Atnaujinkite slapukų nuostatas

Complete Guide for CISA Examination Preparation [Minkštas viršelis]

  • Formatas: Paperback / softback, 256 pages, aukštis x plotis: 234x156 mm, weight: 381 g, 1 Tables, black and white
  • Serija: Security, Audit and Leadership Series
  • Išleidimo metai: 06-Oct-2020
  • Leidėjas: CRC Press
  • ISBN-10: 0367551748
  • ISBN-13: 9780367551742
Kitos knygos pagal šią temą:
Complete Guide for CISA Examination PreparationDidesnis paveikslėlis
  • Formatas: Paperback / softback, 256 pages, aukštis x plotis: 234x156 mm, weight: 381 g, 1 Tables, black and white
  • Serija: Security, Audit and Leadership Series
  • Išleidimo metai: 06-Oct-2020
  • Leidėjas: CRC Press
  • ISBN-10: 0367551748
  • ISBN-13: 9780367551742
Kitos knygos pagal šią temą:
Pastovi nuoroda: https://www.kriso.lt/db/9780367551742.html
Raktažodžiai:

The Complete Guide for CISA Examination Preparation delivers complete coverage of every topic on the latest release of the Certified Information Systems Auditor (CISA) exam. The author is an IT security and auditing expert and the book covers all five exam domains. This effective self-study system features chapter learning objectives, in-depth explanations of each topic, and accurate practice questions. Each chapter includes exam tips that highlight key exam information, hands-on exercises, a summary that serves as a quick review, and end-of-chapter questions that simulate those on the actual exam. Designed to help candidates pass the CISA exam easily, it also serves as an ideal on-the-job reference.

Richard E. Cascarino

, MBA, CIA, CISM, CFE, CRMA, is well known in international auditing. Richard is a principal of Richard Cascarino & Associates. He has over 31 years’ experience in audit training and consulting. He is a regular speaker at national and international conferences and has presented courses throughout Africa, Europe, the Middle East and the USA. Richard is a Past President of the Institute of Internal Auditors in South Africa, was the founding Regional Director of the Southern African Region of the IIA-Inc. and is a member of ISACA, and the Association of Certified Fraud Examiners, where he is a member of the Board of Regents for Higher Education. Richard was Chairman of the Audit Committee of Gauteng cluster 2 (Premier's office, Shared Services and Health) in Johannesburg and is currently the Chairman of the Audit and Risk Committee of the Department of Public Enterprises in South Africa.

Richard is also a visiting Lecturer at the University of the Witwatersrand, author of the book Internal Auditing: An Integrated Approach, now in its third edition. This book is extensively used as a university textbook worldwide. In addition, he is the author of the Auditor's Guide to IT Auditing, Second Edition and the book Corporate Fraud and Internal Control: A Framework for Prevention. He is also a contributor to all four editions of QFINANCE, the Ultimate Resource.

The Complete Guide for CISA Examination Preparation xi
Chapter 1 Introduction to the CISA Examination
1(8)
The Examination Itself
1(1)
Becoming Certified
1(1)
Experience Requirements
2(1)
Educational Waivers
2(1)
Passing the Examination
3(1)
CISA Job Practice Domains and Task and Knowledge Statements
4(1)
ISACA's Code of Professional Ethics
5(1)
The ISACA Standards
6(1)
Continuous Professional Education (CPE)
7(2)
Chapter 2 Domain 1 -- The Process of Auditing Information Systems
9(38)
The First Task
9(1)
The Second Task
10(1)
The Third Task
11(1)
The Fourth Task
11(1)
The Final Stage
12(1)
Knowledge Statements
12(7)
Knowledge of ISACA IT Audit and Assurance Standards, Guidelines and Tools and Techniques, Code of Professional Ethics, and Other Applicable Standards
12(7)
Understanding the Fundamental Business Processes
19(3)
Control Principles Related to Controls in Information Systems
22(2)
Reliability and Integrity of Information
22(1)
Compliance with Policies, Plans, Procedures, Laws, and Regulations
22(1)
Safeguarding of Assets
23(1)
Effectiveness and Efficiency of Operations
23(1)
Risk-Based Audit Planning and Audit Project Management Techniques
24(4)
Inherent Risk
25(1)
Control Risk
25(1)
Audit Risk
25(1)
Planning the Audit Project
25(2)
Quality of the Internal Control Framework
27(1)
Competence of Management
28(1)
Complexity of Transactions
28(1)
Liquidity of Assets
28(1)
Ethical Climate and Employee Morale
28(1)
Auditor Understanding of the Applicable Laws and Regulations That Affect the Scope, Evidence Collection and Preservation, and Frequency of Audits
29(1)
Evidence Collection Techniques
30(2)
Audit Techniques
32(1)
Automated Audit Tools
33(2)
Domain 1 Examination Tips
35(2)
Domain 1 Practice Questions
37(5)
Domain One Review Questions and Hands-On Exercise
42(1)
Domain 1 Answers to Practice Questions
43(3)
Exercise 1 Sample Answer
46(1)
Chapter 3 Domain 2 -- Governance and Management of IT
47(30)
Governance in General
47(4)
IT Architecture
51(1)
IT Policies and Standards
52(8)
Project Management
54(1)
Role of the Project Management Office (PMO)
55(1)
Resource Management
56(1)
Project Planning
57(1)
Function Point Analysis
58(1)
Project Tracking and Oversight
59(1)
Project Management Tools
59(1)
GANTT or Bar Charts
60(1)
Program Evaluation Review Techniques (Also Known as a Network Diagram)
60(1)
Critical Path Method
61(1)
Timebox Management
61(1)
Management of Resource Usage
62(1)
Auditor's Role in the Project Management Process
62(3)
Audit Risk Assessment
63(2)
Audit Planning
65(2)
Domain 2 Practice Questions
67(5)
Domain 2 Review Questions and Hands-on Exercise
72(1)
Exercise 2 Audit of Customer Receivables
72(1)
You are required to
73(1)
Exercise 2 Sample Answer
73(1)
Domain 2 Answers to Practice Questions
74(3)
Chapter 4 Domain 3 -- Information Systems Acquisition, Development, and Implementation
77(24)
Systems Acquisition
77(2)
Cloud-Based Systems Acquisition
79(1)
Systems Development
80(1)
The SDLC
81(4)
The Iterative Model
85(1)
Prototyping and Rapid Application Development (RAD)
85(1)
Agile Methodologies
85(2)
Lean Methodology
87(1)
Systems Implementation
87(1)
Systems Maintenance Review
88(2)
Domain 3 Practice Questions
90(4)
Domain 3 Review Questions and Hands-On Exercise
94(1)
Exercise 3
95(1)
Required
96(1)
Exercise 3 Sample Answer
96(2)
Domain 3 Answers to Practice Questions
98(3)
Chapter 5 Domain 4 -- Information Systems Operations, Maintenance, and Service Management
101(30)
Hardware
102(1)
CPU
102(1)
Peripherals
102(1)
Memory
102(1)
Computer Types
103(1)
Networks
103(1)
Storage
104(1)
Communications
105(1)
Input
105(1)
Output
106(1)
Control
107(1)
Systems Software
107(1)
Auditing Operating Systems
107(3)
People
109(1)
Job Scheduling
110(1)
System Interfaces
110(2)
Frameworks
110(2)
ITIL
112(1)
Change Management
113(2)
Change Management in the Use of Cloud-Based Applications
115(1)
Problem Management
116(1)
Auditing Change Control
116(1)
Service Management
116(1)
Disaster Recovery Planning
117(2)
Auditing Service Delivery
119(3)
Domain 4 Practice Questions
122(3)
Domain 4 Review Questions and Hands-On Exercise
125(2)
Exercise 4
127(1)
Exercise 4 Sample Answer
127(1)
Domain 4 Answers to Practice Questions
128(3)
Chapter 6 Domain 5 -- Protection of Information Assets
131(42)
Protection of Information Assets
132(1)
Privacy Principles
133(1)
Design, Implementation, Maintenance, Monitoring, and Reporting of Security Controls
134(9)
Physical and Environmental Controls and Supporting Practices for the Protection of Information Assets
134(1)
Physical Access Controls for the Identification, Authentication, and Restriction of Users
135(3)
Environmental Controls
138(1)
Logical Access Controls for the Identification, Authentication, and Restriction of Users
139(1)
Risk and Controls Associated with Virtualization of Systems
139(3)
Risks and Controls Associated with the Use of Mobile and Wireless Devices
142(1)
Voice Communications Security
143(1)
Network and Internet Security Devices, Protocols, and Techniques
143(1)
Configuration, Implementation, Operation, and Maintenance of Network Security Controls
144(1)
Encryption-Related Techniques and Their Uses
144(1)
Public Key Infrastructure (PKI) Components and Digital Signature Techniques
145(1)
Peer-to-Peer Computing, Instant Messaging, and Web-Based Technologies
146(1)
Data Classification Standards Related to the Protection of Information Assets
147(1)
Storage, Retrieval, Transportation, and Disposal of Confidential Information Assets
148(1)
Data Leakage
148(1)
Risks in End-User Computing
149(1)
Implementing a Security Awareness Program
149(1)
Information System Attack Methods and Techniques
150(1)
Prevention and Detection Tools and Control Techniques
151(4)
Malware
151(1)
Phishing
151(1)
Pharming
151(1)
Password Attacks
152(1)
Denial of Service (DoS) Attacks
152(1)
`Man in the Middle' (MITM) attacks
153(1)
Drive-By Downloads
153(1)
Rogue Software
153(1)
Ransomware
154(1)
Spyware and Adware
154(1)
Social Engineering
155(1)
Security Testing Techniques
155(1)
Penetration Testing and Vulnerability Scanning
155(1)
Monitoring and Responding to Security Incidents
156(1)
Forensic Investigation and Procedures in Collection and Preservation of the Data and Evidence
156(1)
Domain 5 Practice Questions
157(8)
Domain 5 Review Questions and Hands-On Exercise
165(1)
Exercise 5
166(1)
Exercise 5 Sample Answer
166(1)
Domain 5 Answers to Practice Questions
167(6)
Chapter 7 Preparing for the Examination
173(4)
Appendix A Glossary of Terms 177(34)
Appendix B CISA Sample Examination -- Choose Any 150 Questions 211(32)
Appendix C Sample Examination Answers 243(2)
Index 245
Richard E. Cascarino, MBA, CIA, CISM, CFE, CRMA, is well-known in international auditing. Richard is a principal of Richard Cascarino & Associates. He has more than 31 years experience in audit training and consulting. He is a regular speaker to National and International conferences and has presented courses throughout Africa, Europe, the Middle East and the USA. Richard is a Past President of the Institute of Internal Auditors in South Africa, was the founding Regional Director of the Southern African Region of the IIA-Inc. and is a member of ISACA, and the Association of Certified Fraud Examiners, where he is a member of the Board of Regents for Higher Education. Richard was Chairman of the Audit Committee of Gauteng cluster 2 (Premier's office, Shared Services and Health) in Johannesburg and is currently the Chairman of the Audit and Risk Committee of the Department of Public Enterprises in South Africa. He is also a visiting Lecturer at the University of the Witwatersrand, author of the book Internal Auditing: An Integrated Approach, now in its third edition. This book is extensively used as a university textbook worldwide. In addition, he is the author of the Auditor's Guide to IT Auditing, Second Edition and the book Corporate Fraud and Internal Control: A Framework for Prevention. He is also a contributor to all four editions of QFINANCE, the Ultimate Resource.