did-you-know? rent-now

Amazon no longer offers textbook rentals. We do!

did-you-know? rent-now

Amazon no longer offers textbook rentals. We do!

We're the #1 textbook rental company. Let us show you why.

9780789732729

CISA Exam Cram Certified Information Systems Auditor

by ;
  • ISBN13:

    9780789732729

  • ISBN10:

    0789732726

  • Edition: 1st
  • Format: Paperback
  • Copyright: 2005-04-20
  • Publisher: Pearson IT Certification
  • View Upgraded Edition
  • Purchase Benefits
  • Free Shipping Icon Free Shipping On Orders Over $35!
    Your order must be $35 or more to qualify for free economy shipping. Bulk sales, PO's, Marketplace items, eBooks and apparel do not qualify for this offer.
  • eCampus.com Logo Get Rewarded for Ordering Your Textbooks! Enroll Now
  • Write a Review Icon Write a Review
List Price: $39.99

Summary

Want an affordable yet innovative approach to studying for the Certified Information Systems Auditor (CISA) 2005 exam?CISA 2005 Exam Cram 2is your solution. You will have the essential material for passing the CISA 2005 exam right at your fingertips. All exam objectives are covered and you'll find practice exams, exam alerts, notes, tips and cautions to help guide you through your exam preparation. A CD also provides you with a video introduction to the exam and complete explanations of answers to the practice questions from Certified Tech Trainers (CTT). As a special bonus, you will receive $75 in discounts on CTT products and services. For your smartest, most efficient way to get certified, chooseCISA 2005 Exam Cram 2.

Author Biography

Allen Keele has 20 certifications, the CISA, CISM, CISSP, and Security+ among them.  As president and program developer for Certified Tech Trainers, he has over 14 years experience in information security and risk management. He has authored books on security and lectures at leading companies such as Deloitte and Touche, Blue Cross-Blue Shield, and Fujitsu. 

Keith Mortier holds a CISA and CISSP certification and a BS in Computer Information Systems. Within the IT industry, Keith has designed and implemented risk assessment, vulnerability testing and disaster recovery-security plans. Keith is president of LMI solutions providing security services to both commercial and government clients.

Table of Contents

Introduction xxi
Self-Assessment xxxii
Chapter 1 The Information Systems (IS) Audit Process 1(54)
Conducting IS Audits in Accordance with Generally Accepted IS Audit Standards and Guidelines
2(1)
ISACA IS Auditing Standards and Guidelines and Code of Professional Ethics
2(7)
Auditing Standards Explained
3(3)
The ISACA Code of Professional Ethics
6(3)
Ensuring That the Organization's Information Technology and Business Systems Are Adequately Controlled, Monitored, and Assessed
9(2)
ISACA's COBIT Framework
9(1)
Control Self-Assessment
10(1)
Risk-Based IS Audit Strategy and Objectives
11(2)
Aligning Controls with the Organization's Business Objectives
13(6)
Steering Committee
13(1)
Strategic Planning
14(1)
Organizational Structure
15(2)
IT Department Head
17(1)
Security Department
17(1)
Quality Assurance
17(1)
Applications
18(1)
Data Management
18(1)
Technical Support
19(1)
Operations
19(1)
Segregation of Duties
19(1)
IS Auditing Practices and Techniques
20(1)
Audit Planning and Management Techniques
21(3)
Information Systems Audits
24(6)
Attestation
24(1)
Findings and Recommendations
25(1)
SAS 70
26(1)
SAS 94
26(1)
Attribute Sampling
27(1)
Variable Sampling
28(1)
Substantive Tests
29(1)
Compliance Tests
29(1)
Audit Conclusions
30(6)
Obtaining Evidence
30(2)
Organization's Use of System Platforms, IT Infrastructure, and Applications
32(1)
Techniques to Gather Information and Preserve Evidence
33(3)
Control Objectives and Controls Related to IS (Such as Preventative and Detective)
36(5)
Reviewing the Audit
41(2)
Communicating Audit Results
43(2)
Facilitating Risk Management and Control Practices
45(2)
IS, Business, and Audit Risk (Such as Threats and Impacts)
45(2)
Risk-Analysis Methods, Principles, and Criteria
47(2)
Communication Techniques
49(1)
Personnel-Management Techniques
50(2)
Practice Questions
52(3)
Chapter 2 Management, Planning, and Organization of IS 55(52)
Strategy, Policies, Standards, and Procedures
56(2)
Strategic Planning
56(1)
IS Steering Committee
57(1)
The Components of IS Strategies, Policies, Standards, and Procedures
58(5)
Policy Development
58(2)
IT Policy
60(2)
Procedures
62(1)
Evaluating IS Management Practices to Ensure Compliance with IS Policies, Standards, and Procedures
63(3)
Evaluating the Process for Strategy Development, Deployment, and Maintenance
66(1)
Principles of IS Organizational Structure and Design
67(7)
Evaluating IS Organization and Structure
67(3)
Evaluating Use of Third-Party Services
70(4)
Examining IS Management and Practices
74(5)
IS Project-Management Strategies and Policies
74(5)
IT Governance, Risk Management, and Control Frameworks
79(1)
IS Problem- and Change-Management Strategies and Policies
80(2)
IS Quality-Management Strategies and Policies
82(4)
IS Information Security Management Strategies and Policies
86(7)
IS Business Continuity Management Strategies and Policies
93(2)
Contracting Strategies, Processes, and Contract-Management Practices
95(3)
Employee Contracts
96(1)
Confidentiality Agreement
96(1)
Trade Secret Agreements
96(1)
Discovery Agreements
97(1)
Noncompete Agreements
97(1)
Roles and Responsibilities of IS Functions (Including Segregation of Duties)
98(2)
Practices Related to the Management of Technical and Operational Infrastructure
100(4)
Problem Management/Resource Management Procedures 101 Help Desk
101(1)
Scheduling
101(1)
Service-Level Agreements
102(1)
Key Performance Indicators and Performance-Measurement Techniques
102(2)
Exam Prep Questions
104(3)
Chapter 3 Technical Infrastructure and Operational Practices and Infrastructure 107(60)
IT Organizational Structure
108(2)
Evaluating Hardware Acquisition, Installation, and Maintenance
110(11)
Risks and Controls Relating to Hardware Platforms
112(7)
Change Control and Configuration Management Principles for Hardware
119(2)
Evaluating Systems Software Development, Acquisition, Implementation, and Maintenance
121(6)
Understanding Systems Software and Utilities Functionality
121(5)
Risks and Controls Related to System Software and Utilities
126(1)
Change Control and Configuration Management Principles for System Software
126(1)
Evaluating Network Infrastructure Acquisition, Installation, and Maintenance
127(19)
Understanding Network Components Functionality
128(9)
Networking Concepts and Devices
137(9)
The TCP/IP Protocol Suite
146(8)
Firewalls
147(1)
Packet-Filtering Firewalls
148(2)
Stateful Packet-Inspection Firewalls
150(1)
Proxy Firewalls
150(4)
Routers
154(2)
Modems
155(1)
Internet, Intranet, and Extranet
156(3)
Risks and Controls Related to Network Infrastructure
157(2)
Evaluating IS Operational Practices
159(1)
Risks and Controls Related to IS Operational Practices
159(1)
Evaluating the Use of System Performance and Monitoring Processes, Tools, and Techniques
160(2)
Exam Prep Questions
162(5)
Chapter 4 Protection of Information Assets 167(50)
Understanding and Evaluating Controls Design, Implementation, and Monitoring
170(1)
Logical Access Controls
171(7)
Techniques for Identification and Authentication
175(3)
Network Infrastructure Security
178(16)
Encryption Techniques
180(7)
Digital Signature Techniques
187(2)
Network and Internet Security
189(2)
Security Software
191(2)
Voice Communications Security
193(1)
Environmental Protection Practices and Devices
194(4)
Physical Access
198(2)
Physical Security Practices
199(1)
Intrusion Methods and Techniques
200(3)
Passive and Active Attacks
200(2)
Viruses
202(1)
Security Testing and Assessment Tools
203(4)
Sources of Information on Information Security
207(1)
Security Monitoring, Detection, and Escalation Processes and Techniques
208(1)
The Processes of Design, Implementation, and Monitoring of Security
209(4)
Review Written Policies, Procedures, and Standards
211(1)
Logical Access Security Policy
211(1)
Formal Security Awareness and Training
211(1)
Data Ownership
211(1)
Security Administrators
212(1)
Access Standards
212(1)
Auditing Logical Access
212(1)
Exam Prep Questions
213(4)
Chapter 5 Disaster Recovery and Business Continuity 217(36)
Understanding and Evaluating Process Development
218(2)
Crisis Management and Business Impact Analysis Techniques
220(4)
Disaster Recovery and Business Continuity Planning and Processes
224(8)
Hot Sites
226(1)
Warm Sites
227(1)
Cold Site
227(1)
Duplicate Processing Facilities
228(1)
Reciprocal Agreements
228(4)
Backup and Storage Methods and Practices
232(4)
Backup Definitions
232(2)
Tape Storage
234(1)
Storage Area Networks and Electronic Vaulting
235(1)
Disaster Recovery and Business Continuity Testing Approaches and Methods
236(3)
Paper Test
236(1)
Walk-Through Testing
236(1)
Preparedness Test (Full Test)
236(1)
Full Operational Test
237(2)
Understanding and Evaluating Business Continuity Planning, Documentation, Processes, and Maintenance
239(5)
Evaluating the Organization's Capability to Ensure Business Continuity in the Event of a Business Disruption
239(2)
Evaluating Backup and Recovery Provisions in the Event of a Short-Term Disruption
241(1)
Evaluating the Capability to Continue Information System Processing in the Event That the Primary Information-Processing Facilities Are Not Available
242(2)
Insurance in Relation to Business Continuity and Disaster Recovery
244(1)
Property Insurance
244(1)
Liability Insurance
244(1)
Human Resource Issues (Evacuation Planning, Response Teams)
245(3)
Exam Prep Questions
248(5)
Chapter 6 Business Application System Development, Acquisition, Implementation, and Maintenance 253(30)
Evaluating Application Systems Development and Implementation
254(1)
System-Development Methodologies and Tools
255(9)
Prototyping
260(1)
RAD
260(1)
The Phases of the SDLC
261(3)
Project-Management Principles, Methods, and Practices
264(4)
Application-Maintenance Principles
268(2)
Post-Implementation Review Techniques
269(1)
Evaluating Application Systems Acquisition and Implementation
270(3)
Application-Implementation Practices
270(1)
Application System-Acquisition Processes
270(2)
Application Change Control and Emergency Change-Management Procedures
272(1)
Evaluating Application Systems
273(6)
Application Architecture
273(2)
Software Quality-Assurance Methods
275(1)
Testing Principles, Methods, and Practices
276(3)
Exam Prep Questions
279(4)
Chapter 7 Business Process Evaluation and Risk Management 283(24)
Evaluating IS Efficiency and Effectiveness of Information Systems in Supporting Business Processes
284(6)
Methods and Approaches for Designing and Improving Business Procedures
284(4)
Business Performance Indicators
288(2)
Evaluating the Design and Implementation of Programmed and Manual Controls
290(8)
Business Process Controls
291(7)
Evaluating Business Process Change Projects
298(1)
Evaluating the Implementation of Risk Management and Governance
299(3)
Exam Prep Questions
302(5)
Chapter 8 Practice Exam 1 307(18)
Chapter 9 Answer Key 1 325(18)
Chapter 10 Practice Exam 2 343(18)
Chapter 11 Answer Key 2 361(20)
Appendix A CD Contents and Installation Instructions 381(6)
Multiple Test Modes
381(2)
Wrong Answer Feedback
381(1)
Retake a Previous Exam from Your Exam History
382(1)
Configure Your Own Custom Exam
382(1)
Start Your Exam from a Predefined Set of Questions
382(1)
Custom Exam Mode
382(1)
Question Types
383(1)
Random Questions and Order of Answers
383(1)
Detailed Explanations of Correct and Incorrect Answers
383(1)
Attention to Exam Objectives
383(1)
Installing the CD
383(2)
Technical Support
385(2)
CISA Glossary 387(20)
Index 407

Supplemental Materials

What is included with this book?

The New copy of this book will include any supplemental materials advertised. Please check the title of the book to determine if it should include any access cards, study guides, lab manuals, CDs, etc.

The Used, Rental and eBook copies of this book are not guaranteed to include any supplemental materials. Typically, only the book itself is included. This is true even if the title states it includes any access cards, study guides, lab manuals, CDs, etc.

Excerpts

= 0) {slash = '\\';} else {slash = '/';}openLoc = figLoc.substring(0, figLoc.lastIndexOf(slash) + 1);while (pPage.substring(0,3) == '../') {openLoc = openLoc.substring(0, openLoc.lastIndexOf(slash, openLoc.length - 2)+ 1);pPage = pPage.substring(3, pPage.length + 1);}popUpWin =window.open('','popWin','resizable=1,scrollbars=1,location=0,toolbar=0,width=525,height=394');figDoc = popUpWin.document;zhtm= ' ' + pPage + ' ';zhtm += ' ';zhtm += ' ';zhtm += ' ';zhtm += '' + pPage.substring(pPage.lastIndexOf('/') + 1, pPage.length) + '';zhtm += ' ';figDoc.write(zhtm);figDoc.close();}// modified 3.1.99 RWE v4.1 --> Introduction IntroductionWelcome toInformation Systems Audit and Controls Association's Certified Information Systems Auditor (CISA) Exam Cram 2!Whether this is your first or your fifteenthExam Cram 2series book, you will find information here that will help ensure your success as you pursue knowledge, experience, and certification. This introduction explains ISACA certification programs in general and talks about how theExam Cram 2series can help you prepare for the CISA exam. This chapter discusses the basics of ISACA certification exams, including a description of the testing environment and a discussion of test-taking strategies. Chapters 1 through 7 are designed to remind you of everything you need to know to take--and pass--the CISA certification exam. The two sample tests at the end of the book should give you a reasonably accurate assessment of your knowledge--and, yes, we've provided the answers and their explanations to the tests. Read the book and understand the material, and you'll stand a very good chance of passing the test.Exam Cram 2books help you understand and appreciate the subjects and materials you need to pass ISACA certification exams.Exam Cram 2books are aimed strictly at test preparation and review. They do not teach you everything you need to know about a topic. Instead, we present and dissect the questions and problems we've found that you're likely to encounter on a test. We've worked to bring together as much information as possible about ISACA certification exams.Nevertheless, to completely prepare yourself for any ISACA test, we recommend that you begin by taking the Self-Assessment that is included in this book, immediately following this introduction. The Self-Assessment will help you evaluate your knowledge base against the requirements for an ISACA Certified Information Systems Auditor under both ideal and real circumstances.Based on what you learn from the Self-Assessment, you might decide to begin your studies with some classroom training, some practice with systems auditi

Rewards Program