Certified Information Systems Auditor (CISA) Cert Guide

About

Features

• Authoritative coverage of every CISA exam topic, with all the context and practical examples you need to succeed
• Logical, well-organized, and practical coverage of both audit and IT topics, including thorough coverage of risk analysis/assessment that other sources of information
• Expert coverage of audit processes, governance roles, system acquisition, development, controls, maintenance, service management, asset protection, asset threat response, and more
• Includes two realistic practice tests, plus extensive proven features to help students review more efficiently

Description

Learn, prepare, and practice for CISA exam success with this Cert Guide from Pearson IT Certification, a leader in IT certification learning.

• Master CISA exam topics
• Assess your knowledge with chapter-ending quizzes
• Review key concepts with exam preparation tasks
• Practice with realistic exam questions

Certified Information Systems Auditor (CISA) Cert Guide is a best-of-breed exam study guide. World-renowned enterprise IT security leaders Michael Gregg and Rob Johnson share preparation hints and test-taking tips, helping you identify areas of weakness and improve both your conceptual knowledge and hands-on skills. Material is presented in a concise manner, focusing on increasing your understanding and retention of exam topics.

The book presents you with an organized test preparation routine through the use of proven series elements and techniques. Exam topic lists make referencing easy. Chapter-ending Exam Preparation Tasks help you drill on key concepts you must know thoroughly. Review questions help you assess your knowledge, and a final preparation chapter guides you through tools and resources to help you craft your final study plan.

The companion website contains the powerful Pearson Test Prep practice test software, complete with hundreds of exam-realistic questions. The assessment software offers you a wealth of customization options and reporting features, laying out a complete assessment of your knowledge to help you focus your study where it is needed most.

Well regarded for its level of detail, assessment features, and challenging review questions and exercises, this study guide helps you master the concepts and techniques that will allow you to succeed on the exam the first time.

The study guide helps you master all the topics on the CISA exam, including:

• Essential information systems audit techniques, skills, and standards
• IT governance, management/control frameworks, and process optimization
• Maintaining critical services: business continuity and disaster recovery
• Acquiring information systems: build-or-buy, project management, and development methodologies
• Auditing and understanding system controls
• System maintenance and service management, including frameworks and networking infrastructure
• Asset protection via layered administrative, physical, and technical controls
• Insider and outsider asset threats: response and management

Companion Website
The website contains two free, complete practice exams.
Includes Exclusive Offer for up to 70% Off video training and Premium Edition eBook and Practice Test

Pearson Test Prep online system requirements:
Browsers: Chrome version 40 and above; Firefox version 35 and above; Safari version 7; Internet Explorer 10, 11; Microsoft Edge; Opera. Devices: Desktop and laptop computers, tablets running on Android and iOS, smartphones with a minimum screen size of 4.7". Internet access required.

Pearson Test Prep offline system requirements:
Windows 10, Windows 8.1, or Windows 7; Microsoft .NET Framework 4.5 Client; Pentium-class 1 GHz processor (or equivalent); 512 MB RAM; 650 MB disk space plus 50 MB for each downloaded practice exam; access to the Internet to register and download exam databases

Premium Edition

The exciting new Certified Information Systems Auditor (CISA) Cert Guide, Premium Edition eBook and Practice Test is a digital-only certification preparation product combining an eBook with enhanced Pearson IT Certification Practice Test. The Premium Edition eBook and Practice Test contains the following items:

• The CISA Premium Edition Practice Test, including four full practice exams and enhanced practice test features
• PDF and EPUB formats of the Certified Information Systems Auditor (CISA) Cert Guide from Pearson IT Certification, which are accessible via your PC, tablet, and smartphone

About the Premium Edition Practice Test

This Premium Edition contains an enhanced version of the Pearson Test Prep practice test software with four full practice exams. In addition, it contains all the chapter-opening assessment questions from the book. This integrated learning package:

• Allows you to focus on individual topic areas or take complete, timed exams
• Includes direct links from each question to detailed tutorials to help you understand the concepts behind the questions
• Provides unique sets of exam-realistic practice questions
• Tracks your performance and provides feedback on a module-by-module basis, laying out a complete assessment of your knowledge to help you focus your study where it is needed most

Pearson Test Prep online system requirements:
Browsers: Chrome version 40 and above; Firefox version 35 and above; Safari version 7; Internet Explorer 10, 11; Microsoft Edge; Opera. Devices: Desktop and laptop computers, tablets running on Android and iOS, smartphones with a minimum screen size of 4.7". Internet access required.

Pearson Test Prep offline system requirements:
Windows 10, Windows 8.1, or Windows 7; Microsoft .NET Framework 4.5 Client; Pentium-class 1 GHz processor (or equivalent); 512 MB RAM; 650 MB disk space plus 50 MB for each downloaded practice exam; access to the Internet to register and download exam databases

About the Premium Edition eBook

Learn, prepare, and practice for CISA exam success with this Cert Guide from Pearson IT Certification, a leader in IT certification learning.

• Master CISA exam topics
• Assess your knowledge with chapter-ending quizzes
• Review key concepts with exam preparation tasks
• Practice with realistic exam questions

Certified Information Systems Auditor (CISA) Cert Guide is a best-of-breed exam study guide from Pearson IT Certification, a leader in IT certification learning. World-renowned enterprise IT security leaders Michael Gregg and Rob Johnson share preparation hints and test-taking tips, helping you identify areas of weakness and improve both your conceptual knowledge and hands-on skills. Material is presented in a concise manner, focusing on increasing your understanding and retention of exam topics.

Certified Information Systems Auditor (CISA) Cert Guide presents you with an organized test preparation routine through the use of proven series elements and techniques. Exam topic lists make referencing easy. Chapter-ending Exam Preparation Tasks help you drill on key concepts you must know thoroughly. Review questions help you assess your knowledge, and a final preparation chapter guides you through tools and resources to help you craft your final study plan.

Well-regarded for its level of detail, assessment features, and challenging review questions and exercises, this study guide helps you master the concepts and techniques that will allow you to succeed on the exam the first time.

The study guide helps you master all the topics on the CISA exam, including:

• Essential information systems audit techniques, skills, and standards
• IT governance, management/control frameworks, and process optimization
• Maintaining critical services: business continuity and disaster recovery
• Acquiring information systems: build-or-buy, project management, and development methodologies
• Auditing and understanding system controls
• System maintenance and service management, including frameworks and networking infrastructure
• Asset protection via layered administrative, physical, and technical controls
• Insider and outsider asset threats: response and management

Sample Content

Sample Pages

Download the sample pages (includes Chapter 4 and the Index)

Table of Contents

Introduction xxiii
Chapter 1 The CISA Certification 3
    Exam Intent 3
    Why the CISA Certification Is So Important 4
        CISA: The Gold Standard 5
    Exam Requirements 6
    CISA Exam Windows 6
        Scheduling to Take the Exam 7
        Deadline to Apply for the CISA Certification 7
        ISACA Agreements 9
        CISA Exam Domains 10
        Question Format and Grading 13
        Exam Grading 13
        Exam Questions 14
        Getting Exam Results and Retests 15
        Maintaining CISA Certification 16
        Reporting CPE Hours Earned 16
        Earning CPE Hours 17
    Top 10 Tips and Tricks 18
    Chapter Summary 19
    Define Key Terms 20
    Suggested Readings and Resources 20
Chapter 2 The Information Systems Audit 23
    “Do I Know This Already?” Quiz 23
    Foundation Topics 27
    Skills and Knowledge Required to Be an IS Auditor 27
        Work-Related Skills 27
    Knowledge of Ethical Standards 28
    ISACA Standards, Procedures, Guidelines, and Baselines 31
        Knowledge of Regulatory Standards 35
        Guidance Documents 36
        Auditing Compliance with Regulatory Standards 38
        Knowledge of Business Processes 38
        Types of Audits 39
    Risk Assessment Concepts 40
        Risk Management 43
    Auditing and the Use of Internal Controls 45
    The Auditing Life Cycle 47
        Audit Methodology 47
        The Auditing Life Cycle Steps 48
        Chain of Custody and Evidence Handling 49
        Automated Work Papers 50
        CAATs 51
        Audit Closing 52
        Report Writing 53
    The Control Self-Assessment Process 54
    Continuous Monitoring 55
    Quality Assurance 56
    The Challenges of Audits 57
        Communicating Results 57
        Negotiation and the Art of Handling Conflicts 58
    Chapter Summary 59
    Exam Preparation Tasks 60
    Review All the Key Topics 60
    Complete Tables from Memory 61
    Define Key Terms 61
    Exercises 61
    2.1 Network Inventory 61
    Review Questions 64
    Suggested Readings and Resources 68
Chapter 3 The Role of IT Governance 71
    “Do I Know This Already?” Quiz 71
    Foundation Topics 75
    The IT Steering Committee 75
    Corporate Structure 77
    IT Governance Frameworks 77
        COBIT 78
        ITIL 78
        COBIT Versus ITIL 79
    Enterprise Risk Management 80
        The Risk Management Team 81
        Asset Identification 82
        Threat Identification 82
        Quantitative Risk Assessment 84
        Qualitative Risk Assessment 86
        The Three Lines of Defense Model 87
    Policy Development 90
        Policy 91
        Policy, Standards, Procedures, and Baselines 92
        Auditing Policies, Standards, Procedures, and Baselines 93
        Data Classification 96
        Security Policy 98
    Management Practices of Employees 100
        Forced Vacations, Rotation of Assignments, and Dual Control 102
        Separation Events 102
        Roles and Responsibilities 103
        Segregation of Duties (SoD) 105
        Compensating Controls 106
        Key Employee Controls 106
    Performance Management 107
        Key Performance Terms 108
    Management and Control Frameworks 110
        Enterprise Architecture 111
        Change Management 113
        Quality Management 113
    Maturity Models 116
        Implementing a Maturity Model 118
    Management’s Role in Compliance 119
    Process Optimization Techniques 121
        Taguchi 122
        PDCA 123
        Taguchi Versus PDCA 124
    Management of IT Suppliers 125
        Third-Party Outsourcing 125
        Third-Party Audits 126
        Contract Management 127
        Performance Monitoring 128
        Relationship Management 129
    Chapter Summary 130
    Exam Preparation Tasks 130
    Review All the Key Topics 130
    Complete Tables from Memory 131
    Key Terms 131
    Exercises 132
        3.1 Determining the steps for quantitative risk assessment 132
    Review Questions 133
    Suggested Readings and Resources 135
Chapter 4 Maintaining Critical Services 137
    “Do I Know This Already?” Quiz 137
    Foundation Topics 140
    Threats to Business Operations 140
    The Business Continuity Planning (BCP) Process 142
        Project Management and Initiation 143
        Business Impact Analysis 144
        Criticality Analysis 147
        Development and Recovery Strategy 149
        Final Plan Design and Implementation 151
        Training and Awareness 152
        Implementation and Testing 153
        Paper Tests 155
        Preparedness Tests 155
        Full Operation Tests 156
        Monitoring and Maintenance 156
        Understanding BCP Metrics 157
    Recovery Strategies 159
        Alternate Processing Sites 159
        Alternate Processing Options 160
        Hardware Recovery 163
        Redundant Array of Independent Disks 164
        Software and Data Recovery 165
        Backup and Restoration 167
        Telecommunications Recovery 169
        Verification of Disaster Recovery and Business Continuity Process Tasks 170
        The Disaster Life Cycle 172
    Chapter Summary 174
    Exam Preparation Tasks 174
    Review All the Key Topics 175
    Define Key Terms 175
    Exercises 175
        4.1 Business Impact and Risk 175
    Review Questions 177
    Suggested Readings and Resources 179
Chapter 5 Information Systems Acquisition and Development 181
    “Do I Know This Already?” Quiz 181
    Foundation Topics 185
    IT Acquisition and Project Management 185
        IT Acquisition 185
        Software Escrow Agreements 185
        Software Licensing 185
        Project Management 187
        Roles, Responsibility, and Structure of Project Management 188
        Project Culture and Objectives 189
        Making the Business Case for Investment 190
        Return on Investment 191
        Project Management Activities and Practices 192
        Project Initiation 193
        Project Planning 193
        Project Control and Execution 199
        Project Closing 199
    Business Application Development 200
        Systems-Development Methodology 200
        Phase 1: Initiation phase 202
        Phase 2: Development 204
        Phase 3: Implementation 208
        Phase 4: Operation and Maintenance 210
        Phase 5: Disposal 211
        Tools and Methods for Software Development 212
    Information Systems Maintenance 213
    Outsourcing and Alternative System Development 214
        Cloud Computing 216
        Cloud Threats 218
        Application-Development Approaches 219
        N-tier 220
        Virtualization 221
    Chapter Summary 222
    Exam Preparation Tasks 223
    Review All the Key Topics 223
    Complete Tables from Memory 223
    Define Key Terms 224
    Exercises 224
        5.1 Project Management 224
        5.2 Project Management 225
    Review Questions 226
    Suggested Readings and Resources 229
Chapter 6 Auditing and Understanding System Controls 231
    “Do I Know This Already?” Quiz 231
    Foundation Topics 235
    Audit Universe and Application Auditing 235
    Programmed and Manual Application Controls 236
        Business Process Controls 237
        Input Controls 237
        Processing Controls 239
        Data File Controls 241
        Output Controls 242
    Auditing Application Controls 243
        Understanding the Application 243
        Observation and Testing 244
        Data Integrity Controls 245
        Application System Testing 246
        Continuous Online Auditing 247
    Auditing Systems Development, Acquisition, and Maintenance 249
        Project Management 250
    Business Application Systems 252
        E-commerce 253
        Electronic Data Interchange 254
        Email 255
        Business Intelligence 256
        Decision Support Systems 257
        Artificial Intelligence and Expert Systems 258
        Customer Relationship Management 258
        Supply Chain Management 259
        Social Media 260
    Chapter Summary 260
    Exam Preparation Tasks 261
    Review All the Key Topics 261
    Define Key Terms 262
    Exercises 262
        6-1 Software Application Audit 262
    Review Questions 263
    Suggested Readings and Resources 266
Chapter 7 Systems Maintenance and Service Management 269
    “Do I Know This Already?” Quiz 269
    Foundation Topics 273
    Service Management Frameworks 273
        COBIT 273
        FitSM 274
        ISO 20000 274
        eTOM 275
    Fundamental Technologies 275
        Operating Systems 275
        Secondary Storage 277
        Utility Software 277
        Database-Management Systems 278
        Database Structure 279
        Software Licensing Issues 282
        Digital Rights Management 283
    Network Infrastructure 283
        Network Types 284
        Network Standards and Protocols 285
        The OSI Reference Model 286
        The Application Layer 287
        The Presentation Layer 287
        The Session Layer 288
        The Transport Layer 288
        The Network Layer 288
        The Data Link Layer 289
        The Physical Layer 289
        Network Services and Applications 290
        Comparing the OSI Model to the TCP/IP Model 292
        The Network Access Layer 292
        The Internet Layer 293
        The Host-to-Host/Transport Layer 295
        The Application Layer 296
        Network Services 297
        Wireless Technologies 298
        Bluetooth 298
        802.11 Wireless 299
        Smartphones, Tablets, and Hotspots 302
        Network Equipment 303
        Edge Devices 306
        DMZ 306
        Firewalls 306
        Firewall Configuration 308
        IDS/IPS 310
        Wide Area Networks 312
        Packet Switching 312
        Circuit Switching 313
    Capacity Planning and Systems Performance Monitoring 314
        Network Analyzers 316
        System Utilization and Load Balancing 317
        Third Parties and Cloud Providers 318
        Network Design 318
        Network Cabling 320
    Chapter Summary 323
    Exam Preparation Tasks 324
    Review All the Key Topics 324
    Define Key Terms 324
    Exercises 325
        7.1 Organizing Network Components 325
    Review Questions 328
    Suggested Readings and Resources 331
Chapter 8 Protection of Assets 333
    “Do I Know This Already?” Quiz 333
    Foundation Topics 336
    Access Control 336
        Identification and Authentication (I&A) 336
        Authentication by Knowledge 336
        Authentication by Ownership 338
        Authentication by Characteristic 338
        Single Sign-on 340
        Federation 343
        Remote Access 345
        RADIUS 345
        Diameter 346
        TACACS 346
        Additional Remote Access Options 346
        SSH 347
        VPNs 348
        Physical and Environmental Access Controls 349
        Fences, Gates, and Bollards 349
        Other Physical and Environmental Controls 351
        Using Guards to Restrict Access 352
        Locks 353
        Lighting 354
        CCTV 355
        Heating, Ventilation, and Air Conditioning (HVAC) 356
    Security Controls for Hardware and Software 356
        Securing Voice Communications 356
        Encryption’s Role as a Security Control 357
        Private Key Encryption 359
        Data Encryption Standard (DES) 361
        Advanced Encryption Standard (AES) 362
        Public Key Encryption 362
        RSA Encryption 363
        Elliptic Curve Cryptography (ECC) 363
        Quantum Cryptography 364
        Hashing and Digital Signatures 364
        Public Key Infrastructure (PKI) 365
        Using Cryptography to Secure Assets 367
        Internet Security Protocols 368
    Protection of Information Assets 369
        Information Life Cycle 369
        Access Restriction 370
        Laws Related to the Protection of Information 370
        Maintaining Compliance 371
        Protection of Privacy 372
        Using Data Classification to Secure Critical Resources 373
    Data Leakage and Attacks 374
        Attacks Against Encryption 374
        Threats from Unsecured Devices 375
        Threats from Improper Destruction 378
        Threats to the Infrastructure 378
    Chapter Summary 380
    Exam Preparation Tasks 381
    Review All the Key Topics 381
    Complete Tables from Memory 382
    Define Key Terms 382
    Review Questions 382
    Suggested Reading and Resources 384
Chapter 9 Asset Threats, Response, and Management 387
    “Do I Know This Already?” Quiz 387
    Foundation Topics 391
    Security Controls 391
        Technical Controls 391
        Cloud Computing 391
        Operating Systems 391
        Databases 393
        Virtualization 395
        Administrative Controls 396
    Attack Methods and Techniques 399
        Social Engineering and Nontechnical Attacks 399
        Sniffing 400
        Man-in-the-Middle Attacks and Hijacking 401
        Denial of Service 402
        Botnets 403
        Malware 404
        Wireless and Bluetooth 405
        SQL Injection 408
        Buffer Overflow 409
        XSS and XSRF 411
        Logic Bombs, Rounding Down, and Asynchronous Attacks 411
        Integer Overflow 412
        Password Attacks 412
    Prevention and Detection Tools and Techniques 414
        Audit and Log Review 414
        Security Testing Techniques 415
        Vulnerability Scanning 416
        Penetration Testing 416
    Problem and Incident Management Practices 418
        Tracking Change 418
        Fraud Risk Factors 419
        Insiders 419
        Outsiders 419
        Incident Response 420
        Emergency Incident Response Team 422
        Incident Response Process 422
        Incident Response and Results 424
        Forensic Investigation 425
        Forensics Steps 426
        Other Forensic Types 427
        Computer Crime Jurisdiction 429
    Chapter Summary 430
    Exam Preparation Tasks 430
    Review All the Key Topics 430
    Complete Tables from Memory 431
    Define Key Terms 431
    Review Questions 431
    Suggested Reading and Resources 433
Chapter 10 Final Preparation 437
    Tools for Final Preparation 437
        Pearson Test Prep Practice Test Software and Questions on the Website 437
        Accessing the Pearson Test Prep Software Online 438
        Accessing the Pearson Test Prep Software Offline 438
        Customizing Your Exams 439
        Updating Your Exams 440
        Premium Edition 440
        Memory Tables 441
        Chapter-Ending Review Tools 441
    Suggested Plan for Final Review/Study 441
    Summary 442
Glossary 445
Appendix A Answers to the “Do I Know This Already” Quizzes and Review
Questions 467

Online Elements:
Appendix B Memory Tables
Appendix C Memory Tables Answer Key
9780789758446, TOC, 10/4/2017
    

Updates

Submit Errata