|
Book details / order |
CISA: CERTIFIED INFORMATION SYSTEMS AUDITOR STUDY GUIDE, 4ED |
Sybex's cisa: certified information systems auditor study guide, fourth edition is the newest edition of industry-leading study guide for the certified information system auditor exam, fully updated to align with the latest isaca standards and changes in is auditing. this new edition provides complete guidance toward all content areas, tasks, and knowledge areas of the exam and is illustrated with real-world examples. all cisa terminology has been revised to reflect the most recent interpretations, including 73 definition and nomenclature changes. each chapter summary highlights the most important topics on which you'll be tested and review questions help you gauge your understanding of the material.
introduction
assessment test
chapter 1 secrets of a successful auditor
understanding the demand for is audits
executive misconduct
more regulation ahead
basic regulatory objective
governance is leadership
three types of data target different uses
audit results indicate the truth
understanding policies, standards, guidelines and procedures
understanding professional ethics
following the isaca professional code
preventing ethical conflicts
understanding the purpose of an audit
classifying general types of audits
determining differences in audit approach
understanding the auditor's responsibility
comparing audits to assessments
differentiating between auditor and auditee roles
applying an independence test
implementing audit standards
where do audit standards come from?
understanding the various auditing standards
specific regulations defining best practices
audits to prove financial integrity
auditor is an executive position
understanding the importance of auditor confidentiality
working with lawyers
working with executives
working with it professionals
retaining audit documentation
providing good communication and integration
understanding leadership duties
planning and setting priorities
providing standard terms of reference
dealing with conflicts and failures
identifying the value of internal and external auditors
understanding the evidence rule
stakeholders: identifying whom you need to interview
understanding the corporate organizational structure
identifying roles in a corporate organizational structure
identifying roles in a consulting firm organizational structure
chapter 2 governance
strategy planning for organizational control
overview of the it steering committee
using the balanced scorecard
it subset of the bsc
decoding the it strategy
specifying a policy
project management
implementation planning of the it strategy
using cobit
identifying sourcing locations
conducting an executive performance review
understanding the auditor's interest in the strategy
overview of tactical management
planning and performance
management control methods
risk management
implementing standards
human resources
system life cycle management
continuity planning
insurance
overview of business process reengineering
why use business process reengineering
bpr methodology
genius or insanity?
goal of bpr
guiding principles for bpr
knowledge requirements for bpr
bpr techniques
bpr application steps
role of is in bpr
business process documentation
bpr data management techniques
benchmarking as a bpr tool
using a business impact analysis
bpr project risk assessment
practical application of bpr
practical selection methods for bpr
troubleshooting bpr problems
understanding the auditor's interest in tactical management
operations management
sustaining operations
tracking actual performance
controlling change
understanding the auditor's interest in operational delivery
chapter 3 audit process
understanding the audit program
audit program objectives and scope
audit program extent
audit program responsibilities
audit program resources
audit program procedures
audit program implementation
audit program records
audit program monitoring and review
planning individual audits
establishing and approving an audit charter
role of the audit committee
preplanning specific audits
understanding the variety of audits
identifying restrictions on scope
gathering detailed audit requirements
using a systematic approach to planning
comparing traditional audits to assessments and self-assessments
performing an audit risk assessment
determining whether an audit is possible
identifying the risk management strategy
determining feasibility of audit
performing the audit
selecting the audit team
determining competence and evaluating auditors
ensuring audit quality control
establishing contact with the auditee
making initial contact with the auditee
using data collection techniques
conducting document review
understanding the hierarchy of internal controls
reviewing existing controls
preparing the audit plan
assigning work to the audit team
preparing working documents
conducting onsite audit activities
gathering audit evidence
using evidence to prove a point
understanding types of evidence
selecting audit samples
recognizing typical evidence for is audits
using computer assisted audit tools
understanding electronic discovery
grading of evidence
timing of evidence
following the evidence life cycle
conducting audit evidence testing
compliance testing
substantive testing
tolerable error rate
recording test results
generating audit findings
detecting irregularities and illegal acts
indicators of illegal or irregular activity
responding to irregular or illegal activity
findings outside of audit scope
report findings
approving and distributing the audit report
identifying omitted procedures
conducting follow up (closing meeting)
chapter 4 networking technology basics
understanding the differences in computer architecture
selecting the best system
identifying various operating systems
determining the best computer class
comparing computer capabilities
ensuring system control
dealing with data storage
using interfaces and ports
introducing the open systems interconnection model
layer 1: physical layer
layer 2: data link layer
layer 3: network layer
layer 4: transport layer
layer 5: session layer
layer 6: presentation layer
layer 7: application layer
understanding how computers communicate
understanding physical network design
understanding network cable topologies
bus topologies
star topologies
ring topologies
meshed networks
differentiating network cable types
coaxial cable
unshielded twisted pair (utp) cable
fiber optic cable
connecting network devices
using network services
domain name system
dynamic host configuration protocol
expanding the network
using telephone circuits
network firewalls
remote vpn access
using wireless access solutions
firewall protection for wireless networks
remote dial up access
wlan transmission security
achieving 802.11i rsn wireless security
intrusion detection systems
summarizing the various area networks
using software as a service (saas)
advantages
disadvantages
cloud computing
the basics of managing the network
automated lan cable tester
protocol analyzers
remote monitoring protocol version 2
chapter 5 information systems life cycle
governance in software development
management of software quality
capability maturity model
international organization for standardization
typical commercial records classification method
overview of the executive steering committee
identifying critical success factors
using the scenario approach
aligning software to business needs
change management
management of the software project
choosing an approach
using traditional project management
overview of the system development life cycle
phase 1: feasibility study
phase 2: requirements definition
phase 3: system design
phase 4: development
phase 5: implementation
phase 6: post implementation
phase 7: disposal
overview of data architecture
databases
database transaction integrity
decision support systems
presenting decision support data
using artificial intelligence
program architecture
centralization vs. decentralization
electronic commerce
chapter 6 system implementation and operations
understanding the nature of it services
performing it operations management
meeting it functional objectives
using the it infrastructure library
supporting it goals
understanding personnel roles and responsibilities
using metrics
evaluating the help desk
performing service level management
outsourcing it functions
performing capacity management
using administrative protection
information security management
it security governance
authority roles over data
data retention requirements
document physical access paths
personnel management
physical asset management
compensating controls
performing problem management
incident handling
digital forensics
monitoring the status of controls
system monitoring
document logical access paths
system access controls
data file controls
application processing controls
log management
antivirus software
active content and mobile software code
maintenance controls
implementing physical protection
data processing locations
environmental controls
safe media storage
chapter 7 protecting information assets
understanding the threat
recognizing types of threats and computer crimes
identifying the perpetrators
understanding attack methods
implementing administrative protection
using technical protection
technical control classification
application software controls
authentication methods
network access protection
encryption methods
public key infrastructure
network security protocols
telephone security
technical security testing
chapter 8 business continuity and disaster recovery
debunking the myths
myth 1: facility matters
myth 2: it systems matter
from myth to reality
understanding the five conflicting disciplines called business continuity
defining disaster recovery
surviving financial challenges
valuing brand names
rebuilding after a disaster
defining the purpose of business continuity
uniting other plans with business continuity
identifying business continuity practices
identifying the management approach
following a program management approach
understanding the five phases of a business continuity program
phase 1: setting up the bc program
phase 2: the discovery process
phase 4: plan implementation
phase 5: maintenance and integration
understanding the auditor interests in bc / dr plans
summary
exam essentials
review questions
appendix answers to review questions
index
Author : David l. cannon, brian t. o'hara, allen keele
Publication : Sybex
Isbn : 9788126562190
Store book number : 107
NRS 1600.00
|
|
|
|
|
|
|
|
|
|