Atnaujinkite slapukų nuostatas

CISA Certified Information Systems Auditor All-in-One Exam Guide, Fourth Edition 4th edition [Minkštas viršelis]

4.02/5 (68 ratings by Goodreads)
  • Formatas: Paperback / softback, 816 pages, weight: 1141 g, 82 Illustrations
  • Išleidimo metai: 28-Nov-2019
  • Leidėjas: McGraw-Hill Education
  • ISBN-10: 1260458806
  • ISBN-13: 9781260458800
Kitos knygos pagal šią temą:
CISA Certified Information Systems Auditor All-in-One Exam Guide, Fourth Edition 4th editionDidesnis paveikslėlis
  • Formatas: Paperback / softback, 816 pages, weight: 1141 g, 82 Illustrations
  • Išleidimo metai: 28-Nov-2019
  • Leidėjas: McGraw-Hill Education
  • ISBN-10: 1260458806
  • ISBN-13: 9781260458800
Kitos knygos pagal šią temą:
Pastovi nuoroda: https://www.kriso.lt/db/9781260458800.html
Raktažodžiai:
Publisher's Note: Products purchased from Third Party sellers are not guaranteed by the publisher for quality, authenticity, or access to any online entitlements included with the product.


This up-to-date self-study system delivers complete coverage of every topic on the 2019 version of the CISA exam

The latest edition of this trusted resource offers complete,up-to-date coverage of all the material included on the latest release of the Certified Information Systems Auditor exam. Written by an IT security and audit expert, CISA Certified Information Systems Auditor All-in-One Exam Guide, Fourth Edition covers all five exam domains developed by ISACA®. You’ll find learning objectives at the beginning of each chapter, exam tips, practice exam questions, and in-depth explanations. Designed to help you pass the CISA exam with ease, this comprehensive guide also serves as an essential on-the-job reference for new and established IS auditors.

COVERS ALL EXAM TOPICS, INCLUDING:

•  IT governance and management
•  Information systems audit process
•  IT service delivery and infrastructure
•  Information asset protection

Online content includes:

• 300 practice exam questions
• Test engine that provides full-length practice exams and customizable quizzes by exam topic
Acknowledgments xxi
Introduction xxiii
Chapter 1 Becoming a CISA 1(18)
Benefits of CISA Certification
2(2)
The CISA Certification Process
4(4)
Experience Requirements
5(3)
ISACA Code of Professional Ethics
8(1)
ISACA IS Standards
8(2)
The Certification Exam
10(1)
Exam Preparation
11(2)
Before the Exam
11(2)
Day of the Exam
13(1)
After the Exam
13(1)
Applying for CISA Certification
13(1)
Retaining Your CISA Certification
14(3)
Continuing Education
14(2)
CPE Maintenance Fees
16(1)
Revocation of Certification
17(1)
CISA Exam Preparation Pointers
17(1)
Summary
18(1)
Chapter 2 IT Governance and Management 19(78)
IT Governance Practices for Executives and Boards of Directors
20(6)
IT Governance
20(1)
IT Governance Frameworks
21(1)
IT Strategy Committee
22(1)
The Balanced Scorecard
22(1)
Information Security Governance
23(3)
IT Strategic Planning
26(2)
The IT Steering Committee
27(1)
Policies, Processes, Procedures, and Standards
28(10)
Information Security Policy
29(1)
Privacy Policy
30(1)
Data Classification Policy
30(1)
System Classification Policy
31(1)
Site Classification Policy
31(1)
Access Control Policy
31(1)
Mobile Device Policy
32(1)
Social Media Policy
32(1)
Other Policies
32(1)
Processes and Procedures
32(1)
Standards
33(1)
Enterprise Architecture
34(3)
Applicable Laws, Regulations, and Standards
37(1)
Risk Management
38(15)
The Risk Management Program
39(1)
The Risk Management Process
40(10)
Risk Treatment
50(3)
IT Management Practices
53(23)
Personnel Management
53(7)
Sourcing
60(9)
Change Management
69(1)
Financial Management
69(1)
Quality Management
70(2)
Portfolio Management
72(1)
Controls Management
72(2)
Security Management
74(1)
Performance and Capacity Management
75(1)
Organization Structure and Responsibilities
76(10)
Roles and Responsibilities
78(6)
Segregation of Duties
84(2)
Auditing IT Governance
86(5)
Auditing Documentation and Records
87(2)
Auditing Contracts
89(1)
Auditing Outsourcing
90(1)
Chapter Review
91(6)
Quick Review
92(1)
Questions
93(2)
Answers
95(2)
Chapter 3 The Audit Process 97(64)
Audit Management
97(10)
The Audit Charter
97(1)
The Audit Program
98(1)
Strategic Audit Planning
98(3)
Audit and Technology
101(1)
Audit Laws and Regulations
102(5)
ISACA Auditing Standards
107(8)
ISACA Code of Professional Ethics
107(1)
ISACA Audit and Assurance Standards
107(4)
ISACA Audit and Assurance Guidelines
111(4)
Risk Analysis
115(6)
Auditors' Risk Analysis and the Corporate Risk Management Program
116(2)
Evaluating Business Processes
118(1)
Identifying Business Risks
119(1)
Risk Mitigation
120(1)
Countermeasures Assessment
120(1)
Monitoring
121(1)
Controls
121(5)
Control Classification
121(3)
Internal Control Objectives
124(1)
IS Control Objectives
125(1)
General Computing Controls
126(1)
IS Controls
126(1)
Performing an Audit
126(24)
Audit Objectives
128(1)
Types of Audits
128(3)
Compliance vs. Substantive Testing
131(1)
Audit Methodology and Project Management
131(3)
Audit Evidence
134(7)
Reliance on the Work of Other Auditors
141(1)
Audit Data Analytics
142(3)
Reporting Audit Results
145(2)
Other Audit Topics
147(3)
Control Self-Assessment
150(3)
CSA Advantages and Disadvantages
151(1)
The CSA Life Cycle
151(1)
Self-Assessment Objectives
152(1)
Auditors and Self-Assessment
153(1)
Implementation of Audit Recommendations
153(1)
Chapter Review
154(7)
Quick Review
155(1)
Questions
156(3)
Answers
159(2)
Chapter 4 IT Life Cycle Management 161(108)
Benefits Realization
162(5)
Portfolio and Program Management
162(3)
Business Case Development
165(1)
Measuring Business Benefits
166(1)
Project Management
167(25)
Organizing Projects
167(2)
Developing Project Objectives
169(2)
Managing Projects
171(1)
Project Roles and Responsibilities
171(2)
Project Planning
173(13)
Project Management Methodologies
186(6)
The Systems Development Life Cycle (SDLC)
192(37)
SDLC Phases
193(27)
Software Development Risks
220(1)
Alternative Software Development Approaches and Techniques
221(5)
System Development Tools
226(1)
Acquiring Cloud-Based Infrastructure and Applications
227(2)
Infrastructure Development and Implementation
229(5)
Review of Existing Architecture
230(1)
Requirements
231(1)
Design
231(1)
Procurement
232(1)
Testing
233(1)
Implementation
234(1)
Maintenance
234(1)
Maintaining Information Systems
234(3)
Change Management
234(2)
Configuration Management
236(1)
Business Processes
237(6)
The Business Process Life Cycle and Business Process Reengineering
237(3)
Capability Maturity Models
240(3)
Managing Third Parties
243(2)
Risk Factors
243(1)
Onboarding and Due Diligence
243(1)
Classification
244(1)
Assessment
244(1)
Remediation
244(1)
Risk Reporting
245(1)
Application Controls
245(6)
Input Controls
245(3)
Processing Controls
248(2)
Output Controls
250(1)
Auditing the Systems Development Life Cycle
251(5)
Auditing Program and Project Management
251(1)
Auditing the Feasibility Study
252(1)
Auditing Requirements
252(1)
Auditing Design
253(1)
Auditing Software Acquisition
253(1)
Auditing Development
253(1)
Auditing Testing
254(1)
Auditing Implementation
254(1)
Auditing Post-Implementation
255(1)
Auditing Change Management
255(1)
Auditing Configuration Management
255(1)
Auditing Business Controls
256(1)
Auditing Application Controls
256(3)
Transaction Flow
256(1)
Observations
256(1)
Data Integrity Testing
257(1)
Testing Online Processing Systems
257(1)
Auditing Applications
258(1)
Continuous Auditing
258(1)
Auditing Third-Party Risk Management
259(1)
Chapter Review
260(9)
Quick Review
262(1)
Questions
263(3)
Answers
266(3)
Chapter 5 IT Service Management and Continuity 269(180)
Information Systems Operations
270(17)
Management and Control of Operations
270(1)
IT Service Management
271(10)
IT Operations and Exception Handling
281(1)
End-User Computing
282(1)
Software Program Library Management
283(1)
Quality Assurance
284(1)
Security Management
285(1)
Media Control
285(1)
Data Management
286(1)
Information Systems Hardware
287(14)
Computer Usage
288(2)
Computer Hardware Architecture
290(10)
Hardware Maintenance
300(1)
Hardware Monitoring
300(1)
Information Systems Architecture and Software
301(10)
Computer Operating Systems
301(2)
Data Communications Software
303(1)
File Systems
303(1)
Database Management Systems
304(3)
Media Management Systems
307(1)
Utility Software
308(1)
Software Licensing
309(1)
Digital Rights Management
310(1)
Network Infrastructure
311(53)
Enterprise Architecture
311(1)
Network Architecture
312(3)
Network-Based Services
315(2)
Network Models
317(11)
Network Technologies
328(36)
Business Resilience
364(60)
Business Continuity Planning
364(39)
Disaster Recovery Planning
403(21)
Auditing IT Infrastructure and Operations
424(15)
Auditing Information Systems Hardware
424(1)
Auditing Operating Systems
424(1)
Auditing File Systems
425(1)
Auditing Database Management Systems
425(1)
Auditing Network Infrastructure
426(1)
Auditing Network Operating Controls
427(1)
Auditing IT Operations
428(1)
Auditing Lights-Out Operations
429(1)
Auditing Problem Management Operations
429(1)
Auditing Monitoring Operations
430(1)
Auditing Procurement
430(1)
Auditing Business Continuity Planning
431(4)
Auditing Disaster Recovery Planning
435(4)
Chapter Review
439(10)
Quick Review
442(1)
Questions
443(3)
Answers
446(3)
Chapter 6 Information Asset Protection 449(142)
Information Security Management
449(34)
Aspects of Information Security Management
450(4)
Roles and Responsibilities
454(2)
Business Alignment
456(1)
Asset Inventory and Classification
457(3)
Access Controls
460(1)
Privacy
461(1)
Third-Party Management
462(5)
Human Resources Security
467(4)
Computer Crime
471(5)
Security Incident Management
476(6)
Forensic Investigations
482(1)
Logical Access Controls
483(33)
Access Control Concepts
484(1)
Access Control Models
485(1)
Access Control Threats
485(1)
Access Control Vulnerabilities
486(1)
Access Points and Methods of Entry
487(4)
Identification, Authentication, and Authorization
491(9)
Protecting Stored Information
500(8)
Managing User Access
508(6)
Protecting Mobile Computing
514(2)
Network Security Controls
516(41)
Network Security
516(4)
IoT Security
520(1)
Securing Client-Server Applications
521(1)
Securing Wireless Networks
522(4)
Protecting Internet Communications
526(6)
Encryption
532(13)
Voice over IP
545(2)
Private Branch Exchange
547(1)
Malware
548(7)
Information Leakage
555(2)
Environmental Controls
557(7)
Environmental Threats and Vulnerabilities
557(1)
Environmental Controls and Countermeasures
558(6)
Physical Security Controls
564(3)
Physical Access Threats and Vulnerabilities
564(2)
Physical Access Controls and Countermeasures
566(1)
Auditing Asset Protection
567(16)
Auditing Security Management
567(1)
Auditing Logical Access Controls
568(8)
Auditing Network Security Controls
576(4)
Auditing Environmental Controls
580(1)
Auditing Physical Security Controls
581(2)
Chapter Review
583(8)
Quick Review
583(2)
Questions
585(3)
Answers
588(3)
Appendix A Conducting a Professional Audit 591(74)
Understanding the Audit Cycle
592(1)
How the IS Audit Cycle Is Discussed
592(2)
"Client" and Other Terms in This Appendix
593(1)
Overview of the IS Audit Cycle
594(70)
Project Origination
595(8)
Engagement Letters and Audit Charters
603(4)
Ethics and Independence
607(1)
Launching a New Project: Planning an Audit
608(5)
Developing the Audit Plan
613(3)
Developing a Test Plan
616(9)
Performing a Pre-Audit (or Readiness Assessment)
625(2)
Organizing a Testing Plan
627(4)
Resource Planning for the Audit Team
631(1)
Performing Control Testing
632(15)
Developing Audit Opinions
647(3)
Developing Audit Recommendations
650(1)
Managing Supporting Documentation
650(2)
Delivering Audit Results
652(4)
Management Response
656(5)
Audit Closing Procedures
661(2)
Audit Follow-up
663(1)
Summary
664(1)
Appendix B Popular Methodologies, Frameworks, and Guidance 665(40)
Common Terms and Concepts
665(8)
Governance
666(1)
Goals, Objectives, and Strategies
667(1)
Processes
668(1)
Capability Maturity Models
668(2)
Controls
670(1)
The Deming Cycle
671(1)
Projects
672(1)
Frameworks, Methodologies, and Guidance
673(29)
Business Model for Information Security (BMIS)
673(1)
COSO Internal Control - Integrated Framework
674(4)
COBIT
678(2)
GTAG
680(1)
GAIT
681(1)
ISF Standard of Good Practice for Information Security
682(1)
ISO/IEC 27001 and 27002
682(2)
NIST SP 800-53 and NIST SP 800-53A
684(1)
NIST Cybersecurity Framework
685(2)
Payment Card Industry Data Security Standard
687(2)
CIS Controls
689(2)
IT Assurance Framework
691(1)
ITIL
692(1)
PMBOK Guide
693(2)
PRINCE2
695(1)
Risk IT
696(2)
Val IT
698(1)
Summary of Frameworks
699(1)
Pointers for Successful Use of Frameworks
699(3)
Notes
702(1)
References
702(3)
Appendix C About the Online Content 705(4)
System Requirements
705(1)
Your Total Seminars Training Hub Account
705(1)
Privacy Notice
705(1)
Single User License Terms and Conditions
705(2)
TotalTester Online
707(1)
Technical Support
707(2)
Glossary 709(56)
Index 765
Peter H. Gregory, CISA, CRISC, CISSP, QSA, CCSK, is a 30-year career technologist and the manager of information security and risk management at Concur. He has been deeply involved in the development of IT controls and internal IT audits since 2002, and is the author of 24 books on information security and technology, including CISA Certified Information Systems Auditor All-in-One Exam Guide, Third Edition.