Table of Contents
Introduction
How This Book Helps You
About the CISA Exam
CISA Exam Objectives
How to Prepare for the Exam
Additional Exam-Preparation Resources
Practice Tests
What This Book Does
What This Book Does Not Do
Contacting the Author
About the Book
Instructional Features
Extensive Practice Test Options
Final Preparation
Final Words of Wisdom
Study and Exam Prep Tips
Learning Styles
Study Tips
Study Strategies
Pretesting Yourself
Exam Prep Tips
Exam Format
Question Types
More Exam Preparation Tips
Final Considerations
Part I: IT Governance and the Audit Process
Chapter 1:
The Audit Process
Introduction
Issues and Challenges of the IS Auditor
Audit Planning
Standards and Guidelines for ISACA IS Auditors
ISACA Standards
ISACA Code of Ethics
Risk Analysis
Risk Management
Risk-Based Audits
Auditing and the Use of Internal Controls
CobiT
The Audit Process
Audit Classification
Audit Programs
Audit Methodology
Objectives of the Audit
Compliance Versus Substantive Testing
Sampling and Embedded Audit Modules
Evidence
Detection of Fraud
Audit Closing
Changes in the IS Audit Process
The Control Self-Assessment Process
Integrated Auditing
Continuous Auditing
Chapter Summary
Key Terms
Apply Your Knowledge
Exercises
Exam Questions
Answers to Exam Questions
Need to Know More?
Chapter 2:
IT Governance
Introduction
Best Practices for Senior Management
Audit’s Role in Governance
IT Steering Committee
Measuring Performance
Information Security Governance
The Role of Strategy, Policies, Planning, and Procedures
Policy Development
Policies and Procedures
Risk Identification and Management
The Risk-Management Team
Asset Identification
Threat Identification
Risk-Analysis Methods
Management Practices and Controls
Employee Management
Sourcing
Change Management and Quality Improvement Techniques
Understanding Personnel Roles and Responsibilities
Employee Roles and Duties
Segregation of Duties
Chapter Summary
Key Terms
Apply Your Knowledge
Exercises
Exam Questions
Answers to Exam Questions
Need to Know More?
Part II: System and Infrastructure Lifecycle Management
Chapter 3:
Lifecycle Management
Introduction
Project Management
Roles, Responsibility, and Structure
Project Culture and Objectives
Project-Management Practices
Project Initiation
Project Planning
Project Control and Execution
Closing a Project
Business Application Development
Systems-Development Methodology
Alternative Application-Development Techniques
Application-Development Approaches
Information Systems Maintenance Practices
Chapter Summary
Key Terms
Apply Your Knowledge
Exercises
Exam Questions
Answers to Exam Questions
Need to Know More?
Chapter 4:
System Infrastructure Control
Introduction
Programmed and Manual Application Controls
Business Process Controls
Auditing Application Controls
Understanding the Application
Observation and Testing
Data Integrity Controls
Application System Testing
Continuous Online Auditing
Auditing Systems Development, Acquisition, and Maintenance
Project Management
Business Application Systems
E-Commerce
Electronic Data Interchange
Email
Business Intelligence
Chapter Summary
Key Terms
Apply Your Knowledge
Exercises
Exam Questions
Answers to Exam Questions
Need to Know More?
Part III: IT Service Delivery and Support
Chapter 5:
Information Systems Hardware and Architecture
Introduction
Information Systems Operation
Monitoring Resource Usage
Help Desk and Support
Change-Management Process
Information Systems Hardware
The Central Processing Unit
Memory
I/O Bus Standards
Computer Types
Computer Configurations and Roles
Radio Frequency Identification
Hardware Maintenance Program
Hardware Monitoring and Capacity Management
Information Systems Architecture and Software
Software Development
Operating Systems
Secondary Storage
Data Communication Software
Database-Management Systems
Database Structure
Software Licensing Issues
Chapter Summary
Key Terms
Apply Your Knowledge
Exercises
Exam Questions
Answers to Exam Questions
Need to Know More?
Chapter 6:
Information Systems Used for IT Delivery and Support
Introduction
Network Infrastructure
Network Types
Network Standards and Protocols
The OSI Model
Network Services and Applications
Comparing the OSI Model to the TCP/IP Model
Network Design
Network Cabling
Network Equipment
Firewalls
Wide Area Networks
Wireless Networks
Internet
Network Administration and Control
Risks to Network Infrastructure and Controls
Chapter Summary
Key Terms
Apply Your Knowledge
Exercises
Exam Questions
Answers to Exam Questions
Need to Know More?
Part IV: Protection of Information Assets
Chapter 7:
Protection of Logical Assets
Introduction
The Goals of Logical Security
Information Security Protection Mechanisms
The Role of Confidentiality, Integrity, and Availability
Logical Access Controls
Identification and Authentication (I&A)
Single Sign-On
Remote Access Security
Auditing and Logging
Handling Confidential Information
Common Attack Patterns
Passive Attacks
Active Attacks
Network Infrastructure
Network and Internet Security
Client/Server Security
LAN Security
Wireless LAN Security
Voice Communications
Phreakers
PBX
VoIP
Virus Protection
Containing Threats to Information Security
Emergency Response
Computer Forensics
Auditing Information Security
Auditing Network Infrastructure Security
Ethical Hacking and Penetration Testing
Network Assessments
Tracking Change
Encryption
Encryption Methods
Cryptographic Real-World Solutions
Encryption Risks and Attacks
Chapter Summary
Key Terms
Apply Your Knowledge
Exercises
Exam Questions
Answers to Exam Questions
Need to Know More?
Chapter 8:
Physical Security
Introduction
Physical Security
Physical Security Exposures
Physical Security Controls
Environmental Protection Practices
Power Anomalies
Power Protections
Heating, Ventilation, and Air Conditioning (HVAC)
Fire Prevention, Detection, and Suppression
Physical Authentication
Authentication Methods
Policies and Procedures
Types of Policies
Purpose of Policies
Defining Policies
Deploying and Implementing Policies
Physical Asset and Information Control
Chapter Summary
Key Terms
Apply Your Knowledge
Exercises
Exam Questions
Answers to Exam Questions
Need to Know More?
Part V: Business Continuity and Disaster Recovery
Chapter 9:
Business Continuity and Disaster Recovery
Introduction
Disaster Recovery
Disasters and Disruptive Events
BCP in the Real World
ISACA and the BCP Process
Recovery Alternatives
Alternate Processing Sites
Hardware Recovery
Software and Data Recovery
Backup and Restoration
Telecommunications Recovery
Verification of Disaster Recovery and Business Continuity Process
Chapter Summary
Key Terms
Apply Your Knowledge
Exercises
Exam Questions
Answers to Exam Questions
Need to Know More?
Part VI: Final Preparation
Fast Facts
1.0: IS Audit Process
2.0. 2.0 2.0: IT Governance
3.0: Systems and Infrastructure Lifecycle Management
4.0: IT Service Delivery and Support
5.0: Protection of Information Assets
6.0: Business Continuity and Disaster Recovery
Practice Exam
Practice Exam Questions
Answers to Practice Exam Questions
Answers at a Glance to Practice Exam
Answers with Explanations
Glossary
Index
