Home > Store

Certified Information Systems Auditor (CISA) Cert Guide

Add To My Wish List

Certified Information Systems Auditor (CISA) Cert Guide

By Michael Gregg, Robert Johnson
Published Nov 9, 2017 by Pearson IT Certification. Part of the Certification Guide series.

Book

Sorry, this book is no longer in print.

Not for Sale

Premium Edition eBook

Your Price: $47.99
List Price: $59.99
About Premium Edition eBooks

The Premium Edition eBook and Practice Test is a digital-only certification preparation product combining an eBook with enhanced Pearson Test Prep practice tests.

Your purchase will deliver:

Link to download the Pearson Test Prep exam engine
Access code for question database
eBook in the following formats, accessible from your Account page after purchase:

EPUB The open industry format known for its reflowable content and usability on supported mobile devices.

PDF The popular standard, which reproduces the look and layout of the printed page.

This eBook requires no passwords or activation to read. We customize your eBook by discreetly watermarking it with your name, making it uniquely yours.

eBook FAQ

eBook Download Instructions

Add to cart

About

Description

Sample Content

Updates

Premium Edition

More Information

About

Features

Authoritative coverage of every CISA exam topic, with all the context and practical examples you need to succeed
Logical, well-organized, and practical coverage of both audit and IT topics, including thorough coverage of risk analysis/assessment that other sources of information
Expert coverage of audit processes, governance roles, system acquisition, development, controls, maintenance, service management, asset protection, asset threat response, and more
Includes two realistic practice tests, plus extensive proven features to help students review more efficiently



Description

Copyright 2018
Dimensions: 7-3/8" x 9-1/8"
Pages: 576
Edition: 1st

Book
ISBN-10: 0-7897-5844-X
ISBN-13: 978-0-7897-5844-6

Learn, prepare, and practice for CISA exam success with this Cert Guide from Pearson IT Certification, a leader in IT certification learning.

Master CISA exam topics
Assess your knowledge with chapter-ending quizzes
Review key concepts with exam preparation tasks
Practice with realistic exam questions

Certified Information Systems Auditor (CISA) Cert Guide is a best-of-breed exam study guide. World-renowned enterprise IT security leaders Michael Gregg and Rob Johnson share preparation hints and test-taking tips, helping you identify areas of weakness and improve both your conceptual knowledge and hands-on skills. Material is presented in a concise manner, focusing on increasing your understanding and retention of exam topics.

The book presents you with an organized test preparation routine through the use of proven series elements and techniques. Exam topic lists make referencing easy. Chapter-ending Exam Preparation Tasks help you drill on key concepts you must know thoroughly. Review questions help you assess your knowledge, and a final preparation chapter guides you through tools and resources to help you craft your final study plan.

The companion website contains the powerful Pearson Test Prep practice test software, complete with hundreds of exam-realistic questions. The assessment software offers you a wealth of customization options and reporting features, laying out a complete assessment of your knowledge to help you focus your study where it is needed most.

Well regarded for its level of detail, assessment features, and challenging review questions and exercises, this study guide helps you master the concepts and techniques that will allow you to succeed on the exam the first time.

The study guide helps you master all the topics on the CISA exam, including:

Essential information systems audit techniques, skills, and standards
IT governance, management/control frameworks, and process optimization
Maintaining critical services: business continuity and disaster recovery
Acquiring information systems: build-or-buy, project management, and development methodologies
Auditing and understanding system controls
System maintenance and service management, including frameworks and networking infrastructure
Asset protection via layered administrative, physical, and technical controls
Insider and outsider asset threats: response and management

Companion Website
The website contains two free, complete practice exams.
Includes Exclusive Offer for up to 70% Off video training and Premium Edition eBook and Practice Test

Pearson Test Prep online system requirements:
Browsers: Chrome version 40 and above; Firefox version 35 and above; Safari version 7; Internet Explorer 10, 11; Microsoft Edge; Opera. Devices: Desktop and laptop computers, tablets running on Android and iOS, smartphones with a minimum screen size of 4.7". Internet access required.

Pearson Test Prep offline system requirements:
Windows 10, Windows 8.1, or Windows 7; Microsoft .NET Framework 4.5 Client; Pentium-class 1 GHz processor (or equivalent); 512 MB RAM; 650 MB disk space plus 50 MB for each downloaded practice exam; access to the Internet to register and download exam databases



Premium Edition

The exciting new Certified Information Systems Auditor (CISA) Cert Guide, Premium Edition eBook and Practice Test is a digital-only certification preparation product combining an eBook with enhanced Pearson IT Certification Practice Test. The Premium Edition eBook and Practice Test contains the following items:

The CISA Premium Edition Practice Test, including four full practice exams and enhanced practice test features
PDF and EPUB formats of the Certified Information Systems Auditor (CISA) Cert Guide from Pearson IT Certification, which are accessible via your PC, tablet, and smartphone

About the Premium Edition Practice Test

This Premium Edition contains an enhanced version of the Pearson Test Prep practice test software with four full practice exams. In addition, it contains all the chapter-opening assessment questions from the book. This integrated learning package:

Allows you to focus on individual topic areas or take complete, timed exams
Includes direct links from each question to detailed tutorials to help you understand the concepts behind the questions
Provides unique sets of exam-realistic practice questions
Tracks your performance and provides feedback on a module-by-module basis, laying out a complete assessment of your knowledge to help you focus your study where it is needed most

About the Premium Edition eBook

Learn, prepare, and practice for CISA exam success with this Cert Guide from Pearson IT Certification, a leader in IT certification learning.

Master CISA exam topics
Assess your knowledge with chapter-ending quizzes
Review key concepts with exam preparation tasks
Practice with realistic exam questions

Certified Information Systems Auditor (CISA) Cert Guide is a best-of-breed exam study guide from Pearson IT Certification, a leader in IT certification learning. World-renowned enterprise IT security leaders Michael Gregg and Rob Johnson share preparation hints and test-taking tips, helping you identify areas of weakness and improve both your conceptual knowledge and hands-on skills. Material is presented in a concise manner, focusing on increasing your understanding and retention of exam topics.

Certified Information Systems Auditor (CISA) Cert Guide presents you with an organized test preparation routine through the use of proven series elements and techniques. Exam topic lists make referencing easy. Chapter-ending Exam Preparation Tasks help you drill on key concepts you must know thoroughly. Review questions help you assess your knowledge, and a final preparation chapter guides you through tools and resources to help you craft your final study plan.

Well-regarded for its level of detail, assessment features, and challenging review questions and exercises, this study guide helps you master the concepts and techniques that will allow you to succeed on the exam the first time.

The study guide helps you master all the topics on the CISA exam, including:

Essential information systems audit techniques, skills, and standards
IT governance, management/control frameworks, and process optimization
Maintaining critical services: business continuity and disaster recovery
Acquiring information systems: build-or-buy, project management, and development methodologies
Auditing and understanding system controls
System maintenance and service management, including frameworks and networking infrastructure
Asset protection via layered administrative, physical, and technical controls
Insider and outsider asset threats: response and management



Sample Content

Sample Pages

Download the sample pages (includes Chapter 4 and the Index)

Introduction xxiii
Chapter 1 The CISA Certification 3
Exam Intent 3
Why the CISA Certification Is So Important 4
CISA: The Gold Standard 5
Exam Requirements 6
CISA Exam Windows 6
Scheduling to Take the Exam 7
Deadline to Apply for the CISA Certification 7
ISACA Agreements 9
CISA Exam Domains 10
Question Format and Grading 13
Exam Grading 13
Exam Questions 14
Getting Exam Results and Retests 15
Maintaining CISA Certification 16
Reporting CPE Hours Earned 16
Earning CPE Hours 17
Top 10 Tips and Tricks 18
Chapter Summary 19
Define Key Terms 20
Suggested Readings and Resources 20
Chapter 2 The Information Systems Audit 23
“Do I Know This Already?” Quiz 23
Foundation Topics 27
Skills and Knowledge Required to Be an IS Auditor 27
Work-Related Skills 27
Knowledge of Ethical Standards 28
ISACA Standards, Procedures, Guidelines, and Baselines 31
Knowledge of Regulatory Standards 35
Guidance Documents 36
Auditing Compliance with Regulatory Standards 38
Knowledge of Business Processes 38
Types of Audits 39
Risk Assessment Concepts 40
Risk Management 43
Auditing and the Use of Internal Controls 45
The Auditing Life Cycle 47
Audit Methodology 47
The Auditing Life Cycle Steps 48
Chain of Custody and Evidence Handling 49
Automated Work Papers 50
CAATs 51
Audit Closing 52
Report Writing 53
The Control Self-Assessment Process 54
Continuous Monitoring 55
Quality Assurance 56
The Challenges of Audits 57
Communicating Results 57
Negotiation and the Art of Handling Conflicts 58
Chapter Summary 59
Exam Preparation Tasks 60
Review All the Key Topics 60
Complete Tables from Memory 61
Define Key Terms 61
Exercises 61
2.1 Network Inventory 61
Review Questions 64
Suggested Readings and Resources 68
Chapter 3 The Role of IT Governance 71
“Do I Know This Already?” Quiz 71
Foundation Topics 75
The IT Steering Committee 75
Corporate Structure 77
IT Governance Frameworks 77
COBIT 78
ITIL 78
COBIT Versus ITIL 79
Enterprise Risk Management 80
The Risk Management Team 81
Asset Identification 82
Threat Identification 82
Quantitative Risk Assessment 84
Qualitative Risk Assessment 86
The Three Lines of Defense Model 87
Policy Development 90
Policy 91
Policy, Standards, Procedures, and Baselines 92
Auditing Policies, Standards, Procedures, and Baselines 93
Data Classification 96
Security Policy 98
Management Practices of Employees 100
Forced Vacations, Rotation of Assignments, and Dual Control 102
Separation Events 102
Roles and Responsibilities 103
Segregation of Duties (SoD) 105
Compensating Controls 106
Key Employee Controls 106
Performance Management 107
Key Performance Terms 108
Management and Control Frameworks 110
Enterprise Architecture 111
Change Management 113
Quality Management 113
Maturity Models 116
Implementing a Maturity Model 118
Management’s Role in Compliance 119
Process Optimization Techniques 121
Taguchi 122
PDCA 123
Taguchi Versus PDCA 124
Management of IT Suppliers 125
Third-Party Outsourcing 125
Third-Party Audits 126
Contract Management 127
Performance Monitoring 128
Relationship Management 129
Chapter Summary 130
Exam Preparation Tasks 130
Review All the Key Topics 130
Complete Tables from Memory 131
Key Terms 131
Exercises 132
3.1 Determining the steps for quantitative risk assessment 132
Review Questions 133
Suggested Readings and Resources 135
Chapter 4 Maintaining Critical Services 137
“Do I Know This Already?” Quiz 137
Foundation Topics 140
Threats to Business Operations 140
The Business Continuity Planning (BCP) Process 142
Project Management and Initiation 143
Business Impact Analysis 144
Criticality Analysis 147
Development and Recovery Strategy 149
Final Plan Design and Implementation 151
Training and Awareness 152
Implementation and Testing 153
Paper Tests 155
Preparedness Tests 155
Full Operation Tests 156
Monitoring and Maintenance 156
Understanding BCP Metrics 157
Recovery Strategies 159
Alternate Processing Sites 159
Alternate Processing Options 160
Hardware Recovery 163
Redundant Array of Independent Disks 164
Software and Data Recovery 165
Backup and Restoration 167
Telecommunications Recovery 169
Verification of Disaster Recovery and Business Continuity Process Tasks 170
The Disaster Life Cycle 172
Chapter Summary 174
Exam Preparation Tasks 174
Review All the Key Topics 175
Define Key Terms 175
Exercises 175
4.1 Business Impact and Risk 175
Review Questions 177
Suggested Readings and Resources 179
Chapter 5 Information Systems Acquisition and Development 181
“Do I Know This Already?” Quiz 181
Foundation Topics 185
IT Acquisition and Project Management 185
IT Acquisition 185
Software Escrow Agreements 185
Software Licensing 185
Project Management 187
Roles, Responsibility, and Structure of Project Management 188
Project Culture and Objectives 189
Making the Business Case for Investment 190
Return on Investment 191
Project Management Activities and Practices 192
Project Initiation 193
Project Planning 193
Project Control and Execution 199
Project Closing 199
Business Application Development 200
Systems-Development Methodology 200
Phase 1: Initiation phase 202
Phase 2: Development 204
Phase 3: Implementation 208
Phase 4: Operation and Maintenance 210
Phase 5: Disposal 211
Tools and Methods for Software Development 212
Information Systems Maintenance 213
Outsourcing and Alternative System Development 214
Cloud Computing 216
Cloud Threats 218
Application-Development Approaches 219
N-tier 220
Virtualization 221
Chapter Summary 222
Exam Preparation Tasks 223
Review All the Key Topics 223
Complete Tables from Memory 223
Define Key Terms 224
Exercises 224
5.1 Project Management 224
5.2 Project Management 225
Review Questions 226
Suggested Readings and Resources 229
Chapter 6 Auditing and Understanding System Controls 231
“Do I Know This Already?” Quiz 231
Foundation Topics 235
Audit Universe and Application Auditing 235
Programmed and Manual Application Controls 236
Business Process Controls 237
Input Controls 237
Processing Controls 239
Data File Controls 241
Output Controls 242
Auditing Application Controls 243
Understanding the Application 243
Observation and Testing 244
Data Integrity Controls 245
Application System Testing 246
Continuous Online Auditing 247
Auditing Systems Development, Acquisition, and Maintenance 249
Project Management 250
Business Application Systems 252
E-commerce 253
Electronic Data Interchange 254
Email 255
Business Intelligence 256
Decision Support Systems 257
Artificial Intelligence and Expert Systems 258
Customer Relationship Management 258
Supply Chain Management 259
Social Media 260
Chapter Summary 260
Exam Preparation Tasks 261
Review All the Key Topics 261
Define Key Terms 262
Exercises 262
6-1 Software Application Audit 262
Review Questions 263
Suggested Readings and Resources 266
Chapter 7 Systems Maintenance and Service Management 269
“Do I Know This Already?” Quiz 269
Foundation Topics 273
Service Management Frameworks 273
COBIT 273
FitSM 274
ISO 20000 274
eTOM 275
Fundamental Technologies 275
Operating Systems 275
Secondary Storage 277
Utility Software 277
Database-Management Systems 278
Database Structure 279
Software Licensing Issues 282
Digital Rights Management 283
Network Infrastructure 283
Network Types 284
Network Standards and Protocols 285
The OSI Reference Model 286
The Application Layer 287
The Presentation Layer 287
The Session Layer 288
The Transport Layer 288
The Network Layer 288
The Data Link Layer 289
The Physical Layer 289
Network Services and Applications 290
Comparing the OSI Model to the TCP/IP Model 292
The Network Access Layer 292
The Internet Layer 293
The Host-to-Host/Transport Layer 295
The Application Layer 296
Network Services 297
Wireless Technologies 298
Bluetooth 298
802.11 Wireless 299
Smartphones, Tablets, and Hotspots 302
Network Equipment 303
Edge Devices 306
DMZ 306
Firewalls 306
Firewall Configuration 308
IDS/IPS 310
Wide Area Networks 312
Packet Switching 312
Circuit Switching 313
Capacity Planning and Systems Performance Monitoring 314
Network Analyzers 316
System Utilization and Load Balancing 317
Third Parties and Cloud Providers 318
Network Design 318
Network Cabling 320
Chapter Summary 323
Exam Preparation Tasks 324
Review All the Key Topics 324
Define Key Terms 324
Exercises 325
7.1 Organizing Network Components 325
Review Questions 328
Suggested Readings and Resources 331
Chapter 8 Protection of Assets 333
“Do I Know This Already?” Quiz 333
Foundation Topics 336
Access Control 336
Identification and Authentication (I&A) 336
Authentication by Knowledge 336
Authentication by Ownership 338
Authentication by Characteristic 338
Single Sign-on 340
Federation 343
Remote Access 345
RADIUS 345
Diameter 346
TACACS 346
Additional Remote Access Options 346
SSH 347
VPNs 348
Physical and Environmental Access Controls 349
Fences, Gates, and Bollards 349
Other Physical and Environmental Controls 351
Using Guards to Restrict Access 352
Locks 353
Lighting 354
CCTV 355
Heating, Ventilation, and Air Conditioning (HVAC) 356
Security Controls for Hardware and Software 356
Securing Voice Communications 356
Encryption’s Role as a Security Control 357
Private Key Encryption 359
Data Encryption Standard (DES) 361
Advanced Encryption Standard (AES) 362
Public Key Encryption 362
RSA Encryption 363
Elliptic Curve Cryptography (ECC) 363
Quantum Cryptography 364
Hashing and Digital Signatures 364
Public Key Infrastructure (PKI) 365
Using Cryptography to Secure Assets 367
Internet Security Protocols 368
Protection of Information Assets 369
Information Life Cycle 369
Access Restriction 370
Laws Related to the Protection of Information 370
Maintaining Compliance 371
Protection of Privacy 372
Using Data Classification to Secure Critical Resources 373
Data Leakage and Attacks 374
Attacks Against Encryption 374
Threats from Unsecured Devices 375
Threats from Improper Destruction 378
Threats to the Infrastructure 378
Chapter Summary 380
Exam Preparation Tasks 381
Review All the Key Topics 381
Complete Tables from Memory 382
Define Key Terms 382
Review Questions 382
Suggested Reading and Resources 384
Chapter 9 Asset Threats, Response, and Management 387
“Do I Know This Already?” Quiz 387
Foundation Topics 391
Security Controls 391
Technical Controls 391
Cloud Computing 391
Operating Systems 391
Databases 393
Virtualization 395
Administrative Controls 396
Attack Methods and Techniques 399
Social Engineering and Nontechnical Attacks 399
Sniffing 400
Man-in-the-Middle Attacks and Hijacking 401
Denial of Service 402
Botnets 403
Malware 404
Wireless and Bluetooth 405
SQL Injection 408
Buffer Overflow 409
XSS and XSRF 411
Logic Bombs, Rounding Down, and Asynchronous Attacks 411
Integer Overflow 412
Password Attacks 412
Prevention and Detection Tools and Techniques 414
Audit and Log Review 414
Security Testing Techniques 415
Vulnerability Scanning 416
Penetration Testing 416
Problem and Incident Management Practices 418
Tracking Change 418
Fraud Risk Factors 419
Insiders 419
Outsiders 419
Incident Response 420
Emergency Incident Response Team 422
Incident Response Process 422
Incident Response and Results 424
Forensic Investigation 425
Forensics Steps 426
Other Forensic Types 427
Computer Crime Jurisdiction 429
Chapter Summary 430
Exam Preparation Tasks 430
Review All the Key Topics 430
Complete Tables from Memory 431
Define Key Terms 431
Review Questions 431
Suggested Reading and Resources 433
Chapter 10 Final Preparation 437
Tools for Final Preparation 437
Pearson Test Prep Practice Test Software and Questions on the Website 437
Accessing the Pearson Test Prep Software Online 438
Accessing the Pearson Test Prep Software Offline 438
Customizing Your Exams 439
Updating Your Exams 440
Premium Edition 440
Memory Tables 441
Chapter-Ending Review Tools 441
Suggested Plan for Final Review/Study 441
Summary 442
Glossary 445
Appendix A Answers to the “Do I Know This Already” Quizzes and Review
Questions 467

Online Elements:
Appendix B Memory Tables
Appendix C Memory Tables Answer Key
9780789758446, TOC, 10/4/2017



Updates

Submit Errata



More Information



Pearson IT Certification Promotional Mailings & Special Offers

I would like to receive exclusive offers and hear about products from Pearson IT Certification and its family of brands. I can unsubscribe at any time.

Privacy Notice

Overview

Pearson Education, Inc., 221 River Street, Hoboken, New Jersey 07030, (Pearson) presents this site to provide information about Pearson IT Certification products and services that can be purchased through this site.

This privacy notice provides an overview of our commitment to privacy and describes how we collect, protect, use and share personal information collected through this site. Please note that other Pearson websites and online products and services have their own separate privacy policies.

Collection and Use of Information

To conduct business and deliver products and services, Pearson collects and uses personal information in several ways in connection with this site, including:

Questions and Inquiries

For inquiries and questions, we collect the inquiry or question, together with name, contact details (email address, phone number and mailing address) and any other additional information voluntarily submitted to us through a Contact Us form or an email. We use this information to address the inquiry and respond to the question.

Online Store

For orders and purchases placed through our online store on this site, we collect order details, name, institution name and address (if applicable), email address, phone number, shipping and billing addresses, credit/debit card information, shipping options and any instructions. We use this information to complete transactions, fulfill orders, communicate with individuals placing orders or visiting the online store, and for related purposes.

Surveys

Pearson may offer opportunities to provide feedback or participate in surveys, including surveys evaluating Pearson products, services or sites. Participation is voluntary. Pearson collects information requested in the survey questions and uses the information to evaluate, support, maintain and improve products, services or sites; develop new products and services; conduct educational research; and for other purposes specified in the survey.

Contests and Drawings

Occasionally, we may sponsor a contest or drawing. Participation is optional. Pearson collects name, contact information and other information specified on the entry form for the contest or drawing to conduct the contest or drawing. Pearson may collect additional personal information from the winners of a contest or drawing in order to award the prize and for tax reporting purposes, as required by law.

Newsletters

If you have elected to receive email newsletters or promotional mailings and special offers but want to unsubscribe, simply email information@informit.com.

Service Announcements

On rare occasions it is necessary to send out a strictly service related announcement. For instance, if our service is temporarily suspended for maintenance we might send users an email. Generally, users may not opt-out of these communications, though they can deactivate their account information. However, these communications are not promotional in nature.

Customer Service

We communicate with users on a regular basis to provide requested services and in regard to issues relating to their account we reply via email or phone in accordance with the users' wishes when a user submits their information through our Contact Us form.

Other Collection and Use of Information

Application and System Logs

Pearson automatically collects log data to help ensure the delivery, availability and security of this site. Log data may include technical information about how a user or visitor connected to this site, such as browser type, type of computer/device, operating system, internet service provider and IP address. We use this information for support purposes and to monitor the health of the site, identify problems, improve service, detect unauthorized access and fraudulent activity, prevent and respond to security incidents and appropriately scale computing resources.

Web Analytics

Pearson may use third party web trend analytical services, including Google Analytics, to collect visitor information, such as IP addresses, browser types, referring pages, pages visited and time spent on a particular site. While these analytical services collect and report information on an anonymous basis, they may use cookies to gather web trend information. The information gathered may enable Pearson (but not the third party web trend services) to link information with application and system log data. Pearson uses this information for system administration and to identify problems, improve service, detect unauthorized access and fraudulent activity, prevent and respond to security incidents, appropriately scale computing resources and otherwise support and deliver this site and its services.

Cookies and Related Technologies

This site uses cookies and similar technologies to personalize content, measure traffic patterns, control security, track use and access of information on this site, and provide interest-based messages and advertising. Users can manage and block the use of cookies through their browser. Disabling or blocking certain cookies may limit the functionality of this site.

Do Not Track

This site currently does not respond to Do Not Track signals.

Security

Pearson uses appropriate physical, administrative and technical security measures to protect personal information from unauthorized access, use and disclosure.

Children

This site is not directed to children under the age of 13.

Marketing

Pearson may send or direct marketing communications to users, provided that

Pearson will not use personal information collected or processed as a K-12 school service provider for the purpose of directed or targeted advertising.
Such marketing is consistent with applicable law and Pearson's legal obligations.
Pearson will not knowingly direct or send marketing communications to an individual who has expressed a preference not to receive marketing.
Where required by applicable law, express or implied consent to marketing exists and has not been withdrawn.

Pearson may provide personal information to a third party service provider on a restricted basis to provide marketing solely on behalf of Pearson or an affiliate or customer for whom Pearson is a service provider. Marketing preferences may be changed at any time.

Correcting/Updating Personal Information

If a user's personally identifiable information changes (such as your postal address or email address), we provide a way to correct or update that user's personal data provided to us. This can be done on the Account page. If a user no longer desires our service and desires to delete his or her account, please contact us at customer-service@informit.com and we will process the deletion of a user's account.

Choice/Opt-out

Users can always make an informed choice as to whether they should proceed with certain services offered by Adobe Press. If you choose to remove yourself from our mailing list(s) simply visit the following page and uncheck any communication you no longer want to receive: www.pearsonitcertification.com/u.aspx.

Sale of Personal Information

Pearson does not rent or sell personal information in exchange for any payment of money.

While Pearson does not sell personal information, as defined in Nevada law, Nevada residents may email a request for no sale of their personal information to NevadaDesignatedRequest@pearson.com.

Supplemental Privacy Statement for California Residents

California residents should read our Supplemental privacy statement for California residents in conjunction with this Privacy Notice. The Supplemental privacy statement for California residents explains Pearson's commitment to comply with California law and applies to personal information of California residents collected in connection with this site and the Services.

Sharing and Disclosure

Pearson may disclose personal information, as follows:

As required by law.
With the consent of the individual (or their parent, if the individual is a minor)
In response to a subpoena, court order or legal process, to the extent permitted or required by law
To protect the security and safety of individuals, data, assets and systems, consistent with applicable law
In connection the sale, joint venture or other transfer of some or all of its company or assets, subject to the provisions of this Privacy Notice
To investigate or address actual or suspected fraud or other illegal activities
To exercise its legal rights, including enforcement of the Terms of Use for this site or another contract
To affiliated Pearson companies and other companies and organizations who perform work for Pearson and are obligated to protect the privacy of personal information consistent with this Privacy Notice
To a school, organization, company or government agency, where Pearson collects or processes the personal information in a school setting or on behalf of such organization, company or government agency.

Links

This web site contains links to other sites. Please be aware that we are not responsible for the privacy practices of such other sites. We encourage our users to be aware when they leave our site and to read the privacy statements of each and every web site that collects Personal Information. This privacy statement applies solely to information collected by this web site.

Requests and Contact

Please contact us about this Privacy Notice or if you have any requests or questions relating to the privacy of your personal information.

Changes to this Privacy Notice

We may revise this Privacy Notice through an updated posting. We will identify the effective date of the revision in the posting. Often, updates are made to provide greater clarity or to comply with changes in regulatory requirements. If the updates involve material changes to the collection, protection, use or disclosure of Personal Information, Pearson will provide notice of the change through a conspicuous notice on this site or other appropriate way. Continued use of the site after the effective date of a posted revision evidences acceptance. Please contact us if you have questions or concerns about the Privacy Notice or any objection to any revisions.

Last Update: November 17, 2020

Email Address