You are previewing The CISA® Prep Guide: Mastering the Certified Information Systems Auditor Exam.
O'Reilly logo
The CISA® Prep Guide: Mastering the Certified Information Systems Auditor Exam

Book Description

  • This is the first commercially available book to offer CISA study materials

  • The consulting editor, Ronald Krutz, is the co-author of The CISSP Prep Guide (0-471-26802-X)

  • Provides definitions and background on the seven content areas of CISA

  • Includes many sample test questions and explanations of answers

  • More than 10,000 people registered for the CISA exam in 2002

  • CD-ROM contains annual updates to the exam so the book remains current for a number of years

Table of Contents

  1. Copyright
  2. Acknowledgments
  3. About the Author
  4. Introduction
  5. The Information System Audit Process
    1. IS Auditing Standards
    2. Risk-Based Approach
    3. Controls
    4. The Audit Organization
    5. Audit Planning
    6. CobiT
    7. Audit Objectives and Scope
    8. Creating and Maintaining Work Papers
    9. Fieldwork
    10. Identifying Conditions and Defining Reportable Findings
    11. Reasonable Assurance through a Review of Work
    12. Communicating Audit Results and Facilitating Change
    13. Resources
    14. Sample Questions
  6. Management, Planning, and Organization of Information Systems
    1. Evaluate the IS Strategy and Alignment with the Business Objectives
    2. Evaluate the IS Organizational Structure
    3. Evaluating IS Policies, Standards, and Procedures
    4. Evaluating Third-Party Services Selection and Management
    5. Evaluating Project Management
    6. Evaluating Change Management
    7. Evaluating Problem Management
    8. Evaluating Quality Management
    9. Evaluating Performance Management
    10. Resources
    11. Sample Questions
  7. Technical Infrastructure and Operational Practices
    1. Evaluating Systems Software
    2. Evaluating Hardware Acquisition, Installation, and Maintenance
    3. Evaluating Network Infrastructure
    4. Evaluating IS Operational Practices
    5. Evaluating System Performance
    6. Resources
    7. Sample Questions
  8. Protection of Information Assets
    1. Security Risks and Review Objectives
    2. Identification, Authentication, and Authorization
    3. Evaluating Account Administration
    4. Evaluating Logical Access Controls
    5. Information Security Architecture
    6. Evaluating Network Infrastructure Security
    7. Evaluating Security Awareness
    8. Evaluating Environmental Controls
    9. Evaluating Physical Access Controls and Procedures
    10. Resources
    11. Sample Questions
  9. Disaster Recovery and Business Continuity
    1. The Business Case for Continuity Planning
    2. The Process of Planning for Adequate Recovery and Continuity
    3. Evaluating Business Impact Analysis and the Requirements-Definition Processes
    4. Evaluating Media and Documentation Back Up Procedures
    5. Evaluating Recovery Plans, Documentation, and Maintenance
    6. Evaluating Alternative Business Processing Plans and Associated Training
    7. Evaluating Testing Methods, Results Reporting, and Follow-Up Processes
    8. Resources
    9. Sample Questions
  10. Business Application Systems Development, Acquisition, Implementation, and Maintenance
    1. Evaluation Approach
    2. Functional Requirements
    3. Feasibility Analysis
    4. System Specifications
    5. System Design
    6. System Development
    7. Acquisition
    8. Implementation
    9. Post-Implementation
    10. Resources
    11. Sample Questions
  11. Business Process Evaluation and Risk Management
    1. Corporate Governance
    2. Evaluating the Effectiveness of the Information Systems in Supporting the Business Process
    3. Evaluating the Design and Implementation of Risk Controls
    4. Evaluating Risk Management and Governance Implementation
    5. Resources
    6. Sample Questions
  12. Answers to Sample Exam Questions
    1. Chapter 1—The IS Audit Process
    2. Chapter 2—Management, Planning, and Organization of Information Systems
    3. Chapter 3—Technical Infrastructure and Operational Practices
    4. Chapter 4—Protection of Information Assets
    5. Chapter 5—Disaster Recovery and Business Continuity
    6. Chapter 6—Business Application Systems Development, Acquisition, Implementation, and Maintenance
    7. Chapter 7—Business Process Evaluation and Risk Management
  13. What's on the CD-ROM
    1. System Requirements
    2. Using the CD-ROM with Windows
    3. CD-ROM Contents
    4. Troubleshooting the CD-ROM
  14. Index