You are previewing CISA® Certified Information Systems Auditor™ Study Guide, Second Edition.
O'Reilly logo
CISA® Certified Information Systems Auditor™ Study Guide, Second Edition

Book Description

Prepare for CISA certification and improve your job skills with the training you'll receive in this valuable book. Covering the very latest version of the exam, it's packed with instruction on all exam content areas, including the most up-to-date regulations, IS auditing best practices, and compliances. You'll find practical exercises and plenty of real-world scenarios—just what you need for the CISA exam, and beyond.

Note: CD-ROM/DVD and other supplementary materials are not included as part of eBook file.

Table of Contents

  1. Copyright
  2. Dear Reader,
  3. Acknowledgments
  4. Introduction
    1. What is the Job Market for Certified IS Auditors?
      1. What Is the CISA Certification?
      2. Why Become a CISA?
      3. How to Become a CISA
    2. Why Should I Buy This Book?
    3. How to Use This Book and CD
    4. What to Expect on the CISA Exam
    5. How to Fail your CISA Exam
    6. Test Taking and Preparation
      1. 10-Day Countdown
      2. 3-Day Countdown
      3. 1-Day Countdown
      4. Test Morning
      5. Plan on Using All 4 Hours
      6. Read the Question Carefully
      7. Done! The Exam Is Over
      8. Getting Your CISA Awarded
      9. Related Professional Certifications
      10. Information Systems Security Practices
      11. Auditing
      12. Disaster Recovery and Business Continuity
      13. Project Management
      14. Physical Building Security
  5. Assessment Test
  6. Answers to Assessment Test
  7. 1. Secrets of a Successful IS Auditor
    1. 1.1. Understanding the demand for IS Audits
    2. 1.2. Understanding Policies, Standards, Guidelines, and Procedures
      1. 1.2.1. Understanding the ISACA Code of Professional Ethics
      2. 1.2.2. Preventing Ethical Conflicts
      3. 1.2.3. Understanding the Purpose of an Audit
      4. 1.2.4. Classifying Basic Types of Audits
      5. 1.2.5. Understanding the Auditor's Responsibility
      6. 1.2.6. Comparing Audits to Assessments
    3. 1.3. Auditor Role versus Auditee Role
      1. 1.3.1. Applying an Independence Test
      2. 1.3.2. Understanding the Various Auditing Standards
        1. 1.3.2.1. ISACA IS Audit Standards
      3. 1.3.3. Specific Regulations Defining Best Practices
      4. 1.3.4. Identifying Specific Types of Audits
    4. 1.4. Auditor Is an Executive Position
      1. 1.4.1. Understanding the Importance of Auditor Confidentiality
      2. 1.4.2. Working with Lawyers
      3. 1.4.3. Retaining Audit Documentation
      4. 1.4.4. Providing Good Communication and Integration
      5. 1.4.5. Understanding Leadership Duties
      6. 1.4.6. Planning and Setting Priorities
      7. 1.4.7. Providing Standard Terms of Reference
      8. 1.4.8. Dealing with Conflicts and Failures
      9. 1.4.9. Identifying the Value of Internal and External Auditors
      10. 1.4.10. Understanding the Evidence Rule
      11. 1.4.11. Identifying Who You Need to Interview
    5. 1.5. Understanding the Corporate Organizational Structure
      1. 1.5.1. Identifying Roles in a Corporate Organizational Structure
      2. 1.5.2. Identifying Roles in a Consulting Firm Organizational Structure
    6. 1.6. Managing Projects
      1. 1.6.1. What Is a Project?
      2. 1.6.2. What Is Project Management?
      3. 1.6.3. Identifying the Requirements of a Project Manager
      4. 1.6.4. Identifying a Project Manager's Authority
      5. 1.6.5. Understanding the Project Management Process Framework
      6. 1.6.6. Applied Project Management Quick Reference
        1. 1.6.6.1. Project Integration Management
        2. 1.6.6.2. Project Scope Management
        3. 1.6.6.3. Project Time Management
        4. 1.6.6.4. Project Cost Management
        5. 1.6.6.5. Project Quality Management
        6. 1.6.6.6. Project Human Resource Management
        7. 1.6.6.7. Project Communications Management
        8. 1.6.6.8. Project Risk Management
        9. 1.6.6.9. Project Procurement Management
      7. 1.6.7. Using Project Management Diagramming Techniques
    7. 1.7. Summary
    8. 1.8. Exam Essentials
    9. 1.9. Review Questions
    10. 1.10. Answers to Review Questions
  8. 2. Audit Process
    1. 2.1. Establishing and Approving an Audit Charter
      1. 2.1.1. Role of the Audit Committee
      2. 2.1.2. Engagement Letter
    2. 2.2. Preplanning the Audit
      1. 2.2.1. Identifying Restrictions on Scope
      2. 2.2.2. Understanding the Variety of Audits
      3. 2.2.3. Gathering Detailed Audit Requirements
      4. 2.2.4. Using a Systematic Approach to Planning
      5. 2.2.5. Comparing Traditional Audits to Assessments and Self-Assessments
      6. 2.2.6. Choosing a Risk Management Strategy
    3. 2.3. Performing an Audit Risk Assessment
    4. 2.4. Determining Whether an Audit Is Possible
    5. 2.5. Performing the Audit
      1. 2.5.1. Allocating Staffing
        1. 2.5.1.1. Creating a Skills Matrix
        2. 2.5.1.2. Using the Work of Other People
      2. 2.5.2. Ensuring Audit Quality Control
      3. 2.5.3. Defining Auditee Communications
      4. 2.5.4. Using Data Collection Techniques
    6. 2.6. The hierarchy of internal controls
      1. 2.6.1. Reviewing Existing Controls
        1. 2.6.1.1. The Secret of Strong Controls
    7. 2.7. Gathering Audit Evidence
      1. 2.7.1. Using Evidence to Prove a Point
      2. 2.7.2. Types of Evidence
      3. 2.7.3. Typical Evidence for IS Audits
      4. 2.7.4. Using Computer Assisted Audit Tools
        1. 2.7.4.1. Using CAAT for Continuous Online Audit
      5. 2.7.5. Electronic Discovery
      6. 2.7.6. Grading of Evidence
      7. 2.7.7. Timing of Evidence
      8. 2.7.8. Evidence Life Cycle
      9. 2.7.9. Preparing Audit Documentation
      10. 2.7.10. Selecting Audit Samples
        1. 2.7.10.1. Statistical Sampling
        2. 2.7.10.2. Nonstatistical Sampling
    8. 2.8. Conducting Audit Testing
      1. 2.8.1. Compliance Testing
      2. 2.8.2. Substantive Testing
      3. 2.8.3. Tolerable error rate
      4. 2.8.4. Record Your Test Results
      5. 2.8.5. Analyzing the Results
      6. 2.8.6. Detecting Irregularities and Illegal Acts
        1. 2.8.6.1. Indicators of Illegal or Irregular Activity
        2. 2.8.6.2. Responding to Irregular or Illegal Activity
        3. 2.8.6.3. Findings Outside of Audit Scope
    9. 2.9. Reporting Your Audit Findings
      1. 2.9.1. Identifying Omitted Procedures
      2. 2.9.2. Conducting an Exit Interview
    10. 2.10. Conducting Follow-Up Activities
    11. 2.11. Summary
    12. 2.12. Exam Essentials
    13. 2.13. Review Questions
    14. 2.14. Answers to Review Questions
  9. 3. IT Governance
    1. 3.1. Strategy Planning for Organizational Control
      1. 3.1.1. Overview of the IT Steering Committee
      2. 3.1.2. Using the Balanced Scorecard
      3. 3.1.3. IT Subset of the BSC
      4. 3.1.4. Selecting an IT Strategy
      5. 3.1.5. Specifying a Policy
        1. 3.1.5.1. Types of Policies
      6. 3.1.6. Implementation Planning of the IT Strategy
        1. 3.1.6.1. Data Plans
        2. 3.1.6.2. Application Management Plan
        3. 3.1.6.3. Technology Plan
        4. 3.1.6.4. Organizational Plan
        5. 3.1.6.5. Facilities Plan
      7. 3.1.7. Using CObIT
      8. 3.1.8. Identifying Sourcing Locations
        1. 3.1.8.1. Sourcing Practices
        2. 3.1.8.2. Sourcing Methods
        3. 3.1.8.3. Globalization Issues
        4. 3.1.8.4. Legal Compliance Issues
        5. 3.1.8.5. Subcontractor Liability Trap
        6. 3.1.8.6. In-House Operations Return
      9. 3.1.9. Conducting an Executive Performance Review
      10. 3.1.10. Understanding the Auditor's Interest in the Strategy
    2. 3.2. Overview of Tactical Management
    3. 3.3. Planning and Performance
      1. 3.3.1. Management Control Methods
        1. 3.3.1.1. Performance Review
        2. 3.3.1.2. National Institute of Standards and Technology
        3. 3.3.1.3. International Standards
        4. 3.3.1.4. Quality Management
      2. 3.3.2. Project Management
      3. 3.3.3. Risk Management
        1. 3.3.3.1. Personnel Risk
        2. 3.3.3.2. Information Security Risk
      4. 3.3.4. Implementing Standards
      5. 3.3.5. Human Resources
      6. 3.3.6. System Life-Cycle Management
      7. 3.3.7. Continuity Planning
      8. 3.3.8. Insurance
      9. 3.3.9. Performance Management
        1. 3.3.9.1. Managing Outsourcing
    4. 3.4. Overview of Business Process Reengineering
      1. 3.4.1. Why Use Business Process Reengineering
      2. 3.4.2. BPR Methodology
      3. 3.4.3. Genius or Insanity?
      4. 3.4.4. Goal of BPR
      5. 3.4.5. Guiding Principles for BPR
      6. 3.4.6. Knowledge Requirements for BPR
      7. 3.4.7. BPR Techniques
      8. 3.4.8. BPR Application Steps
      9. 3.4.9. Role of IS in BPR
      10. 3.4.10. Business Process Documentation
      11. 3.4.11. BPR Tools and Techniques
      12. 3.4.12. Benchmarking as a BPR Tool
      13. 3.4.13. Using a Business Impact Analysis
      14. 3.4.14. BPR Project Risk Assessment
      15. 3.4.15. Practical Application of BPR
        1. 3.4.15.1. Don't Fix an Existing Process Unless It's Broken
        2. 3.4.15.2. Calculate the Return on Investment (ROI) Before Investing Any Resources
        3. 3.4.15.3. Make Sure You Fully Understand the Process Before You Try to Fix It
        4. 3.4.15.4. Make Sure You Don't Have Any "Leftovers" After Reengineering the Process
      16. 3.4.16. Practical Selection Methods for BPR
      17. 3.4.17. Troubleshooting BPR Problems
      18. 3.4.18. Understanding the Auditor's Interest in Tactical Management
    5. 3.5. Operations Management
      1. 3.5.1. Sustaining Operations
      2. 3.5.2. Tracking Performance
      3. 3.5.3. Controlling Change
      4. 3.5.4. Understanding the Auditor's Interest in Operational Delivery
    6. 3.6. Summary
    7. 3.7. Exam Essentials
    8. 3.8. Review Questions
    9. 3.9. Answers to Review Questions
  10. 4. Networking Technology
    1. 4.1. Understanding the Differences in Computer Architecture
    2. 4.2. Selecting the Best System
      1. 4.2.1. Identifying Various Operating Systems
        1. 4.2.1.1. Rocket to the Moon
        2. 4.2.1.2. Portable Software Systems
      2. 4.2.2. Determining the Best Computer Class
        1. 4.2.2.1. Supercomputers
        2. 4.2.2.2. Mainframe Computers
        3. 4.2.2.3. Midrange
        4. 4.2.2.4. Microcomputers
      3. 4.2.3. Comparing Computer Capabilities
      4. 4.2.4. Ensuring System Control
      5. 4.2.5. Dealing with Data Storage
      6. 4.2.6. Using Interfaces and Ports
        1. 4.2.6.1. Protecting Hardware Port Controls and Port Access
        2. 4.2.6.2. Software Ports
    3. 4.3. Overview of the Open Systems Interconnect (OSI) Model
      1. 4.3.1. Layer 1: Physical Layer
      2. 4.3.2. Layer 2: Data-Link Layer
      3. 4.3.3. Layer 3: Network Layer
      4. 4.3.4. Finding a Path across the Network
      5. 4.3.5. Layer 4: Transport Layer
      6. 4.3.6. Layer 5: Session Layer
      7. 4.3.7. Layer 6: Presentation Layer
      8. 4.3.8. Layer 7: Application Layer
      9. 4.3.9. Understanding How Computers Communicate
    4. 4.4. Physical Network Design
    5. 4.5. Overview of Network Topologies
      1. 4.5.1. Identifying Bus Topologies
      2. 4.5.2. Identifying Star Topologies
      3. 4.5.3. Identifying Ring Topologies
      4. 4.5.4. Identifying Meshed Networks
    6. 4.6. Network Cable Types
      1. 4.6.1. Coaxial Cable
      2. 4.6.2. Unshielded Twisted-Pair (UTP) Cable
      3. 4.6.3. Fiber-Optic Cable
    7. 4.7. Network Devices
    8. 4.8. Network Services
      1. 4.8.1. Domain Name System
      2. 4.8.2. Dynamic Host Configuration Protocol
        1. 4.8.2.1. The DHCP Router Solution
    9. 4.9. Expanding the Network
      1. 4.9.1. Using Telephone Circuits
        1. 4.9.1.1. Dedicated Telephone Circuits
        2. 4.9.1.2. Packet-Switched Circuits
      2. 4.9.2. Wireless Access Solutions
        1. 4.9.2.1. Wireless RFID Systems
      3. 4.9.3. Summarizing the Various Area Networks
    10. 4.10. Managing Your Network
      1. 4.10.1. Syslog
      2. 4.10.2. Automated Cable Tester
      3. 4.10.3. Protocol Analyzer
      4. 4.10.4. Simple Network Management Protocol
      5. 4.10.5. Remote Monitoring Protocol Version 2
    11. 4.11. Summary
    12. 4.12. Exam Essentials
    13. 4.13. Review Questions
    14. 4.14. Answers to Review Questions
  11. 5. Life Cycle Management
    1. 5.1. Governance in Software Development
    2. 5.2. Managing Software Quality
      1. 5.2.1. Capability Maturity Model
      2. 5.2.2. International Organization for Standardization
        1. 5.2.2.1. ISO 15504: Variation of CMM
        2. 5.2.2.2. ISO 9001: Quality Management
        3. 5.2.2.3. ISO 9126: Software Quality
      3. 5.2.3. ISO 15489: Records Management
    3. 5.3. Overview of the Steering Committee
      1. 5.3.1. Identifying Critical Success Factors
      2. 5.3.2. Using the Scenario Approach
      3. 5.3.3. Aligning Software to Business Needs
        1. 5.3.3.1. RFI/RFP Process
        2. 5.3.3.2. Reviewing Vendor Proposals
    4. 5.4. Change Management
    5. 5.5. Managing the Software Project
      1. 5.5.1. Choosing an Approach
      2. 5.5.2. Using Traditional Project Management
        1. 5.5.2.1. Waterfall Model
        2. 5.5.2.2. Spiral Model
    6. 5.6. Overview of the System Development Life Cycle
      1. 5.6.1. Phase 1: Feasibility Study
        1. 5.6.1.1. Software Cost Estimation
        2. 5.6.1.2. Phase 1 Review and Approval
        3. 5.6.1.3. Auditor Interests in the Feasibility Study Phase
      2. 5.6.2. Phase 2: Requirements Definition
        1. 5.6.2.1. Internal Controls
        2. 5.6.2.2. Phase 2 Review and Approval
        3. 5.6.2.3. Auditor Interests in the Requirements Definition Phase
      3. 5.6.3. Phase 3: System Design
        1. 5.6.3.1. Customer Satisfaction
        2. 5.6.3.2. Reverse Engineering and Reengineering
        3. 5.6.3.3. Software Design Baseline
        4. 5.6.3.4. Phase 3 Review and Approval
        5. 5.6.3.5. Auditor Interests in the System Design Phase
      4. 5.6.4. Phase 4: Development
        1. 5.6.4.1. Implementing Programming Standards and Quality Control
        2. 5.6.4.2. Adhering to the Development Schedule
        3. 5.6.4.3. Writing Program Code
        4. 5.6.4.4. Understanding Generations of Programming Languages
        5. 5.6.4.5. Using Integrated Development Environment Tools
        6. 5.6.4.6. Using Alternative Development Techniques
          1. 5.6.4.6.1. Agile Development Method
          2. 5.6.4.6.2. Rapid Application Development Method
        7. 5.6.4.7. Building Prototypes
        8. 5.6.4.8. Compiling Software Programs
        9. 5.6.4.9. Implementing Configuration and Version Management
        10. 5.6.4.10. Debugging Software
        11. 5.6.4.11. Testing the Software
        12. 5.6.4.12. Phase 4 Review and Approval
        13. 5.6.4.13. Auditor Interests in the Development Phase
      5. 5.6.5. Phase 5: Implementation
        1. 5.6.5.1. Software Release and Patch Management
        2. 5.6.5.2. Data Conversion
        3. 5.6.5.3. System Certification
        4. 5.6.5.4. Common Criteria (ISO 15408)
        5. 5.6.5.5. System Accreditation
        6. 5.6.5.6. User Training
        7. 5.6.5.7. Go Live and Changeover
        8. 5.6.5.8. Phase 5 Review and Approval
        9. 5.6.5.9. Auditor Interests in the Implementation Phase
      6. 5.6.6. Phase 6: Postimplementation
        1. 5.6.6.1. Phase 6 Review Meetings
        2. 5.6.6.2. Auditor Interests in the Postimplementation Phase
      7. 5.6.7. Phase 7: Disposal
        1. 5.6.7.1. Auditor Interests in the Disposal Phase
    7. 5.7. Overview of Data Architecture
      1. 5.7.1. Databases
        1. 5.7.1.1. Data-Oriented Database
        2. 5.7.1.2. Object-Oriented Database
      2. 5.7.2. Database Transaction Integrity
    8. 5.8. Decision Support Systems
      1. 5.8.1. Presenting Decision Support Data
      2. 5.8.2. Using Artificial Intelligence
    9. 5.9. Program Architecture
    10. 5.10. Centralization versus Decentralization
    11. 5.11. Electronic Commerce
    12. 5.12. Summary
    13. 5.13. Exam Essentials
    14. 5.14. Review Questions
    15. 5.15. Answers to Review Questions
  12. 6. IT Service Delivery
    1. 6.1. Nature of IT Services
    2. 6.2. IT Operations Management
      1. 6.2.1. Meeting IT Functional Objectives
      2. 6.2.2. Using the IT Infrastructure Library
      3. 6.2.3. Supporting IT Goals
      4. 6.2.4. Understanding Personnel Roles and Responsibilities
      5. 6.2.5. Using Metrics
        1. 6.2.5.1. Understanding the Types of Metrics
        2. 6.2.5.2. Developing and Selecting a Metric
      6. 6.2.6. Evaluating the Help Desk
      7. 6.2.7. Performing Service-Level Management
      8. 6.2.8. Outsourcing IT Functions
    3. 6.3. Monitoring the Status of Controls
      1. 6.3.1. System Monitoring
      2. 6.3.2. Log Management
      3. 6.3.3. System Access Controls
        1. 6.3.3.1. User Login and Account Management
        2. 6.3.3.2. Privileged Login Accounts
        3. 6.3.3.3. Maintenance Login Accounts
      4. 6.3.4. Data File Controls
      5. 6.3.5. Application Processing Controls
        1. 6.3.5.1. Input Controls
        2. 6.3.5.2. Processing Controls
        3. 6.3.5.3. Output Controls
      6. 6.3.6. Antivirus Software
      7. 6.3.7. Active Content and Mobile Software Code
        1. 6.3.7.1. Web browser functions
        2. 6.3.7.2. Multipurpose Internet Mail Extensions (MIME)
        3. 6.3.7.3. Mobile software
        4. 6.3.7.4. Mobile Code Security Policy
      8. 6.3.8. Maintenance Controls
        1. 6.3.8.1. Backup and Recovery
        2. 6.3.8.2. Project Management
        3. 6.3.8.3. Change Control Review
      9. 6.3.9. Change Management
        1. 6.3.9.1. Configuration Control
        2. 6.3.9.2. Change Authorization
        3. 6.3.9.3. Emergency Changes
      10. 6.3.10. Separate Test Environment
      11. 6.3.11. Administrative Management Controls
        1. 6.3.11.1. Software Licensing
        2. 6.3.11.2. Asset and Media Tracking
        3. 6.3.11.3. Asset Disposal
        4. 6.3.11.4. User Training
        5. 6.3.11.5. Procedures versus Actual Work
        6. 6.3.11.6. Ineffective and Inefficient Controls
      12. 6.3.12. Using Compensating Controls
    4. 6.4. Capacity Management
    5. 6.5. Problem Management
      1. 6.5.1. Incident Handling
      2. 6.5.2. Digital Forensics
        1. 6.5.2.1. Acquisition
        2. 6.5.2.2. Examination
        3. 6.5.2.3. Utilization
        4. 6.5.2.4. Review
    6. 6.6. Summary
    7. 6.7. Exam Essentials
    8. 6.8. Review Questions
    9. 6.9. Answers to Review Questions
  13. 7. Information Asset Protection
    1. 7.1. Understanding the Threat
      1. 7.1.1. Examples of Threats and Computer Crimes
      2. 7.1.2. Identifying the Perpetrators
        1. 7.1.2.1. Hackers
        2. 7.1.2.2. Crackers
        3. 7.1.2.3. Script Kiddies
        4. 7.1.2.4. Employee Betrayal
        5. 7.1.2.5. Ethical Hacker Gone Bad
        6. 7.1.2.6. Third Parties
        7. 7.1.2.7. Ignorance
      3. 7.1.3. Overview of Attack Methods
        1. 7.1.3.1. Passive Attacks
        2. 7.1.3.2. Active Attacks
    2. 7.2. Using Administrative Protection
      1. 7.2.1. Information Security Management
      2. 7.2.2. IT Security Governance
      3. 7.2.3. Authority Roles over Data
        1. 7.2.3.1. Data Owner
        2. 7.2.3.2. Data User
        3. 7.2.3.3. Data Custodian
      4. 7.2.4. Identify Data Retention Requirements
      5. 7.2.5. Document Access Paths
      6. 7.2.6. Personnel Management
        1. 7.2.6.1. Physical Access
        2. 7.2.6.2. Terminating Access
        3. 7.2.6.3. Incident Handling
        4. 7.2.6.4. Violation Reporting
    3. 7.3. Implementing Physical Protection
      1. 7.3.1. Data Processing Locations
      2. 7.3.2. Environmental Controls
        1. 7.3.2.1. Emergency Power Shutoff
        2. 7.3.2.2. Uninterruptible Power Supply
        3. 7.3.2.3. Standby Generator
        4. 7.3.2.4. Dual Power Leads
        5. 7.3.2.5. Power Transfer System
        6. 7.3.2.6. Heating, Ventilation, and Air-Conditioning
        7. 7.3.2.7. Fire, Smoke, and Heat Detection
        8. 7.3.2.8. Fire Suppression
        9. 7.3.2.9. Water Detection
      3. 7.3.3. Safe Storage
        1. 7.3.3.1. Offsite Storage
        2. 7.3.3.2. Media Transport
        3. 7.3.3.3. Disposal Procedures
    4. 7.4. Using Technical Protection
      1. 7.4.1. Technical Control Classification
      2. 7.4.2. Application Software Controls
        1. 7.4.2.1. Database Views
        2. 7.4.2.2. Restricted User Interface
        3. 7.4.2.3. Security Labels
      3. 7.4.3. Authentication Methods
        1. 7.4.3.1. Understanding Types of Authentication
        2. 7.4.3.2. Using Biometrics
          1. 7.4.3.2.1. Using Physiological Characteristics
          2. 7.4.3.2.2. Using Behavioral Characteristics
        3. 7.4.3.3. Management of Biometric Systems
          1. 7.4.3.3.1. Phase 1: Biometric feasibility
          2. 7.4.3.3.2. Phase 2: Biometric requirements
          3. 7.4.3.3.3. Phase 3: System selection
          4. 7.4.3.3.4. Phase 4: System configuration
          5. 7.4.3.3.5. Phase 5: Biometrics implementation
          6. 7.4.3.3.6. Phase 6: Biometrics post-implementation
          7. 7.4.3.3.7. Phase 7: Biometric system disposal phase
        4. 7.4.3.4. Problems with Biometrics
      4. 7.4.4. Network Access Protection
        1. 7.4.4.1. Kerberos Single Sign-On
        2. 7.4.4.2. Network Firewalls
        3. 7.4.4.3. Remote Dial-Up Access
        4. 7.4.4.4. Remote VPN Access
        5. 7.4.4.5. Using the IPsec VPN
        6. 7.4.4.6. Wireless Access
        7. 7.4.4.7. Setting Up a Wireless LAN
        8. 7.4.4.8. Obsolete IEEE 802.11 Wireless Standards
        9. 7.4.4.9. Updated IEEE Wireless Standards
        10. 7.4.4.10. WLAN Transmission Security
        11. 7.4.4.11. Achieving RSN Wireless Security
      5. 7.4.5. Firewall Protection for Wireless Networks
      6. 7.4.6. Intrusion Detection
      7. 7.4.7. Encryption Methods
        1. 7.4.7.1. Private Key
        2. 7.4.7.2. Public Key
        3. 7.4.7.3. Control of Encryption Systems
        4. 7.4.7.4. Digital Signatures
        5. 7.4.7.5. Elliptic-Curve Cryptography
        6. 7.4.7.6. Quantum Cryptography
      8. 7.4.8. Public-Key Infrastructure
        1. 7.4.8.1. Practical Example of Digital Certificates
        2. 7.4.8.2. Secure Multipurpose Internet Mail Extension
        3. 7.4.8.3. Encryption-Key Management
      9. 7.4.9. Network Security Protocols
      10. 7.4.10. Design for Redundancy
      11. 7.4.11. Telephone Security
      12. 7.4.12. Technical Security Testing
    5. 7.5. Summary
    6. 7.6. Exam Essentials
    7. 7.7. Review Questions
    8. 7.8. Answers to Review Questions
  14. 8. Disaster Recovery and Business Continuity
    1. 8.1. Defining Disaster Recovery
      1. 8.1.1. Surviving Financial Challenges
      2. 8.1.2. Valuing Brand Names
      3. 8.1.3. Rebuilding after a Disaster
    2. 8.2. Defining the Purpose of Business Continuity
    3. 8.3. Uniting Other Plans with Business Continuity
      1. 8.3.1. Identifying the Business Continuity Practice Areas
      2. 8.3.2. Practice Area 1—Initiation
      3. 8.3.3. Practice Area 2—Risk Analysis
      4. 8.3.4. Practice Area 3—Business Impact Analysis (BIA)
      5. 8.3.5. Practice Area 4—Strategy Creation
      6. 8.3.6. Practice Area 5—Emergency Response
      7. 8.3.7. Practice Area 6—Plan Creation
        1. 8.3.7.1. Assigning People to Specific Teams
      8. 8.3.8. Practice Area 7—Training and Awareness
      9. 8.3.9. Practice Area 8—Maintenance and Testing
      10. 8.3.10. Practice Area 9—Crisis Communications
      11. 8.3.11. Practice Area 10—Integration with Other Plans
    4. 8.4. Summary
    5. 8.5. Exam Essentials
    6. 8.6. Review Questions
    7. 8.7. Answers to Review Questions
  15. A. About the Companion CD
    1. A.1. What You'll Find on the CD
      1. A.1.1. Sybex Test Engine
      2. A.1.2. PDF of the Book
      3. A.1.3. Adobe Reader
      4. A.1.4. Electronic Flashcards
    2. A.2. System Requirements
    3. A.3. Using the CD
    4. A.4. Troubleshooting
      1. A.4.1. Customer Care
  16. Glossary