𝔖 Scriptorium
✦   LIBER   ✦
πŸ“

CISA – Certified Information Systems Auditor Study Guide: Aligned with the CISA Review Manual 2019 to help you audit, monitor, and assess information systems

✍ Scribed by Hemang Doshi

Publisher
Packt
Tongue
English
Leaves
1083
Category
Library
⬇  Acquire This Volume

No coin nor oath required. For personal study only.

✦ Synopsis

This CISA study guide is for those interested in achieving CISA certification and provides complete coverage of ISACA's latest CISA Review Manual (2019) with practical examples and over 850 exam-oriented practice questions

Key Features

  • Gain tactical skills in auditing, control, and security to pass the CISA examination
  • Get up to speed with auditing business IT systems
  • Increase your value to organizations and be at the forefront of an evolving business landscape by achieving CISA certification

Book Description

Are you looking to prepare for the CISA exam and understand the roles and responsibilities of an information systems (IS) auditor?

The CISA - Certified Information Systems Auditor Study Guide is here to help you get started with CISA exam prep.

This book covers all the five CISA domains in detail to help you pass the exam. You'll start by getting up and running with the practical aspects of an information systems audit. The book then shows you how to govern and manage IT, before getting you up to speed with acquiring information systems. As you progress, you'll gain knowledge of information systems operations and understand how to maintain business resilience, which will help you tackle various real-world business problems. Finally, you'll be able to assist your organization in effectively protecting and controlling information systems with IT audit standards.

By the end of this CISA book, you'll not only have covered the essential concepts and techniques you need to know to pass the CISA certification exam but also have the ability to apply them in the real world.

What you will learn

  • Understand the information systems auditing process
  • Get to grips with IT governance and management
  • Gain knowledge of information systems acquisition
  • Assist your organization in protecting and controlling information systems with IT audit standards
  • Understand information systems operations and how to ensure business resilience
  • Evaluate your organization's security policies, standards, and procedures to meet its objectives

Who this book is for

This CISA exam study guide is designed for those with a non-technical background who are interested in achieving CISA certification and are currently employed or looking to gain employment in IT audit and security management positions.

Table of Contents

  1. Audit Planning
  2. Audit Execution
  3. IT Governance
  4. IT Management
  5. Information Systems Acquisition and Development
  6. Information Systems Implementation
  7. Information System Operations
  8. Business Resilience
  9. Information Asset Security and Control
  10. Network Security and Control
  11. Public Key Cryptography and Other Emerging Technologies
  12. Security Event Management

✦ Table of Contents

Title Page
Copyright and Credits
CISA – Certified Information Systems Auditor Study Guide
Dedication
About Packt
Why subscribe?
Contributors
About the author
About the reviewer
Packt is searching for authors like you
Preface
Who this book is for
What this book covers
To get the most out of this book
Download the color images
Conventions used
Get in touch
Reviews
Section 1: Information System Auditing Process
Audit Planning
The content of an audit charter
Key aspects from CISA exam perspective
Self-evaluation questions
Audit planning
Benefits of audit planning
Selection criteria
Reviewing audit planning
Individual audit assignments
Key aspects from CISA exam perspective
Self-evaluation questions
Business process applications and controls
E-commerce
Electronic Data Interchange (EDI)
Point of Sale (POS)
Electronic banking
Electronic funds transfer (EFT)
Image processing
Artificial intelligence and expert systems
Key aspects from CISA exam perspective
Self-evaluation questions
Types of controls
Preventive controls
Detective controls
Corrective controls
Deterrent controls
The difference between preventive and deterrent controls
Compensating controls
Control objectives
Control measures
Key aspects from CISA exam perspective
Self-evaluation questions
Risk-based audit planning
What is risk?
Understanding vulnerability and threat
Understanding inherent risk and residual risk
Advantages of risk-based audit planning
Audit risk
Risk-based auditing approach
Risk assessments
Risk response methodology
Top-down and bottom-up approaches to policy development
The top-down approach
The bottom-up approach
The best approach
Key aspects from CISA exam perspective
Self-evaluation questions
Types of audit and assessment
Self-evaluation questions
Summary
Assessments
Content of the audit charter
Audit planning
Business process applications and controls
Types of controls
Risk-based audit planning
Types of audit and assessment
Audit Execution
Audit project management
Audit objectives
Audit phases
Fraud, irregularities, and illegal acts
Key aspects from CISA exam perspective
Self-assessment questions
Sampling methodology
Sampling types
Sampling risk
Other sampling terms
The confidence coefficient
Level of risk
Expected error rate
Tolerable error rate
Sample mean
Sample standard deviation
Compliance versus substantive testing
The difference between compliance testing vis-Γ -vis substantive testing
Examples of compliance testing and substantive testing
The relationship between compliance testing and substantive testing
Key aspects from the CISA exam perspective
Self-assessment questions
Audit evidence collection techniques
Reliability of evidence
Independence of the evidence provider
Qualifications of the evidence provider
Objectivity of the evidence
Timing of the evidence
Evidence gathering techniques
Key aspects from the CISA exam perspective
Self-assessment questions
Data analytics
Examples of the effective use of data analytics
CAATs
Examples of the effective use of CAAT tools
Precautions while using CAAT
Continuous auditing and monitoring
Continuous auditing techniques
Integrated test facility
System control audit review file
Snapshot technique
Audit hook
Continuous and Intermittent Simulation
Key aspects from the CISA exam perspective
Self-assessment questions
Reporting and communication techniques
Exit interview
Audit reporting
Audit report objectives
Audit report structure
Follow-up activities
Key aspects from the CISA exam perspective
Self-assessment questions
Control self-assessment
Objectives of CSA
Benefits of CSA
Disadvantages of CSA
An IS auditor’s role in CSA
Key aspects from the CISA exam perspective
Self-assessment questions
Summary
Assessments
Audit project management
Sampling methodology
Audit evidence collection
Data analytics
Reporting and communication techniques
Control self-assessment
Section 2: Governance and Management of IT
IT Governance
IT enterprise governance (EGIT)
EGIT processes
Difference between governance and management
EGIT good practices
Effective information security governance
EGIT – success factors
Key aspects from the CISA exam perspective
Self-assessment questions
IT-related frameworks
IT standards, policies, and procedures
Standard
Policies
Procedures
Guidelines
Information security policy
Content of the information security policy
Information security policy users
Information security policy audit
Information security policy review
Key aspects from CISA exam perspective
Self-assessment questions
Organizational structure
Relationship between the IT strategy committee and the IT steering committee
Differences between the IT strategy committee and the IT steering committee
Key aspects from the CISA exam perspective
Self-assessment questions
Enterprise architecture
Enterprise security architecture
Key aspects from CISA exam perspective
Self-assessment questions
Enterprise risk management
Risk management process steps
Risk analysis methods
Risk treatment
Key aspects from the CISA exam perspective
Self-assessment questions
Maturity model
Laws, regulations, and industry standards affecting the organization
An IS auditor's role in determining adherence to laws and regulations
Key aspects from the CISA exam perspective
Self-assessment questions
Summary
Assessments
IT enterprise governance
IT standards, policies, and procedures
Organizational structure
Enterprise architecture
Enterprise risk management
Laws, regulations, and industry standards affecting the organization
IT Management
IT resource management
Human resource management
Hiring
Training
Scheduling and time reporting
During employment
Termination policies
IT management practices
Financial management practices
Key aspects from CISA exam perspective
Self-assessment questions
IT service provider acquisition and management
Evaluation criteria for outsourcing
Steps for outsourcing
Outsourcing – risk reduction options
Provisions for outsourcing contracts
Role of IS auditors in monitoring outsourced activities
Globalization of IT functions
Outsourcing and third-party audit reports
Monitoring and review of third-party services
Key aspects from CISA exam perspective
Self-evaluation questions
IT performance monitoring and reporting
Steps for the development of performance metrics
Effectiveness of performance metrics
Tools and techniques
Key aspects from CISA exam perspective
Self-evaluation questions
Quality assurance and quality management in IT
Quality assurance
Quality management
Key aspects from CISA exam perspective
Self-evaluation questions
Summary
Assessment answers
IT resource management
IT service provider acquisition and management
IT performance monitoring and reporting
Quality assurance and quality management in IT
Section 3: Information Systems Acquisition, Development, and Implementation
Information Systems Acquisition and Development
Project management structure
Project roles and responsibilities
Board of Directors
IT strategy committee
Project steering committee
Project sponsor
System development management
Project cost estimation methods
Software size estimation methods
Project evaluation methods
Critical path methodology
Program Evaluation Review Technique (PERT)
Earned Value Analysis
Timebox management
Project objectives, OBS, and WBS
Role of the IS auditor in project management
Key aspects from the CISA exam perspective
Self-assessments questions
Business cases and feasibility analysis
Business cases
Feasibility analysis
The IS auditor's role in business case development
Self-assessment questions
System development methodologies
SDLC models
Traditional waterfall
V-shaped
Iterative
SDLC phases
Phase 1 – Feasibility study
Phase 2 – Requirements
Phase 3 – Software selection and acquisition
Phase 4 – Development
Phase 5 – Testing and implementation
Phase 6 – Post-implementation
Software development methods
Agile development
Prototyping
Rapid Application Development
Object-Oriented System Development
Component-based development
Software engineering and reverse engineering
Key aspects from the CISA exam perspective
Self-assessment questions
Control identification and design
Check digits
Parity bits
Checksums
Forward error control
Data integrity principles
Limit checks
Automated systems balancing
Sequence checks
Decision support systems
Efficiency versus effectiveness
Design and development
Risk factors
Decision trees
Key aspects from the CISA exam perspective
Self-assessment questions
Summary
Assessments
ProjectΒ management structure
The business case and feasibility analysis
System development methodologies
Control identification and design
Information Systems Implementation
Testing methodology
Unit testing
Integrated testing
System testing
Final acceptance testing
Regression testing
Sociability test
Pilot testing
Parallel testing
White box testing
Black box testing
Alpha testing
Beta testing
Testing approach
Testing phases
Key aspects from the CISA exam perspective
Self-assessment questions
System migration
Parallel changeover
Phased changeover
Abrupt changeover
Key aspects from the CISA exam perspective
Self-assessment questions
Post-implementation review
Key aspects from the CISA exam perspective
Self-assessment questions
Summary
Assessments
Testing methodology
System migration
Post-implementation review
Section 4: Information System Operations and Business Resilience
Information System Operations
Understanding common technology components
The types of server
USB
USBs – Risks
USBs – Security controls
RFID
RFID – Applications
RFID – Risks
RFID – Security controls
Self-assessment questions
IT asset management
Self-assessment questions
Job scheduling
Self-assessment questions
End user computing
Self-assessment question
System performance management
Nucleus (kernel) functions
Utility programs
Parameter setting for the operating system
Registry
Activity logging
Software licensing issues
Source code management
Capacity management
Key aspects from a CISA exam perspective
Self-assessment questions
Problem and incident management
Network management tools
Key aspects from a CISA exam perspective
Self-assessment questions
Change management, configuration management, and patch management
Change management process
Patch management
Configuration management
Emergency change management
Backout process
The effectiveness of a change management process
Key aspects from a CISA exam perspective
Self-assessment questions
IT service level management
Key aspects from the CISA exam perspective
Self evaluation questions
Evaluating the database management process
Advantages of database management
Database structures
Hierarchical database model
Network database model
Relational database model
Object-oriented database model
Database normalization
Database checks and controls
Segregation of duties
Key aspects from a CISA exam perspective
Self-assessment questions
Summary
Assessment
Common technology components
IT asset management
Job scheduling
End user computing
System performance management
Problem and incident management
Change management, configuration management, and patch management
IT service level management
Database management
Business Resilience
Business impact analysis
Key aspects from the perspective of the CISA exam
Self-assessment questions
Data backup and restoration
Types of backup strategy
Storage capacity for each backup scheme
Restoration capability for each backup scheme
Advantages and disadvantages of each scheme
Key aspects from the perspective of the CISA exam
Self-assessment questions
System resiliency
Application resiliency – clustering
Telecommunication network resiliency
Alternative routing
Diverse routing
Self-assessment questions
Business continuity plan
Steps of the BCP life cycle
Content of the BCP
Responsibility for declaring the disaster
A Single Plan
Backup procedure for critical operations
The involvement of process owners in the BCP
BCP and risk assessment
Testing the BCP
Key aspects from the perspective of the CISA exam
Self-assessment questions
Disaster recovery plan
The BCP versus the DRP
Relationship between the DRP and the BIA
Costs associated with disaster recovery
Data backup
DRP of a third-party service provider
Resilient information assets
Service delivery objective
Key aspects from the CISA exam perspective
Self-assessment questions
DRP – test methods
Checklist review
Structured walkthrough
Tabletop test
Simulation test
Parallel test
Full interruption test
Key aspects from theΒ CISA exam perspective
Self-assessment questions
Recovery Time Objective (RTO) and Recovery Point Objective (RPO)
RTO
RPO
RTO and RPO for critical systems
RTO and RPO and maintenance costs
RTO, RPO, and disaster tolerance
Key aspects from the CISA exam perspective
Self-assessment questions
Alternate recovery site
Mirrored site
Hot site
Warm site
Cold site
Mobile site
Reciprocal agreement
Self-assessment questions
Summary
Assessment
Business impact analysis
Data backup and restoration
System resiliency
Business continuity plan
Disaster recovery plan
DRP – test methods
Recovery Time Objective (RTO) and Recovery Point Objective (RPO)
Alternate recovery site
Section 5: Protection of Information Assets
Information Asset Security and Control
Information asset security frameworks, standards, and guidelines
Auditing the information security management framework
Key aspects from the CISA exam perspective
Self-assessment questions
Privacy principles
Self-assessment questions
Physical access and environmental controls
Environmental controls
Water and Smoke Detectors
Fire suppression system
Wet-based sprinkler (WBS)
Dry pipe sprinkler
Halon system
Carbon dioxide systems
Physical access control
Bolting door locks
Combination door locks (cipher locks)
Electronic door locks
Biometric door locks
Deadman doors
Identification badge
CCTV camera
Key aspects from the CISA exam perspective
Self-assessment questions
Identity and access management
Access control categories
Steps for implementing logical access
Control Effectiveness
Default deny policy – allow all policy
Degaussing (demagnetizing)
Naming convention
Factor of authentication
Single sign-on
Advantages of SSO
Disadvantages of SSO
Key aspects from the CISA exam perspective
Self-assessment questions
Biometrics
Biometrics – accuracy measure
False acceptance rate (FAR)
False rejection rate (FRR)
Cross error rate (CER) or equal error rate (EER)
Control over the biometric process
Types of biometric attacks
Self-assessment questions
Summary
Assessments
Information asset security frameworks, standards, and guidelines
Privacy principles
Physical access and environmental controls
Identity and access management
Biometrics
Network Security and Control
Network and endpoint devices
Open system interconnection (OSI) layers
Networking devices
Repeaters
Hubs and switches
Bridges
Routers
Gateway
Network devices and the OSI layer
Network physical media
Fiber optics
Twisted pair (copper circuit)
Infrared and radio (wireless)
Identifying the risks of physical network media
Attenuation
EMI
Cross talks
Network diagram
Network protocols
Dynamic Host Configuration Protocol
Transport Layer Security and Secure Socket Layer
Transmission Control Protocol and User Data Protocol
Secure Shell and Telnet
Key aspects from CISA exam perspective
Self-assessment questions
Firewall types and implementation
Types of firewall
Packet filtering router
Stateful inspection
Circuit-level
Application-level
What is a bastion host?
What is a proxy?
Types of firewall implementation
Dual-homed firewall
Screened host firewall
Screened subnet firewall (demilitarized zone)
Firewall and the corresponding OSI layer
Key aspects from the CISA exam perspective
Self-assessment questions
VPN
Types of VPN
VPNs – security risks
VPNs – technical aspects
Key aspects from the perspective of the CISA exam
Self-assessment questions
Voice over Internet Protocol (VoIP)
Key aspects from the CISA exam perspective
Self-assessment questions
Wireless networks
Enabling MAC filtering
Enabling encryption
Disabling a service set identifier (SSID)
Disabling DHCP
Common attack methods and techniques for a wireless network
War driving
War walking
War chalking
Key aspects from the CISA exam perspective
Self-assessment questions
Email security
Key aspects from the CISA exam perspective
Self-assessment questions
Summary
Assessments
Network and endpoint devices
Firewall types and implementation
Virtual Private Network (VPN)
Voice over Internet Protocol (VoIP)
Wireless networks
Email security
Public Key Cryptography and Other Emerging Technologies
Public key cryptography
Symmetric encryption versus asymmetric encryption
Encryption keys
Confidentiality
Authentication
Non- Repudiation
Integrity
The hash of the message
Combining symmetric and asymmetric methods
Key aspects from the CISA exam perspective
Self-assessment questions
Elements of PKI
PKI terminology
Processes involved in PKI
Certifying Authority versus Registration Authority
Key aspects from the CISA exam perspective
Self-assessment questions
Cloud computing
Cloud computing – deployment models
The private cloud
The public cloud
The community cloud
The hybrid cloud
Cloud computing – the IS auditor's role
Self-assessment questions
Virtualization
Mobile computing
Internet of Things (IoT)
Summary
Assessments
Public key cryptography
Elements of public key infrastructure
Cloud computing
Security Event Management
Security awareness training and programs
Participants
Security awareness methods
Social engineering attacks
Evaluating the effectiveness of security programs
Key aspects from the CISA exam perspective
Self-assessment questions
Information system attack methods and techniques
Malicious codes
Biometric attacks
Key aspects from the CISA exam perspective
Assessment
Security testing tools and techniques
General security controls
Terminal controls
Logon IDs and passwords
Authorization process
Automatic logoff
Account lockout
Controls on bypassing software and utilities
Log capturing and monitoring
Time synchronization
Network penetration tests
Aspects to be covered within the scope of the audit
Types of penetration tests
External testing
Internal testing
Blind testing
Double blind testing
Targeted testing
Risks associated with penetration testing
Threat intelligence
Key aspects from the CISA exam perspective
Self-assessment questions
Security monitoring tools and techniques
Intrusion detection system
Network-based and host-based IDS
Components of the IDS
Limitations of the IDS
Types of IDS
Signature-based
Statistical-based
Neural network
Placement of IDS
Intrusion prevention system
Honey pots and honey nets
Key aspects from the CISA exam perspective
Self-assessment questions
Incident response management
Computer Security Incident Response Team
Key aspects from the CISA exam perspective
Self-assessment questions
Evidence collection and forensics
Chain of custody
Identify
Preserve
Analyze
Present
Key elements of computer forensics
Data protection
Data acquisition
Imaging
Extraction
Interrogation
Ingestion/normalization
Reporting
Protection of evidence
Self-assessment questions
Summary
Assessments
Security awareness training and programs
Information system attack methods and techniques
Security testing tools and techniques
Security monitoring tools and techniques
Incident response management
Evidence collection and forensics
Other Books You May Enjoy
Leave a review - let other readers know what you think

πŸ“œ SIMILAR VOLUMES

CISA – Certified Information Systems Aud
πŸ“ CISA – Certified Information Systems Auditor Study Guide: Aligned with the CISA Review Manual 2019 to help you audit, monitor, and assess information systems
✍ Hemang Doshi πŸ“‚ Library πŸ“… 2020 πŸ› Packt Publishing 🌐 English

<p><b>This CISA study guide is for those interested in achieving CISA certification and provides complete coverage of ISACA's latest CISA Review Manual (2019) with practical examples and over 850 exam-oriented practice questions</b></p> <h4>Key Features</h4> <ul><li>Gain tactical skills in auditing,

CISA Certified Information Systems Audit
πŸ“ CISA Certified Information Systems Auditor Study Guide
✍ David L. Cannon πŸ“‚ Library πŸ“… 2008 πŸ› Sybex 🌐 English

Prepare for CISA certification and improve your job skills with the training you'll receive in this valuable book. Covering the very latest version of the exam, it's packed with instruction on all exam content areas, including the most up-to-date regulations, IS auditing best practices, and complian

CISA Certified Information Systems Audit
πŸ“ CISA Certified Information Systems Auditor Study Guide
✍ David L. Cannon πŸ“‚ Library πŸ“… 2011 πŸ› Sybex 🌐 English

The industry-leading study guide for the CISA exam, fully updatedMore than 27,000 IT professionals take the Certified Information Systems Auditor exam each year. SC Magazine lists the CISA as the top certification for security professionals. Compliances, regulations, and best practices for IS auditi

CISA Certified Information Systems Audit
πŸ“ CISA Certified Information Systems Auditor Study Guide
✍ David L. Cannon πŸ“‚ Library πŸ“… 2008 πŸ› Sybex 🌐 English

Prepare for CISA certification and improve your job skills with the training you'll receive in this valuable book. Covering the very latest version of the exam, it's packed with instruction on all exam content areas, including the most up-to-date regulations, IS auditing best practices, and complian