67,80 €*
Versandkostenfrei per Post / DHL
Lieferzeit 1-2 Wochen
Sybex's CISA: Certified Information Systems Auditor Study Guide, Fourth Edition is the newest edition of industry-leading study guide for the Certified Information System Auditor exam, fully updated to align with the latest ISACA standards and changes in IS auditing. This new edition provides complete guidance toward all content areas, tasks, and knowledge areas of the exam and is illustrated with real-world examples. All CISA terminology has been revised to reflect the most recent interpretations, including 73 definition and nomenclature changes. Each chapter summary highlights the most important topics on which you'll be tested, and review questions help you gauge your understanding of the material. You also get access to electronic flashcards, practice exams, and the Sybex test engine for comprehensively thorough preparation.
For those who audit, control, monitor, and assess enterprise IT and business systems, the CISA certification signals knowledge, skills, experience, and credibility that delivers value to a business. This study guide gives you the advantage of detailed explanations from a real-world perspective, so you can go into the exam fully prepared.
* Discover how much you already know by beginning with an assessment test
* Understand all content, knowledge, and tasks covered by the CISA exam
* Get more in-depths explanation and demonstrations with an all-new training video
* Test your knowledge with the electronic test engine, flashcards, review questions, and more
The CISA certification has been a globally accepted standard of achievement among information systems audit, control, and security professionals since 1978. If you're looking to acquire one of the top IS security credentials, CISA is the comprehensive study guide you need.
Sybex's CISA: Certified Information Systems Auditor Study Guide, Fourth Edition is the newest edition of industry-leading study guide for the Certified Information System Auditor exam, fully updated to align with the latest ISACA standards and changes in IS auditing. This new edition provides complete guidance toward all content areas, tasks, and knowledge areas of the exam and is illustrated with real-world examples. All CISA terminology has been revised to reflect the most recent interpretations, including 73 definition and nomenclature changes. Each chapter summary highlights the most important topics on which you'll be tested, and review questions help you gauge your understanding of the material. You also get access to electronic flashcards, practice exams, and the Sybex test engine for comprehensively thorough preparation.
For those who audit, control, monitor, and assess enterprise IT and business systems, the CISA certification signals knowledge, skills, experience, and credibility that delivers value to a business. This study guide gives you the advantage of detailed explanations from a real-world perspective, so you can go into the exam fully prepared.
* Discover how much you already know by beginning with an assessment test
* Understand all content, knowledge, and tasks covered by the CISA exam
* Get more in-depths explanation and demonstrations with an all-new training video
* Test your knowledge with the electronic test engine, flashcards, review questions, and more
The CISA certification has been a globally accepted standard of achievement among information systems audit, control, and security professionals since 1978. If you're looking to acquire one of the top IS security credentials, CISA is the comprehensive study guide you need.
David L. Cannon CISA, CCSP, is President and Founder of CertTest Training Center, a leading CISA training provider. With more than 20 years of experience in IT training and consulting for IT operations, security, system administration, and management, David teaches CISA preparation courses across the country. He is a frequent speaker and lecturer at the leading security and auditing conferences.
Brian T. O'Hara CISA, CISM, CRISC, CISSP is the Information Security Officer (ISO) for Do it Best Corp. and is an ISSA Fellow. He is the President of the Indiana InfraGard Members Alliance, a partnership between the FBI and the private sector and President of the Central Indiana Chapter of ISACA.
Featuring test questions by...Allen Keele CISA, CISM, CISSP, ISO 31000 CICRA, ISO 27001 CICA, ISO 27001 Lead Auditor, ISO 22301 Certified Business Continuity Manager, and Certified Fraud Examiner is the founder of Certified Information Security [...]
Introduction xix
Assessment Test xlii
Chapter 1 Secrets of a Successful Auditor 1
Understanding the Demand for IS Audits 2
Executive Misconduct 3
More Regulation Ahead 5
Basic Regulatory Objective 7
Governance is Leadership 8
Three Types of Data Target Different Uses 9
Audit Results Indicate the Truth 10
Understanding Policies, Standards, Guidelines, and Procedures 11
Understanding Professional Ethics 14
Following the ISACA Professional Code 14
Preventing Ethical Conflicts 16
Understanding the Purpose of an Audit 17
Classifying General Types of Audits 18
Determining Differences in Audit Approach 20
Understanding the Auditor's Responsibility 21
Comparing Audits to Assessments 21
Differentiating between Auditor and Auditee Roles 22
Applying an Independence Test 23
Implementing Audit Standards 24
Where Do Audit Standards Come From? 25
Understanding the Various Auditing Standards 27
Specific Regulations Defining Best Practices 31
Audits to Prove Financial Integrity 34
Auditor is an Executive Position 35
Understanding the Importance of Auditor Confidentiality 35
Working with Lawyers 36
Working with Executives 37
Working with IT Professionals 37
Retaining Audit Documentation 38
Providing Good Communication and Integration 39
Understanding Leadership Duties 39
Planning and Setting Priorities 40
Providing Standard Terms of Reference 41
Dealing with Conflicts and Failures 42
Identifying the Value of Internal and External Auditors 43
Understanding the Evidence Rule 43
Stakeholders: Identifying Whom You Need to Interview 44
Understanding the Corporate Organizational Structure 45
Identifying Roles in a Corporate Organizational Structure 45
Identifying Roles in a Consulting Firm Organizational Structure 47
Summary 49
Exam Essentials 49
Review Questions 52
Chapter 2 Governance 57
Strategy Planning for Organizational Control 61
Overview of the IT Steering Committee 64
Using the Balanced Scorecard 69
IT Subset of the BSC 74
Decoding the IT Strategy 74
Specifying a Policy 77
Project Management 79
Implementation Planning of the IT Strategy 90
Using COBIT 94
Identifying Sourcing Locations 94
Conducting an Executive Performance Review 99
Understanding the Auditor's Interest in the Strategy 100
Overview of Tactical Management 100
Planning and Performance 100
Management Control Methods 101
Risk Management 105
Implementing Standards 108
Human Resources 109
System Life¿Cycle Management 111
Continuity Planning 111
Insurance 112
Overview of Business Process Reengineering 112
Why Use Business Process Reengineering 113
BPR Methodology 114
Genius or Insanity? 114
Goal of BPR 114
Guiding Principles for BPR 115
Knowledge Requirements for BPR 116
BPR Techniques 116
BPR Application Steps 117
Role of IS in BPR 119
Business Process Documentation 119
BPR Data Management Techniques 120
Benchmarking as a BPR Tool 120
Using a Business Impact Analysis 121
BPR Project Risk Assessment 123
Practical Application of BPR 125
Practical Selection Methods for BPR 127
Troubleshooting BPR Problems 128
Understanding the Auditor's Interest in Tactical Management 129
Operations Management 129
Sustaining Operations 130
Tracking Actual Performance 130
Controlling Change 131
Understanding the Auditor's Interest in Operational Delivery 131
Summary 132
Exam Essentials 132
Review Questions 134
Chapter 3 Audit Process 139
Understanding the Audit Program 140
Audit Program Objectives and Scope 141
Audit Program Extent 143
Audit Program Responsibilities 144
Audit Program Resources 144
Audit Program Procedures 145
Audit Program Implementation 146
Audit Program Records 146
Audit Program Monitoring and Review 147
Planning Individual Audits 148
Establishing and Approving an Audit Charter 151
Role of the Audit Committee 151
Preplanning Specific Audits 153
Understanding the Variety of Audits 154
Identifying Restrictions on Scope 156
Gathering Detailed Audit Requirements 158
Using a Systematic Approach to Planning 159
Comparing Traditional Audits to Assessments and Self¿Assessments 161
Performing an Audit Risk Assessment 162
Determining Whether an Audit is Possible 163
Identifying the Risk Management Strategy 165
Determining Feasibility of Audit 167
Performing the Audit 167
Selecting the Audit Team 167
Determining Competence and Evaluating Auditors 168
Ensuring Audit Quality Control 170
Establishing Contact with the Auditee 171
Making Initial Contact with the Auditee 172
Using Data Collection Techniques 174
Conducting Document Review 176
Understanding the Hierarchy of Internal Controls 177
Reviewing Existing Controls 179
Preparing the Audit Plan 182
Assigning Work to the Audit Team 183
Preparing Working Documents 184
Conducting Onsite Audit Activities 185
Gathering Audit Evidence 186
Using Evidence to Prove a Point 186
Understanding Types of Evidence 187
Selecting Audit Samples 187
Recognizing Typical Evidence for IS Audits 188
Using Computer¿Assisted Audit Tools 189
Understanding Electronic Discovery 191
Grading of Evidence 193
Timing of Evidence 195
Following the Evidence Life Cycle 195
Conducting Audit Evidence Testing 198
Compliance Testing 198
Substantive Testing 199
Tolerable Error Rate 200
Recording Test Results 200
Generating Audit Findings 201
Detecting Irregularities and Illegal Acts 201
Indicators of Illegal or Irregular Activity 202
Responding to Irregular or Illegal Activity 202
Findings Outside of Audit Scope 203
Report Findings 203
Approving and Distributing the Audit Report 205
Identifying Omitted Procedures 205
Conducting Follow¿up (Closing Meeting) 205
Summary 206
Exam Essentials 207
Review Questions 210
Chapter 4 Networking Technology Basics 215
Understanding the Differences in Computer Architecture 217
Selecting the Best System 221
Identifying Various Operating Systems 221
Determining the Best Computer Class 224
Comparing Computer Capabilities 227
Ensuring System Control 228
Dealing with Data Storage 230
Using Interfaces and Ports 235
Introducing the Open Systems Interconnection Model 237
Layer 1: Physical Layer 240
Layer 2: DatäLink Layer 240
Layer 3: Network Layer 242
Layer 4: Transport Layer 248
Layer 5: Session Layer 249
Layer 6: Presentation Layer 250
Layer 7: Application Layer 250
Understanding How Computers Communicate 251
Understanding Physical Network Design 252
Understanding Network Cable Topologies 253
Bus Topologies 254
Star Topologies 254
Ring Topologies 255
Meshed Networks 256
Differentiating Network Cable Types 258
Coaxial Cable 258
Unshielded Twisted¿Pair (UTP) Cable 259
Fiber¿Optic Cable 260
Connecting Network Devices 260
Using Network Services 263
Domain Name System 263
Dynamic Host Configuration Protocol 265
Expanding the Network 266
Using Telephone Circuits 268
Network Firewalls 271
Remote VPN Access 276
Using Wireless Access Solutions 280
Firewall Protection for Wireless Networks 284
Remote Dial¿Up Access 284
WLAN Transmission Security 284
Achieving 802.11i RSN Wireless Security 287
Intrusion Detection Systems 288
Summarizing the Various Area Networks 291
Using Software as a Service (SaaS) 292
Advantages 292
Disadvantages 293
Cloud Computing 294
The Basics of Managing the Network 295
Automated LAN Cable Tester 295
Protocol Analyzers 295
Remote Monitoring Protocol Version 2 297
Summary 298
Exam Essentials 298
Review Questions 301
Chapter 5 Information Systems Life Cycle 307
Governance in Software Development 308
Management of Software Quality 310
Capability Maturity Model 310
International Organization for Standardization 312
Typical Commercial Records Classification Method 316
Overview of the Executive Steering Committee 317
Identifying Critical Success Factors 318
Using the Scenario Approach 318
Aligning Software to Business Needs 319
Change Management 323
Management of the Software Project 323
Choosing an Approach 323
Using Traditional Project Management 324
Overview of the System Development Life Cycle 327
Phase 1: Feasibility Study 331
Phase 2: Requirements Definition 334
Phase 3: System Design 339
Phase 4: Development 343
Phase 5: Implementation 354
Phase 6: Postimplementation 361
Phase 7: Disposal 363
Overview of Data Architecture 364
Databases 364
Database Transaction Integrity 368
Decision Support Systems 369
Presenting Decision Support Data 370
Using Artificial Intelligence 370
Program Architecture 371
Centralization vs....
Erscheinungsjahr: | 2016 |
---|---|
Fachbereich: | Management |
Genre: | Importe, Wirtschaft |
Rubrik: | Recht & Wirtschaft |
Medium: | Taschenbuch |
Inhalt: | 704 S. |
ISBN-13: | 9781119056249 |
ISBN-10: | 1119056241 |
Sprache: | Englisch |
Einband: | Kartoniert / Broschiert |
Autor: | Cannon, David L. |
Orchester: |
O'Hara
Keele, Allen |
Hersteller: |
John Wiley & Sons
John Wiley & Sons Inc |
Verantwortliche Person für die EU: | Wiley-VCH GmbH, Boschstr. 12, D-69469 Weinheim, amartine@wiley-vch.de |
Maße: | 236 x 189 x 40 mm |
Von/Mit: | David L. Cannon |
Erscheinungsdatum: | 26.04.2016 |
Gewicht: | 0,913 kg |
David L. Cannon CISA, CCSP, is President and Founder of CertTest Training Center, a leading CISA training provider. With more than 20 years of experience in IT training and consulting for IT operations, security, system administration, and management, David teaches CISA preparation courses across the country. He is a frequent speaker and lecturer at the leading security and auditing conferences.
Brian T. O'Hara CISA, CISM, CRISC, CISSP is the Information Security Officer (ISO) for Do it Best Corp. and is an ISSA Fellow. He is the President of the Indiana InfraGard Members Alliance, a partnership between the FBI and the private sector and President of the Central Indiana Chapter of ISACA.
Featuring test questions by...Allen Keele CISA, CISM, CISSP, ISO 31000 CICRA, ISO 27001 CICA, ISO 27001 Lead Auditor, ISO 22301 Certified Business Continuity Manager, and Certified Fraud Examiner is the founder of Certified Information Security [...]
Introduction xix
Assessment Test xlii
Chapter 1 Secrets of a Successful Auditor 1
Understanding the Demand for IS Audits 2
Executive Misconduct 3
More Regulation Ahead 5
Basic Regulatory Objective 7
Governance is Leadership 8
Three Types of Data Target Different Uses 9
Audit Results Indicate the Truth 10
Understanding Policies, Standards, Guidelines, and Procedures 11
Understanding Professional Ethics 14
Following the ISACA Professional Code 14
Preventing Ethical Conflicts 16
Understanding the Purpose of an Audit 17
Classifying General Types of Audits 18
Determining Differences in Audit Approach 20
Understanding the Auditor's Responsibility 21
Comparing Audits to Assessments 21
Differentiating between Auditor and Auditee Roles 22
Applying an Independence Test 23
Implementing Audit Standards 24
Where Do Audit Standards Come From? 25
Understanding the Various Auditing Standards 27
Specific Regulations Defining Best Practices 31
Audits to Prove Financial Integrity 34
Auditor is an Executive Position 35
Understanding the Importance of Auditor Confidentiality 35
Working with Lawyers 36
Working with Executives 37
Working with IT Professionals 37
Retaining Audit Documentation 38
Providing Good Communication and Integration 39
Understanding Leadership Duties 39
Planning and Setting Priorities 40
Providing Standard Terms of Reference 41
Dealing with Conflicts and Failures 42
Identifying the Value of Internal and External Auditors 43
Understanding the Evidence Rule 43
Stakeholders: Identifying Whom You Need to Interview 44
Understanding the Corporate Organizational Structure 45
Identifying Roles in a Corporate Organizational Structure 45
Identifying Roles in a Consulting Firm Organizational Structure 47
Summary 49
Exam Essentials 49
Review Questions 52
Chapter 2 Governance 57
Strategy Planning for Organizational Control 61
Overview of the IT Steering Committee 64
Using the Balanced Scorecard 69
IT Subset of the BSC 74
Decoding the IT Strategy 74
Specifying a Policy 77
Project Management 79
Implementation Planning of the IT Strategy 90
Using COBIT 94
Identifying Sourcing Locations 94
Conducting an Executive Performance Review 99
Understanding the Auditor's Interest in the Strategy 100
Overview of Tactical Management 100
Planning and Performance 100
Management Control Methods 101
Risk Management 105
Implementing Standards 108
Human Resources 109
System Life¿Cycle Management 111
Continuity Planning 111
Insurance 112
Overview of Business Process Reengineering 112
Why Use Business Process Reengineering 113
BPR Methodology 114
Genius or Insanity? 114
Goal of BPR 114
Guiding Principles for BPR 115
Knowledge Requirements for BPR 116
BPR Techniques 116
BPR Application Steps 117
Role of IS in BPR 119
Business Process Documentation 119
BPR Data Management Techniques 120
Benchmarking as a BPR Tool 120
Using a Business Impact Analysis 121
BPR Project Risk Assessment 123
Practical Application of BPR 125
Practical Selection Methods for BPR 127
Troubleshooting BPR Problems 128
Understanding the Auditor's Interest in Tactical Management 129
Operations Management 129
Sustaining Operations 130
Tracking Actual Performance 130
Controlling Change 131
Understanding the Auditor's Interest in Operational Delivery 131
Summary 132
Exam Essentials 132
Review Questions 134
Chapter 3 Audit Process 139
Understanding the Audit Program 140
Audit Program Objectives and Scope 141
Audit Program Extent 143
Audit Program Responsibilities 144
Audit Program Resources 144
Audit Program Procedures 145
Audit Program Implementation 146
Audit Program Records 146
Audit Program Monitoring and Review 147
Planning Individual Audits 148
Establishing and Approving an Audit Charter 151
Role of the Audit Committee 151
Preplanning Specific Audits 153
Understanding the Variety of Audits 154
Identifying Restrictions on Scope 156
Gathering Detailed Audit Requirements 158
Using a Systematic Approach to Planning 159
Comparing Traditional Audits to Assessments and Self¿Assessments 161
Performing an Audit Risk Assessment 162
Determining Whether an Audit is Possible 163
Identifying the Risk Management Strategy 165
Determining Feasibility of Audit 167
Performing the Audit 167
Selecting the Audit Team 167
Determining Competence and Evaluating Auditors 168
Ensuring Audit Quality Control 170
Establishing Contact with the Auditee 171
Making Initial Contact with the Auditee 172
Using Data Collection Techniques 174
Conducting Document Review 176
Understanding the Hierarchy of Internal Controls 177
Reviewing Existing Controls 179
Preparing the Audit Plan 182
Assigning Work to the Audit Team 183
Preparing Working Documents 184
Conducting Onsite Audit Activities 185
Gathering Audit Evidence 186
Using Evidence to Prove a Point 186
Understanding Types of Evidence 187
Selecting Audit Samples 187
Recognizing Typical Evidence for IS Audits 188
Using Computer¿Assisted Audit Tools 189
Understanding Electronic Discovery 191
Grading of Evidence 193
Timing of Evidence 195
Following the Evidence Life Cycle 195
Conducting Audit Evidence Testing 198
Compliance Testing 198
Substantive Testing 199
Tolerable Error Rate 200
Recording Test Results 200
Generating Audit Findings 201
Detecting Irregularities and Illegal Acts 201
Indicators of Illegal or Irregular Activity 202
Responding to Irregular or Illegal Activity 202
Findings Outside of Audit Scope 203
Report Findings 203
Approving and Distributing the Audit Report 205
Identifying Omitted Procedures 205
Conducting Follow¿up (Closing Meeting) 205
Summary 206
Exam Essentials 207
Review Questions 210
Chapter 4 Networking Technology Basics 215
Understanding the Differences in Computer Architecture 217
Selecting the Best System 221
Identifying Various Operating Systems 221
Determining the Best Computer Class 224
Comparing Computer Capabilities 227
Ensuring System Control 228
Dealing with Data Storage 230
Using Interfaces and Ports 235
Introducing the Open Systems Interconnection Model 237
Layer 1: Physical Layer 240
Layer 2: DatäLink Layer 240
Layer 3: Network Layer 242
Layer 4: Transport Layer 248
Layer 5: Session Layer 249
Layer 6: Presentation Layer 250
Layer 7: Application Layer 250
Understanding How Computers Communicate 251
Understanding Physical Network Design 252
Understanding Network Cable Topologies 253
Bus Topologies 254
Star Topologies 254
Ring Topologies 255
Meshed Networks 256
Differentiating Network Cable Types 258
Coaxial Cable 258
Unshielded Twisted¿Pair (UTP) Cable 259
Fiber¿Optic Cable 260
Connecting Network Devices 260
Using Network Services 263
Domain Name System 263
Dynamic Host Configuration Protocol 265
Expanding the Network 266
Using Telephone Circuits 268
Network Firewalls 271
Remote VPN Access 276
Using Wireless Access Solutions 280
Firewall Protection for Wireless Networks 284
Remote Dial¿Up Access 284
WLAN Transmission Security 284
Achieving 802.11i RSN Wireless Security 287
Intrusion Detection Systems 288
Summarizing the Various Area Networks 291
Using Software as a Service (SaaS) 292
Advantages 292
Disadvantages 293
Cloud Computing 294
The Basics of Managing the Network 295
Automated LAN Cable Tester 295
Protocol Analyzers 295
Remote Monitoring Protocol Version 2 297
Summary 298
Exam Essentials 298
Review Questions 301
Chapter 5 Information Systems Life Cycle 307
Governance in Software Development 308
Management of Software Quality 310
Capability Maturity Model 310
International Organization for Standardization 312
Typical Commercial Records Classification Method 316
Overview of the Executive Steering Committee 317
Identifying Critical Success Factors 318
Using the Scenario Approach 318
Aligning Software to Business Needs 319
Change Management 323
Management of the Software Project 323
Choosing an Approach 323
Using Traditional Project Management 324
Overview of the System Development Life Cycle 327
Phase 1: Feasibility Study 331
Phase 2: Requirements Definition 334
Phase 3: System Design 339
Phase 4: Development 343
Phase 5: Implementation 354
Phase 6: Postimplementation 361
Phase 7: Disposal 363
Overview of Data Architecture 364
Databases 364
Database Transaction Integrity 368
Decision Support Systems 369
Presenting Decision Support Data 370
Using Artificial Intelligence 370
Program Architecture 371
Centralization vs....
Erscheinungsjahr: | 2016 |
---|---|
Fachbereich: | Management |
Genre: | Importe, Wirtschaft |
Rubrik: | Recht & Wirtschaft |
Medium: | Taschenbuch |
Inhalt: | 704 S. |
ISBN-13: | 9781119056249 |
ISBN-10: | 1119056241 |
Sprache: | Englisch |
Einband: | Kartoniert / Broschiert |
Autor: | Cannon, David L. |
Orchester: |
O'Hara
Keele, Allen |
Hersteller: |
John Wiley & Sons
John Wiley & Sons Inc |
Verantwortliche Person für die EU: | Wiley-VCH GmbH, Boschstr. 12, D-69469 Weinheim, amartine@wiley-vch.de |
Maße: | 236 x 189 x 40 mm |
Von/Mit: | David L. Cannon |
Erscheinungsdatum: | 26.04.2016 |
Gewicht: | 0,913 kg |