You are previewing CISA® Certified Information Systems Auditor®: Study Guide, Third Edition.
O'Reilly logo
CISA® Certified Information Systems Auditor®: Study Guide, Third Edition

Book Description

The industry-leading study guide for the CISA exam, fully updated

More than 27,000 IT professionals take the Certified Information Systems Auditor exam each year. SC Magazine lists the CISA as the top certification for security professionals. Compliances, regulations, and best practices for IS auditing are updated twice a year, and this is the most up-to-date book available to prepare aspiring CISAs for the next exam.

  • CISAs are among the five highest-paid IT security professionals; more than 27,000 take the exam each year and the numbers are growing
  • Standards are updated twice a year, and this book offers the most up-to-date coverage as well as the proven Sybex approach that breaks down the content, tasks, and knowledge areas of the exam to cover every detail
  • Covers the IS audit process, IT governance, systems and infrastructure lifecycle management, IT service delivery and support, protecting information assets, disaster recovery, and more

Anyone seeking Certified Information Systems Auditor status will be fully prepared for the exam with the detailed information and approach found in this book.

This ebook does not include access to the companion materials.

Table of Contents

  1. Cover
  2. Title Page
  3. Copyright
  4. Publisher's Note
  5. Dedication
  6. Acknowledgments
  7. About the Author
  8. Introduction
    1. CISA Job Placement Areas
    2. Assessment Test
    3. Answers to Assessment Test
  9. Chapter 1: Secrets of a Successful Auditor
    1. Understanding the Demand for IS Audits
    2. Understanding Policies, Standards, Guidelines, and Procedures
    3. Understanding Professional Ethics
    4. Understanding the Purpose of an Audit
    5. Differentiating Between Auditor and Auditee Roles
    6. Implementing Audit Standards
    7. Auditor Is an Executive Position
    8. Understanding the Corporate Organizational Structure
    9. Summary
    10. Exam Essentials
    11. Review Questions
    12. Answers to Review Questions
  10. Chapter 2: Managing IT Governance
    1. Strategy Planning for Organizational Control
    2. Overview of Tactical Management
    3. Planning and Performance
    4. Overview of Business Process Reengineering
    5. Operations Management
    6. Summary
    7. Exam Essentials
    8. Review Questions
    9. Answers to Review Questions
  11. Chapter 3: Audit Process
    1. Understanding the Audit Program
    2. Establishing and Approving an Audit Charter
    3. Preplanning Specific Audits
    4. Performing an Audit Risk Assessment
    5. Determining Whether an Audit Is Possible
    6. Performing the Audit
    7. Gathering Audit Evidence
    8. Conducting Audit Evidence Testing
    9. Report Findings
    10. Conducting Follow-Up (Closing Meeting)
    11. Summary
    12. Exam Essentials
    13. Review Questions
    14. Answers to Review Questions
  12. Chapter 4: Networking Technology Basics
    1. Understanding the Differences in Computer Architecture
    2. Selecting the Best System
    3. Introducing the Open Systems Interconnect Model
    4. Understanding Physical Network Design
    5. Understanding Network Topologies
    6. Differentiating Network Cable Types
    7. Connecting Network Devices
    8. Using Network Services
    9. Expanding the Network
    10. Using Software as a Service (SaaS)
    11. Managing Your Network
    12. Summary
    13. Exam Essentials
    14. Review Questions
    15. Answers to Review Questions
  13. Chapter 5: Information Systems Life Cycle
    1. Governance in Software Development
    2. Management of Software Quality
    3. Overview of the Executive Steering Committee
    4. Change Management
    5. Management of the Software Project
    6. Overview of the System Development Life Cycle
    7. Overview of Data Architecture
    8. Decision Support Systems
    9. Program Architecture
    10. Centralization versus Decentralization
    11. Electronic Commerce
    12. Summary
    13. Exam Essentials
    14. Review Questions
    15. Answers to Review Questions
  14. Chapter 6: System Implementation and Operations
    1. Understanding the Nature of IT Services
    2. Performing IT Operations Management
    3. Performing Capacity Management
    4. Using Administrative Protection
    5. Performing Problem Management
    6. Monitoring the Status of Controls
    7. Implementing Physical Protection
    8. Summary
    9. Exam Essentials
    10. Review Questions
    11. Answers to Review Questions
  15. Chapter 7: Protecting Information Assets
    1. Understanding the Threat
    2. Using Technical Protection
    3. Summary
    4. Exam Essentials
    5. Review Questions
    6. Answers to Review Questions
  16. Chapter 8: Business Continuity and Disaster Recovery
    1. Debunking the Myths
    2. Understanding the Five Conflicting Disciplines Called Business Continuity
    3. Defining Disaster Recovery
    4. Defining the Purpose of Business Continuity
    5. Uniting Other Plans with Business Continuity
    6. Understanding the Five Phases of a Business Continuity Program
    7. Understanding the Auditor Interests in BC/DR Plans
    8. Summary
    9. Exam Essentials
    10. Review Questions
    11. Answers to Review Questions
  17. Appendix A: About the Companion CD
    1. What You’ll Find on the CD
    2. System Requirements
    3. Using the CD
    4. Troubleshooting
  18. Glossary
  19. Index
  20. End-User License Agreement
    1. Wiley Publishing, Inc.End-User License Agreement
  21. Back Insert
  22. Perf Card – Objectives Map
    1. CISA: Certified Information Systems Auditor Study Guide, 3rd Edition