Atnaujinkite slapukų nuostatas

El. knyga: CISA - Certified Information Systems Auditor Study Guide 4e: Certified Information Systems Auditor Study Guide, Fourth Edition 4th Edition [Wiley Online]

, With , With
  • Formatas: 704 pages
  • Išleidimo metai: 26-Apr-2016
  • Leidėjas: Sybex Inc.,U.S.
  • ISBN-10: 1119419212
  • ISBN-13: 9781119419211
Kitos knygos pagal šią temą:
  • Wiley Online
  • Kaina: 74,01 €*
  • * this price gives unlimited concurrent access for unlimited time
CISA - Certified Information Systems Auditor Study Guide 4e: Certified Information Systems Auditor Study Guide, Fourth Edition 4th EditionDidesnis paveikslėlis
  • Formatas: 704 pages
  • Išleidimo metai: 26-Apr-2016
  • Leidėjas: Sybex Inc.,U.S.
  • ISBN-10: 1119419212
  • ISBN-13: 9781119419211
Kitos knygos pagal šią temą:
Wiley Online E-booksMore info about Wiley Online
Partnerių interneto svetainė: https://onlinelibrary.wiley.com/doi/book/10.1002/9781119419211
"The industry-leading study guide for the CISA exam, fully updated More than 27,000 IT professionals take the Certified Information Systems Auditor exam each year. SC Magazine lists the CISA as the top certification for security professionals. Compliances, regulations, and best practices for IS auditing are updated twice a year, and this is the most up-to-date book available to prepare aspiring CISAs for the next exam. CISAs are among the five highest-paid IT security professionals; more than 27,000 takethe exam each year and the numbers are growing Standards are updated twice a year, and this book offers the most up-to-date coverage as well as the proven Sybex approach that breaks down the content, tasks, and knowledge areas of the exam to cover every detail. Covers the IS audit process, IT governance, systems and infrastructure lifecycle management, IT service delivery and support, protecting information assets, disaster recovery, and more. Anyone seeking Certified Information Systems Auditor status will be fully prepared for the exam with the detailed information and approach found in this book."--Provided by publisher.

Building on the proven approach of other Sybex Study Guides,this updated book of more than 700 comprehensive pagescomplies with the recent release of the September 2014 IT AuditFramework (ITAF) and with that prepares readers to takethe new exam based on those guidelines. This Study Guide covers theContent Areas and Tasks and Knowledge Areas and breaks them downfor the reader in a clear and concise manner. The book begins withan Assessment Test and then moves on to:

  • IT Governance
  • The IS Audit Process
  • Networking Technology Basics
  • Information Systems Life Cycle
  • System Implementation and Operations
  • Protecting Information Assets
  • Business Continuity and Disaster Recovery

Each chapter ends with a summary, Exam Essentials (mostimportant items on which one will be tested), Review Questions, andAnswers to Review Questions. In this new edition, all the CISAterminology & definitions have been revised to keep up with newdefinition in regulations & ISO standards in light of the majorbreaches which occurred during 2012-14 causing the guidelines andthe certification requirements to change. Approximately73 terms have newer definitions or nomenclature changes. Unique tothis study guide only, ISO standards are included as the governingbody, ISACA, must comply with these standards now and in thefuture. The book comes complete with Exam Essentials, ChapterReview Questions, and Real-World Scenarios, as well as two bonusPractice Exams, Flashcards, and a Glossary of Terms.

Introduction xix
Assessment Test xlii
Chapter 1 Secrets of a Successful Auditor 1(56)
Understanding the Demand for IS Audits
2(9)
Executive Misconduct
3(2)
More Regulation Ahead
5(2)
Basic Regulatory Objective
7(1)
Governance Is Leadership
8(1)
Three Types of Data Target Different Uses
9(1)
Audit Results Indicate the Truth
10(1)
Understanding Policies, Standards, Guidelines, and Procedures
11(3)
Understanding Professional Ethics
14(3)
Following the ISACA Professional Code
14(2)
Preventing Ethical Conflicts
16(1)
Understanding the Purpose of an Audit
17(5)
Classifying General Types of Audits
18(2)
Determining Differences in Audit Approach
20(1)
Understanding the Auditor's Responsibility
21(1)
Comparing Audits to Assessments
21(1)
Differentiating between Auditor and Auditee Roles
22(2)
Applying an Independence Test
23(1)
Implementing Audit Standards
24(11)
Where Do Audit Standards Come From?
25(2)
Understanding the Various Auditing Standards
27(4)
Specific Regulations Defining Best Practices
31(3)
Audits to Prove Financial Integrity
34(1)
Auditor Is an Executive Position
35(10)
Understanding the Importance of Auditor Confidentiality
35(1)
Working with Lawyers
36(1)
Working with Executives
37(1)
Working with IT Professionals
37(1)
Retaining Audit Documentation
38(1)
Providing Good Communication and Integration
39(1)
Understanding Leadership Duties
39(1)
Planning and Setting Priorities
40(1)
Providing Standard Terms of Reference
41(1)
Dealing with Conflicts and Failures
42(1)
Identifying the Value of Internal and External Auditors
43(1)
Understanding the Evidence Rule
43(1)
Stakeholders: Identifying Whom You Need to Interview
44(1)
Understanding the Corporate Organizational Structure
45(4)
Identifying Roles in a Corporate Organizational Structure
45(2)
Identifying Roles in a Consulting Firm Organizational Structure
47(2)
Summary
49(1)
Exam Essentials
49(3)
Review Questions
52(5)
Chapter 2 Governance 57(82)
Strategy Planning for Organizational Control
61(39)
Overview of the IT Steering Committee
64(5)
Using the Balanced Scorecard
69(5)
IT Subset of the BSC
74(1)
Decoding the IT Strategy
74(3)
Specifying a Policy
77(2)
Project Management
79(11)
Implementation Planning of the IT Strategy
90(4)
Using COBIT
94(1)
Identifying Sourcing Locations
94(5)
Conducting an Executive Performance Review
99(1)
Understanding the Auditor's Interest in the Strategy
100(1)
Overview of Tactical Management
100(1)
Planning and Performance
100(12)
Management Control Methods
101(4)
Risk Management
105(3)
Implementing Standards
108(1)
Human Resources
109(2)
System Life-Cycle Management
111(1)
Continuity Planning
111(1)
Insurance
112(1)
Overview of Business Process Reengineering
112(17)
Why Use Business Process Reengineering
113(1)
BPR Methodology
114(1)
Genius or Insanity?
114(1)
Goal of BPR
114(1)
Guiding Principles for BPR
115(1)
Knowledge Requirements for BPR
116(1)
BPR Techniques
116(1)
BPR Application Steps
117(2)
Role of IS in BPR
119(1)
Business Process Documentation
119(1)
BPR Data Management Techniques
120(1)
Benchmarking as a BPR Tool
120(1)
Using a Business Impact Analysis
121(2)
BPR Project Risk Assessment
123(2)
Practical Application of BPR
125(2)
Practical Selection Methods for BPR
127(1)
Troubleshooting BPR Problems
128(1)
Understanding the Auditor's Interest in Tactical Management
129(1)
Operations Management
129(3)
Sustaining Operations
130(1)
Tracking Actual Performance
130(1)
Controlling Change
131(1)
Understanding the Auditor's Interest in Operational Delivery
131(1)
Summary
132(1)
Exam Essentials
132(2)
Review Questions
134(5)
Chapter 3 Audit Process 139(76)
Understanding the Audit Program
140(11)
Audit Program Objectives and Scope
141(2)
Audit Program Extent
143(1)
Audit Program Responsibilities
144(1)
Audit Program Resources
144(1)
Audit Program Procedures
145(1)
Audit Program Implementation
146(1)
Audit Program Records
146(1)
Audit Program Monitoring and Review
147(1)
Planning Individual Audits
148(3)
Establishing and Approving an Audit Charter
151(2)
Role of the Audit Committee
151(2)
Preplanning Specific Audits
153(9)
Understanding the Variety of Audits
154(2)
Identifying Restrictions on Scope
156(2)
Gathering Detailed Audit Requirements
158(1)
Using a Systematic Approach to Planning
159(2)
Comparing Traditional Audits to Assessments and Self-Assessments
161(1)
Performing an Audit Risk Assessment
162(1)
Determining Whether an Audit Is Possible
163(4)
Identifying the Risk Management Strategy
165(2)
Determining Feasibility of Audit
167(1)
Performing the Audit
167(19)
Selecting the Audit Team
167(1)
Determining Competence and Evaluating Auditors
168(2)
Ensuring Audit Quality Control
170(1)
Establishing Contact with the Auditee
171(1)
Making Initial Contact with the Auditee
172(2)
Using Data Collection Techniques
174(2)
Conducting Document Review
176(1)
Understanding the Hierarchy of Internal Controls
177(2)
Reviewing Existing Controls
179(3)
Preparing the Audit Plan
182(1)
Assigning Work to the Audit Team
183(1)
Preparing Working Documents
184(1)
Conducting Onsite Audit Activities
185(1)
Gathering Audit Evidence
186(12)
Using Evidence to Prove a Point
186(1)
Understanding Types of Evidence
187(1)
Selecting Audit Samples
187(1)
Recognizing Typical Evidence for IS Audits
188(1)
Using Computer-Assisted Audit Tools
189(2)
Understanding Electronic Discovery
191(2)
Grading of Evidence
193(2)
Timing of Evidence
195(1)
Following the Evidence Life Cycle
195(3)
Conducting Audit Evidence Testing
198(3)
Compliance Testing
198(1)
Substantive Testing
199(1)
Tolerable Error Rate
200(1)
Recording Test Results
200(1)
Generating Audit Findings
201(2)
Detecting Irregularities and Illegal Acts
201(1)
Indicators of Illegal or Irregular Activity
202(1)
Responding to Irregular or Illegal Activity
202(1)
Findings Outside of Audit Scope
203(1)
Report Findings
203(2)
Approving and Distributing the Audit Report
205(1)
Identifying Omitted Procedures
205(1)
Conducting Follow-up (Closing Meeting)
205(1)
Summary
206(1)
Exam Essentials
207(3)
Review Questions
210(5)
Chapter 4 Networking Technology Basics 215(92)
Understanding the Differences in Computer Architecture
217(4)
Selecting the Best System
221(16)
Identifying Various Operating Systems
221(3)
Determining the Best Computer Class
224(3)
Comparing Computer Capabilities
227(1)
Ensuring System Control
228(2)
Dealing with Data Storage
230(5)
Using Interfaces and Ports
235(2)
Introducing the Open Systems Interconnection Model
237(15)
Layer 1: Physical Layer
240(1)
Layer 2: Data-Link Layer
240(2)
Layer 3: Network Layer
242(6)
Layer 4: Transport Layer
248(1)
Layer 5: Session Layer
249(1)
Layer 6: Presentation Layer
250(1)
Layer 7: Application Layer
250(1)
Understanding How Computers Communicate
251(1)
Understanding Physical Network Design
252(1)
Understanding Network Cable Topologies
253(5)
Bus Topologies
254(1)
Star Topologies
254(1)
Ring Topologies
255(1)
Meshed Networks
256(2)
Differentiating Network Cable Types
258(2)
Coaxial Cable
258(1)
Unshielded Twisted-Pair (UTP) Cable
259(1)
Fiber-Optic Cable
260(1)
Connecting Network Devices
260(3)
Using Network Services
263(3)
Domain Name System
263(2)
Dynamic Host Configuration Protocol
265(1)
Expanding the Network
266(26)
Using Telephone Circuits
268(3)
Network Firewalls
271(5)
Remote VPN Access
276(4)
Using Wireless Access Solutions
280(4)
Firewall Protection for Wireless Networks
284(1)
Remote Dial-Up Access
284(1)
WLAN Transmission Security
284(3)
Achieving 802.11i RSN Wireless Security
287(1)
Intrusion Detection Systems
288(3)
Summarizing the Various Area Networks
291(1)
Using Software as a Service (SaaS)
292(3)
Advantages
292(1)
Disadvantages
293(1)
Cloud Computing
294(1)
The Basics of Managing the Network
295(3)
Automated LAN Cable Tester
295(1)
Protocol Analyzers
295(2)
Remote Monitoring Protocol Version 2
297(1)
Summary
298(1)
Exam Essentials
298(3)
Review Questions
301(6)
Chapter 5 Information Systems Life Cycle 307(74)
Governance in Software Development
308(2)
Management of Software Quality
310(7)
Capability Maturity Model
310(2)
International Organization for Standardization
312(4)
Typical Commercial Records Classification Method
316(1)
Overview of the Executive Steering Committee
317(6)
Identifying Critical Success Factors
318(1)
Using the Scenario Approach
318(1)
Aligning Software to Business Needs
319(4)
Change Management
323(1)
Management of the Software Project
323(4)
Choosing an Approach
323(1)
Using Traditional Project Management
324(3)
Overview of the System Development Life Cycle
327(37)
Phase 1: Feasibility Study
331(3)
Phase 2: Requirements Definition
334(5)
Phase 3: System Design
339(4)
Phase 4: Development
343(11)
Phase 5: Implementation
354(7)
Phase 6: Postimplementation
361(2)
Phase 7: Disposal
363(1)
Overview of Data Architecture
364(5)
Databases
364(4)
Database Transaction Integrity
368(1)
Decision Support Systems
369(2)
Presenting Decision Support Data
370(1)
Using Artificial Intelligence
370(1)
Program Architecture
371(1)
Centralization vs. Decentralization
372(1)
Electronic Commerce
372(2)
Summary
374(1)
Exam Essentials
374(2)
Review Questions
376(5)
Chapter 6 System Implementation and Operations 381(68)
Understanding the Nature of IT Services
383(2)
Performing IT Operations Management
385(14)
Meeting IT Functional Objectives
385(2)
Using the IT Infrastructure Library
387(2)
Supporting IT Goals
389(1)
Understanding Personnel Roles and Responsibilities
389(5)
Using Metrics
394(2)
Evaluating the Help Desk
396(1)
Performing Service-Level Management
397(1)
Outsourcing IT Functions
398(1)
Performing Capacity Management
399(1)
Using Administrative Protection
400(9)
Information Security Management
401(1)
IT Security Governance
401(1)
Authority Roles over Data
402(1)
Data Retention Requirements
403(1)
Document Physical Access Paths
404(1)
Personnel Management
405(1)
Physical Asset Management
406(2)
Compensating Controls
408(1)
Performing Problem Management
409(5)
Incident Handling
410(2)
Digital Forensics
412(2)
Monitoring the Status of Controls
414(16)
System Monitoring
415(1)
Document Logical Access Paths
416(1)
System Access Controls
417(3)
Data File Controls
420(1)
Application Processing Controls
421(2)
Log Management
423(1)
Antivirus Software
424(1)
Active Content and Mobile Software Code
424(3)
Maintenance Controls
427(3)
Implementing Physical Protection
430(12)
Data Processing Locations
432(1)
Environmental Controls
432(8)
Safe Media Storage
440(2)
Summary
442(1)
Exam Essentials
442(2)
Review Questions
444(5)
Chapter 7 Protecting Information Assets 449(68)
Understanding the Threat
450(22)
Recognizing Types of Threats and Computer Crimes
452(2)
Identifying the Perpetrators
454(4)
Understanding Attack Methods
458(11)
Implementing Administrative Protection
469(3)
Using Technical Protection
472(37)
Technical Control Classification
472(2)
Application Software Controls
474(1)
Authentication Methods
475(13)
Network Access Protection
488(1)
Encryption Methods
489(7)
Public-Key Infrastructure
496(6)
Network Security Protocols
502(5)
Telephone Security
507(1)
Technical Security Testing
507(2)
Summary
509(1)
Exam Essentials
509(2)
Review Questions
511(6)
Chapter 8 Business Continuity and Disaster Recovery 517(54)
Debunking the Myths
518(2)
Myth 1: Facility Matters
519(1)
Myth 2: IT Systems Matter
519(1)
From Myth to Reality
519(1)
Understanding the Five Conflicting Disciplines Called Business Continuity
520(1)
Defining Disaster Recovery
521(3)
Surviving Financial Challenges
522(1)
Valuing Brand Names
522(1)
Rebuilding after a Disaster
523(1)
Defining the Purpose of Business Continuity
524(3)
Uniting Other Plans with Business Continuity
527(5)
Identifying Business Continuity Practices
527(2)
Identifying the Management Approach
529(2)
Following a Program Management Approach
531(1)
Understanding the Five Phases of a Business Continuity Program
532(31)
Phase 1: Setting Up the BC Program
532(3)
Phase 2: The Discovery Process
535(25)
Phase 4: Plan Implementation
560(2)
Phase 5: Maintenance and Integration
562(1)
Understanding the Auditor Interests in BC/DR Plans
563(1)
Summary
564(1)
Exam Essentials
564(2)
Review Questions
566(5)
Appendix Answers to Review Questions 571(20)
Index 591
David L. Cannon CISA, CCSP, is President and Founder of CertTest Training Center, a leading CISA training provider. With more than 20 years of experience in IT training and consulting for IT operations, security, system administration, and management, David teaches CISA preparation courses across the country. He is a frequent speaker and lecturer at the leading security and auditing conferences.

Brian T. O'Hara CISA, CISM, CRISC, CISSP is the Information Security Officer (ISO) for Do it Best Corp. and is an ISSA Fellow. He is the President of the Indiana InfraGard Members Alliance, a partnership between the FBI and the private sector and President of the Central Indiana Chapter of ISACA.

Featuring test questions by...Allen Keele CISA, CISM, CISSP, ISO 31000 CICRA, ISO 27001 CICA, ISO 27001 Lead Auditor, ISO 22301 Certified Business Continuity Manager, and Certified Fraud Examiner is the founder of Certified Information Security www.certifiedinfosec.com.
Pastovi nuoroda: https://www.kriso.lt/db/9781119419211_pe.html
Raktažodžiai: