Business Processes
The Business Process Life Cycle (BPLC)
Capability Maturity Models
Application Controls
Input Controls
Processing Controls
Output Controls
Auditing the Software Development Life Cycle
Auditing Project Management
Auditing the Feasibility Study
Auditing Requirements
Auditing Design
Auditing Software Acquisition
Auditing Development
Auditing Testing
Auditing Implementation
Auditing Post-Implementation
Auditing Change Management
Auditing Configuration Management
Auditing Business Controls
Auditing Application Controls
Transaction Flow
Observations
Data Integrity Testing
Testing Online Processing Systems
Auditing Applications
Continuous Auditing
Summary
Notes
Questions
Answers
Chapter 5 IT Service Delivery and Infrastructure
Information Systems Operations
Management and Control of Operations
IT Service Management
Infrastructure Operations
Monitoring
Software Program Library Management
Quality Assurance
Security Management
Information Systems Hardware
Computer Usage
Computer Hardware Architecture
Hardware Maintenance
Hardware Monitoring
Information Systems Architecture and Software
Computer Operating Systems
Data Communications Software
File Systems
Database Management Systems
Media Management Systems
Utility Software
Network Infrastructure
Network Architecture
Network-Based Services
Network Models
Network Technologies
Local Area Networks
Wide Area Networks
Wireless Networks
The TCP/IP Suite of Protocols
The Global Internet
Network Management
Networked Applications
Auditing IS Infrastructure and Operations
Auditing IS Hardware
Auditing Operating Systems
Auditing File Systems
Auditing Database Management Systems
Auditing Network Infrastructure
Auditing Network Operating Controls
Auditing IS Operations
Auditing Lights-Out Operations
Auditing Problem Management Operations
Auditing Monitoring Operations
Auditing Procurement
Questions
Answers
Chapter 6 Information Asset Protection
Information Security Management
Aspects of Information Security Management
Roles and Responsibilities
Asset Inventory and Classification
Access Controls
Privacy
Third-Party Management
Human Resources Security
Computer Crime
Security Incident Management
Forensic Investigations
Logical Access Controls
Access Control Concepts
Access Control Models
Threats
Vulnerabilities
Access Points and Methods of Entry
Identification, Authentication, and Authorization
Protecting Stored Information
Managing User Access
Protecting Mobile Devices
Network Security Controls
Network Security
Securing Client-Server Applications
Securing Wireless Networks
Protecting Internet Communications
Encryption
Voice over IP (VoIP)
Private Branch Exchange (PBX)
Malware
Information Leakage
Environmental Controls
Environmental Threats and Vulnerabilities
Environmental Controls and Countermeasures
Physical Security Controls
Physical Access Threats and Vulnerabilities
Physical Access Controls and Countermeasures
Auditing Asset Protection
Auditing Security Management
Auditing Logical Access Controls
Auditing Network Security Controls
Auditing Environmental Controls
Auditing Physical Security Controls
Notes
Summary
Questions
Answers
Appendix A Conducting a Professional Audit
Introduction
Understanding the Audit Cycle
How the Information Systems Audit Cycle Is Discussed
Use of the Word “Client” in This Appendix
Overview of the IS Audit Cycle
IS Audit Cycle at a High Level
Project Origination
Engagement Letters (“Contracts”) and Audit Charters
Ethics and Independence
Launching a New Project: Planning an Audit
Understanding the Client’s Needs
Performing a Risk Assessment
Audit Methodology
Developing the Audit Plan
Gathering Information—“PBC” Lists
A Client’s Preparedness for an Audit
Developing Audit Objectives
Developing the Scope of an Audit
Developing a Testing Plan
Understand the Controls Environment
Perform a Pre-audit (or “Readiness Assessment”)
Organize a Testing Plan
Resource Planning for the Audit Team
Project Execution
Project Planning with the Client
Gathering Testing Evidence
Launching Testing
Performing Tests of Control Existence
Perform Testing of Control Operating Effectiveness
Discovering Testing Exceptions
Discovering Incidents Requiring Immediate Attention
Materiality of Exceptions
Developing Audit Opinions
Developing Audit Recommendations
Managing Supporting Documentation
Delivering Final Reports
Writing the Report
Solicitation of Management’s Response
Audit Closing Procedures
Audit Checklists
Delivery of the Report
Final Sign-off with the Client
Audit Follow-up
Retesting the Previous Period’s Failed Controls
Follow-up on Management’s Action Plans to Remediate Control Failures
Client Feedback and Evaluations
Appendix B Popular Methodologies, Frameworks, and Guidance
Common Terms and Concepts
Governance
Goals, Objectives, Strategies
Processes
Capability Maturity Models
Controls
The Deming Cycle
Projects
Frameworks, Methodologies, and Guidance
COSO Internal Control Integrated Framework
COBIT
GTAG
GAIT
ISF Standard of Good Practice
ISO/IEC 27001 and 27002
ITIL
PMBOK
PRINCE2
Summary of Frameworks
Pointers for Successful Use of Frameworks
Summary
Appendix C About the CD
System Requirements
Installing and Running MasterExam
MasterExam
Electronic Book
Help
Removing Installation(s)
Technical Support
LearnKey Technical Support
Glossary
Index
Media Center Page
Search in book...
Toggle Font Controls
Playlists
Add To
Create new playlist
Name your new playlist
Playlist description (optional)
Cancel
Create playlist
Sign In
Email address
Password
Forgot Password?
Create account
Login
or
Continue with Facebook
Continue with Google
Sign Up
Full Name
Email address
Confirm Email Address
Password
Login
Create account
or
Continue with Facebook
Continue with Google
Next
Next Chapter
CISA® Certified Information Systems Auditor All-in-One Exam Guide
Add Highlight
No Comment
..................Content has been hidden....................
You can't read the all page of ebook, please click
here
login for view all page.
Day Mode
Cloud Mode
Night Mode
Reset