CONTENTS

Search in book...
Toggle Font Controls
Create new playlist

Name your new playlist

Playlist description (optional)
Sign In

Email address

Password

Forgot Password?

or

Continue with Facebook

Continue with Google
Sign Up

Full Name

Email address

Confirm Email Address

Password

or

Continue with Facebook

Continue with Google

Previous Chapter

CONTENTS AT A GLANCE

CISA® Certified Information Systems Auditor All-in-One Exam Guide, Fourth Edition

CONTENTS

Acknowledgments

Chapter 1 Becoming a CISA

Benefits of CISA Certification

The CISA Certification Process

Experience Requirements

ISACA Code of Professional Ethics

ISACA IS Standards

The Certification Exam

Exam Preparation

Before the Exam

Day of the Exam

Applying for CISA Certification

Retaining Your CISA Certification

Continuing Education

CPE Maintenance Fees

Revocation of Certification

CISA Exam Preparation Pointers

Chapter 2 IT Governance and Management

IT Governance Practices for Executives and Boards of Directors

IT Governance Frameworks

IT Strategy Committee

The Balanced Scorecard

Information Security Governance

IT Strategic Planning

The IT Steering Committee

Policies, Processes, Procedures, and Standards

Information Security Policy

Data Classification Policy

System Classification Policy

Site Classification Policy

Access Control Policy

Mobile Device Policy

Social Media Policy

Processes and Procedures

Enterprise Architecture

Applicable Laws, Regulations, and Standards

Risk Management

The Risk Management Program

The Risk Management Process

IT Management Practices

Personnel Management

Change Management

Financial Management

Quality Management

Portfolio Management

Controls Management

Security Management

Performance and Capacity Management

Organization Structure and Responsibilities

Roles and Responsibilities

Segregation of Duties

Auditing IT Governance

Auditing Documentation and Records

Auditing Contracts

Auditing Outsourcing

Chapter 3 The Audit Process

Audit Management

The Audit Charter

The Audit Program

Strategic Audit Planning

Audit and Technology

Audit Laws and Regulations

ISACA Auditing Standards

ISACA Code of Professional Ethics

ISACA Audit and Assurance Standards

ISACA Audit and Assurance Guidelines

Auditors’ Risk Analysis and the Corporate Risk Management Program

Evaluating Business Processes

Identifying Business Risks

Risk Mitigation

Countermeasures Assessment

Control Classification

Internal Control Objectives

IS Control Objectives

General Computing Controls

Performing an Audit

Audit Objectives

Types of Audits

Compliance vs. Substantive Testing

Audit Methodology and Project Management

Reliance on the Work of Other Auditors

Audit Data Analytics

Reporting Audit Results

Other Audit Topics

Control Self-Assessment

CSA Advantages and Disadvantages

The CSA Life Cycle

Self-Assessment Objectives

Auditors and Self-Assessment

Implementation of Audit Recommendations

Chapter 4 IT Life Cycle Management

Benefits Realization

Portfolio and Program Management

Business Case Development

Measuring Business Benefits

Project Management

Organizing Projects

Developing Project Objectives

Managing Projects

Project Roles and Responsibilities

Project Planning

Project Management Methodologies

The Systems Development Life Cycle (SDLC)

Software Development Risks

Alternative Software Development Approaches and Techniques

System Development Tools

Acquiring Cloud-Based Infrastructure and Applications

Infrastructure Development and Implementation

Review of Existing Architecture

Maintaining Information Systems

Change Management

Configuration Management

Business Processes

The Business Process Life Cycle and Business Process Reengineering

Capability Maturity Models

Managing Third Parties

Onboarding and Due Diligence

Application Controls

Processing Controls

Output Controls

Auditing the Systems Development Life Cycle

Auditing Program and Project Management

Auditing the Feasibility Study

Auditing Requirements

Auditing Design

Auditing Software Acquisition

Auditing Development

Auditing Testing

Auditing Implementation

Auditing Post-Implementation

Auditing Change Management

Auditing Configuration Management

Auditing Business Controls

Auditing Application Controls

Transaction Flow

Data Integrity Testing

Testing Online Processing Systems

Auditing Applications

Continuous Auditing

Auditing Third-Party Risk Management

Chapter 5 IT Service Management and Continuity

Information Systems Operations

Management and Control of Operations

IT Service Management

IT Operations and Exception Handling

End-User Computing

Software Program Library Management

Quality Assurance

Security Management

Data Management

Information Systems Hardware

Computer Hardware Architecture

Hardware Maintenance

Hardware Monitoring

Information Systems Architecture and Software

Computer Operating Systems

Data Communications Software

Database Management Systems

Media Management Systems

Utility Software

Software Licensing

Digital Rights Management

Network Infrastructure

Enterprise Architecture

Network Architecture

Network-Based Services

Network Technologies

Business Resilience

Business Continuity Planning

Disaster Recovery Planning

Auditing IT Infrastructure and Operations

Auditing Information Systems Hardware

Auditing Operating Systems

Auditing File Systems

Auditing Database Management Systems

Auditing Network Infrastructure

Auditing Network Operating Controls

Auditing IT Operations

Auditing Lights-Out Operations

Auditing Problem Management Operations

Auditing Monitoring Operations

Auditing Procurement

Auditing Business Continuity Planning

Auditing Disaster Recovery Planning

Chapter 6 Information Asset Protection

Information Security Management

Aspects of Information Security Management

Roles and Responsibilities

Business Alignment

Asset Inventory and Classification

Access Controls

Third-Party Management

Human Resources Security

Security Incident Management

Forensic Investigations

Logical Access Controls

Access Control Concepts

Access Control Models

Access Control Threats

Access Control Vulnerabilities

Access Points and Methods of Entry

Identification, Authentication, and Authorization

Protecting Stored Information

Managing User Access

Protecting Mobile Computing

Network Security Controls

Network Security

Securing Client-Server Applications

Securing Wireless Networks

Protecting Internet Communications

Private Branch Exchange

Information Leakage

Environmental Controls

Environmental Threats and Vulnerabilities

Environmental Controls and Countermeasures

Physical Security Controls

Physical Access Threats and Vulnerabilities

Physical Access Controls and Countermeasures

Auditing Asset Protection

Auditing Security Management

Auditing Logical Access Controls

Auditing Network Security Controls

Auditing Environmental Controls

Auditing Physical Security Controls

Appendix A Conducting a Professional Audit

Understanding the Audit Cycle

How the IS Audit Cycle Is Discussed

“Client” and Other Terms in This Appendix

Overview of the IS Audit Cycle

Project Origination

Engagement Letters and Audit Charters

Ethics and Independence

Launching a New Project: Planning an Audit

Developing the Audit Plan

Developing a Test Plan

Performing a Pre-Audit (or Readiness Assessment)

Organizing a Testing Plan

Resource Planning for the Audit Team

Performing Control Testing

Developing Audit Opinions

Developing Audit Recommendations

Managing Supporting Documentation

Delivering Audit Results

Management Response

Audit Closing Procedures

Audit Follow-up

Appendix B Popular Methodologies, Frameworks, and Guidance

Common Terms and Concepts

Goals, Objectives, and Strategies

Capability Maturity Models

The Deming Cycle

Frameworks, Methodologies, and Guidance

Business Model for Information Security (BMIS)

COSO Internal Control – Integrated Framework

ISF Standard of Good Practice for Information Security

ISO/IEC 27001 and 27002

NIST SP 800-53 and NIST SP 800-53A

NIST Cybersecurity Framework

Payment Card Industry Data Security Standard

IT Assurance Framework

Summary of Frameworks

Pointers for Successful Use of Frameworks

Appendix C About the Online Content

System Requirements

Your Total Seminars Training Hub Account

Single User License Terms and Conditions

TotalTester Online

Technical Support

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.

3.17.174.204