Atjaunināt sīkdatņu piekrišanu

CISA Exam Prep: Certified Information Systems Auditor [Mīkstie vāki]

4.33/5 (5 ratings by Goodreads)
  • Formāts: Paperback / softback, 600 pages, height x width x depth: 230x178x38 mm, weight: 940 g
  • Izdošanas datums: 17-May-2007
  • Izdevniecība: Pearson IT Certification
  • ISBN-10: 0789735733
  • ISBN-13: 9780789735737
Citas grāmatas par šo tēmu:
  • Mīkstie vāki
  • Cena: 72,05 €*
  • * Šī grāmata vairs netiek publicēta. Jums tiks paziņota lietotas grāmatas cena
  • Šī grāmata vairs netiek publicēta. Jums tiks paziņota lietotas grāmatas cena.
  • Daudzums:
  • Ielikt grozā
  • Pievienot vēlmju sarakstam
CISA Exam Prep: Certified Information Systems AuditorPalielināt
  • Formāts: Paperback / softback, 600 pages, height x width x depth: 230x178x38 mm, weight: 940 g
  • Izdošanas datums: 17-May-2007
  • Izdevniecība: Pearson IT Certification
  • ISBN-10: 0789735733
  • ISBN-13: 9780789735737
Citas grāmatas par šo tēmu:
Permanent link: https://www.kriso.lv/db/9780789735737.html
Keywords:
CISA Exam Prep

Certified Information Systems Auditor

 

Michael Gregg

 

Your Complete Certification Solution!

 

The Smart Way to Study

 

In This Book Youll Learn How To:





Approach the IS audit process from ISACAs view of IS auditing best practices

Relate and apply information security and systems audit best practices to the six CISA job practice areas Understand the IS audit process and learn how to apply best practices to secure an organizations assets Evaluate IT governance to ensure that the organization has the structure, policies, and mechanisms in place to provide sufficient IS controls Minimize risk within an IT/IS environment by using sound security techniques and practices Assess systems and infrastructure lifecycle practices to determine their effectiveness in meeting security requirements and meeting organizational objectives Gain a deeper understanding of the business continuity and disaster recovery process to help minimize risk Protect key informational assets by examining the security architecture and evaluating controls designed for the protection of confidentiality, availability, and integrity Streamline your exam preparations with our exam insights, tips, and study strategies

 

WRITTEN BY A LEADING CISA EXAM EXPERT!

Michael Gregg, founder and president of Superior Solutions, Inc., a Houston-based IT security consulting and auditing firm, has more than 20 years experience in information security and risk. He holds two associate degrees, a bachelors degree, and a masters degree. He presently maintains more than a dozen certifications and is a nine-time winner of Global Knowledges Perfect Instructor Award. Michael not only has experience in performing security audits and assessments, but also is the author of Que Publishings Certified Ethical Hacker Exam Prep, CISSP Exam Cram, and is the co-author of Inside Network Security Assessment: Guarding Your IT Infrastructure by Sams Publishing.

 











Introduction

Study and Exam Prep Tips 

Part I: IT Governance and the Audit Process

Chapter 1: The Audit Process

Chapter 2: IT Governance 

Part II: System and Infrastructure Lifecycle Management

Chapter 3: Lifecycle Management 

Chapter 4: System Infrastructure Control





Part III: IT Service Delivery and Support

Chapter 5: Information Systems Hardware and Architecture

Chapter 6: Information Systems Used for IT Delivery and Support

Part IV: Protection of Information Assets

Chapter 7: Protection of Logical Assets

Chapter 8: Physical Security

Part V: Business Continuity and Disaster Recovery

Chapter 9: Business Continuity and Disaster Recovery 

Part VI: Final Preparation

Fast Facts

Practice Exam 

Answers to Practice Exam Questions 

Glossary

Index











www.examcram.com

ISBN-13: 978-0-7897-3573-7

ISBN-10: 0-7897-3573-3 

 

 

Papildus informācija

The CISA Exam Prep provides readers with comprehensive coverage of the 2006 CISA certification exam objectives. Focused specifically on the material readers must know to score high on their CISA exams, this book features review questions at the end of each chapter, practice exams, exam alerts, important notes, and handy study tips. The book also features exclusive access to online practice questions, so readers can assess their strengths and weaknesses before they take their exams. 

Topic Information: The Sarbanes-Oxley Act of 2002 elevated systems auditing to a legal requirement for publicly traded companies and many privately held companies are following suit due to increased security risks. The exam is a test of auditing concepts to be used as guidance for systems auditors and major changes were incorporated into the 2006 exam. The CISA Exam Prep provides the most comprehensive, accurate, and current coverage of these exam objectives. The CISA is now offered twice a year, every June and December, in 200 locations worldwide. Since its inception, approximately 45,000 IS auditors, accountants, security practitioners and other leaders in IT governance and assurance from around the world have earned the CISA designation.
Introduction 1(1)
How This Book Helps You
1(1)
About the CISA Exam
2(1)
CISA Exam Objectives
2(1)
How to Prepare for the Exam
3(1)
Additional Exam-Preparation Resources
4(1)
Practice Tests
5(1)
What This Book Does
5(1)
What This Book Does Not Do
6(1)
Contacting the Author
6(1)
About the Book
6(3)
Instructional Features
7(1)
Extensive Practice Test Options
8(1)
Final Preparation
9(1)
Final Words of Wisdom
9(2)
Study and Exam Prep Tips
11(10)
Learning Styles
12(1)
Study Tips
12(2)
Study Strategies
12(2)
Pretesting Yourself
14(1)
Exam Prep Tips
14(4)
Exam Format
15(1)
Question Types
16(1)
More Exam Preparation Tips
16(2)
Final Considerations
18(3)
Part I: IT Governance and the Audit Process
The Audit Process
21(42)
Introduction
24(1)
Issues and Challenges of the IS Auditor
24(3)
Audit Planning
26(1)
Standards and Guidelines for ISACA IS Auditors
27(5)
ISACA Standards
28(3)
ISACA Code of Ethics
31(1)
Risk Analysis
32(4)
Risk Management
33(2)
Risk-Based Audits
35(1)
Auditing and the Use of Internal Controls
36(3)
Cobi T
38(1)
The Audit Process
39(11)
Audit Classification
40(1)
Audit Programs
41(1)
Audit Methodology
42(3)
Objectives of the Audit
45(1)
Compliance Versus Substantive Testing
46(1)
Sampling and Embedded Audit Modules
46(1)
Evidence
47(1)
Detection of Fraud
48(1)
Audit Closing
49(1)
Changes in the IS Audit Process
50(4)
The Control Self-Assessment Process
50(1)
Integrated Auditing
51(1)
Continuous Auditing
52(2)
Chapter Summary
54(1)
Key Terms
54(1)
Apply Your Knowledge
55(7)
Exercises
55(4)
Exam Questions
59(2)
Answers to Exam Questions
61(1)
Need to Know More?
62(1)
IT Governance
63(50)
Introduction
67(1)
Best Practices for Senior Management
67(7)
Audit's Role in Governance
69(1)
IT Steering Committee
70(1)
Measuring Performance
71(1)
Information Security Governance
72(2)
The Role of Strategy, Policies, Planning, and Procedures
74(5)
Policy Development
75(1)
Policies and Procedures
76(3)
Risk Identification and Management
79(9)
The Risk-Management Team
80(1)
Asset Identification
81(1)
Threat Identification
81(2)
Risk-Analysis Methods
83(5)
Management Practices and Controls
88(11)
Employee Management
89(4)
Sourcing
93(2)
Change Management and Quality Improvement Techniques
95(4)
Understanding Personnel Roles and Responsibilities
99(5)
Employee Roles and Duties
100(1)
Segregation of Duties
101(3)
Chapter Summary
104(1)
Key Terms
104(1)
Apply Your Knowledge
105(5)
Exercises
105(2)
Exam Questions
107(2)
Answers to Exam Questions
109(1)
Need to Know More?
110(3)
Part II: System and Infrastructure Lifecycle Management
Lifecycle Management
113(42)
Introduction
117(1)
Project Management
117(3)
Roles, Responsibility, and Structure
118(1)
Project Culture and Objectives
119(1)
Project-Management Practices
120(10)
Project Initiation
121(1)
Project Planning
121(7)
Project Control and Execution
128(1)
Closing a Project
128(2)
Business Application Development
130(12)
Systems-Development Methodology
131(11)
Alternative Application-Development Techniques
142(4)
Application-Development Approaches
144(2)
Information Systems Maintenance Practices
146(2)
Chapter Summary
148(1)
Key Terms
148(1)
Apply Your Knowledge
148(6)
Exercises
149(1)
Exam Questions
150(2)
Answers to Exam Questions
152(2)
Need to Know More?
154(1)
System Infrastructure Control
155(40)
Introduction
158(1)
Programmed and Manual Application Controls
158(10)
Business Process Controls
159(9)
Auditing Application Controls
168(8)
Understanding the Application
168(1)
Observation and Testing
169(1)
Data Integrity Controls
170(2)
Application System Testing
172(1)
Continuous Online Auditing
173(3)
Auditing Systems Development, Acquisition, and Maintenance
176(2)
Project Management
177(1)
Business Application Systems
178(9)
E-Commerce
179(1)
Electronic Data Interchange
180(1)
Email
181(1)
Business Intelligence
182(5)
Chapter Summary
187(1)
Key Terms
187(1)
Apply Your Knowledge
188(4)
Exercises
188(1)
Exam Questions
189(2)
Answers to Exam Questions
191(1)
Need to Know More?
192(3)
Part III: IT Service Delivery and Support
Information Systems Hardware and Architecture
195(44)
Introduction
198(1)
Information Systems Operation
198(11)
Monitoring Resource Usage
200(4)
Help Desk and Support
204(2)
Change-Management Process
206(3)
Information Systems Hardware
209(12)
The Central Processing Unit
210(2)
Memory
212(1)
I/O Bus Standards
213(1)
Computer Types
214(1)
Computer Configurations and Roles
215(3)
Radio Frequency Identification
218(1)
Hardware Maintenance Program
219(1)
Hardware Monitoring and Capacity Management
219(2)
Information Systems Architecture and Software
221(10)
Software Development
221(2)
Operating Systems
223(1)
Secondary Storage
224(1)
Data Communication Software
225(1)
Database-Management Systems
226(1)
Database Structure
227(3)
Software Licensing Issues
230(1)
Chapter Summary
231(1)
Key Terms
231(1)
Apply Your Knowledge
232(5)
Exercises
232(2)
Exam Questions
234(2)
Answers to Exam Questions
236(1)
Need to Know More?
237(2)
Information Systems Used for IT Delivery and Support
239(50)
Introduction
242(1)
Network Infrastructure
242(32)
Network Types
242(2)
Network Standards and Protocols
244(1)
The OSI Model
244(4)
Network Services and Applications
248(1)
Comparing the OSI Model to the TCP/IP Model
249(5)
Network Design
254(2)
Network Cabling
256(3)
Network Equipment
259(4)
Firewalls
263(4)
Wide Area Networks
267(2)
Wireless Networks
269(3)
Internet
272(2)
Network Administration and Control
274(3)
Risks to Network Infrastructure and Controls
276(1)
Chapter Summary
277(3)
Key Terms
277(3)
Apply Your Knowledge
280(5)
Exercises
280(2)
Exam Questions
282(2)
Answers to Exam Questions
284(1)
Need to Know More?
285(4)
Part IV: Protection of Information Assets
Protection of Logical Assets
289(72)
Introduction
293(1)
The Goals of Logical Security
293(10)
Information Security Protection Mechanisms
294(1)
The Role of Confidentiality, Integrity, and Availability
295(8)
Logical Access Controls
303(9)
Identification and Authentication (I&A)
303(4)
Single Sign-On
307(2)
Remote Access Security
309(2)
Auditing and Logging
311(1)
Handling Confidential Information
312(1)
Common Attack Patterns
313(6)
Passive Attacks
313(1)
Active Attacks
314(5)
Network Infrastructure
319(9)
Network and Internet Security
320(4)
Client/Server Security
324(1)
LAN Security
325(1)
Wireless LAN Security
326(2)
Voice Communications
328(1)
Phreakers
328(1)
PBX
328(1)
VoIP
329(1)
Virus Protection
329(1)
Containing Threats to Information Security
330(7)
Emergency Response
332(2)
Computer Forensics
334(1)
Auditing Information Security
335(2)
Auditing Network Infrastructure Security
337(3)
Ethical Hacking and Penetration Testing
337(2)
Network Assessments
339(1)
Tracking Change
339(1)
Encryption
340(13)
Encryption Methods
341(8)
Cryptographic Real-World Solutions
349(2)
Encryption Risks and Attacks
351(2)
Chapter Summary
353(2)
Key Terms
353(2)
Apply Your Knowledge
355(5)
Exercises
356(1)
Exam Questions
357(2)
Answers to Exam Questions
359(1)
Need to Know More?
360(1)
Physical Security
361(42)
Introduction
364(1)
Physical Security
364(17)
Physical Security Exposures
365(6)
Physical Security Controls
371(10)
Environmental Protection Practices
381(5)
Power Anomalies
381(1)
Power Protections
382(1)
Heating, Ventilation, and Air Conditioning (HVAC)
383(1)
Fire Prevention, Detection, and Suppression
384(2)
Physical Authentication
386(3)
Authentication Methods
387(2)
Policies and Procedures
389(6)
Types of Policies
389(1)
Purpose of Policies
390(1)
Defining Policies
390(1)
Deploying and Implementing Policies
391(1)
Physical Asset and Information Control
392(3)
Chapter Summary
395(2)
Key Terms
395(2)
Apply Your Knowledge
397(3)
Exercises
397(1)
Exam Questions
397(2)
Answers to Exam Questions
399(1)
Need to Know More?
400(3)
Part V: Business Continuity and Disaster Recovery
Business Continuity and Disaster Recovery
403(44)
Introduction
406(1)
Disaster Recovery
406(19)
Disasters and Disruptive Events
406(3)
BCP in the Real World
409(1)
ISACA and the BCP Process
409(16)
Recovery Alternatives
425(13)
Alternate Processing Sites
426(3)
Hardware Recovery
429(2)
Software and Data Recovery
431(1)
Backup and Restoration
432(2)
Telecommunications Recovery
434(2)
Verification of Disaster Recovery and Business Continuity Process
436(2)
Chapter Summary
438(1)
Key Terms
438(1)
Apply Your Knowledge
439(5)
Exercises
440(1)
Exam Questions
441(2)
Answers to Exam Questions
443(1)
Need to Know More?
444(3)
Part VI: Final Preparation
Fast Facts
447(28)
IS Audit Process
448(3)
IT Governance
451(3)
Systems and Infrastructure Lifecycle Management
454(6)
IT Service Delivery and Support
460(6)
Protection of Information Assets
466(4)
Business Continuity and Disaster Recovery
470(5)
Practice Exam
475(34)
Practice Exam Questions
476(33)
Answers to Practice Exam Questions
509(18)
Answers at a Glance to Practice Exam
509(1)
Answers with Explanations
510(17)
Glossary 527(38)
Index 565


As the founder and president of Superior Solutions, Inc., a Houston-based IT security consulting and auditing firm, Michael Gregg has more than 15 years of experience in information security and risk management. He holds two associate's degrees, a bachelor's degree, and a master's degree. Some of the certifications he holds include the following: CISA, CISSP, MCSE, CTT+, A+, N+, Security+, CNA, CCNA, CIW Security Analyst, CCE, CEH, CHFI, CEI, DCNP, ES Dragon IDS, ES Advanced Dragon IDS, and TICSA.

 

Michael not only has experience in performing security audits and assessments, but he also is the co-author of Inside Network Security Assessment: Guarding Your IT Infrastructure (ISBN

0672328097, Sams, 2005). Other publications he has authored include the CISSP Exam Cram 2 (ISBN 078973446X, Que, 2005) and the Certified Ethical Hacker Exam Prep 2 (ISBN 0789735318, Que, 2006). Michael is a site expert for TechTarget.com websites, including SearchSMB.com and SearchNetworking.com; he also serves on their editorial advisory board. His articles have been published on IT websites including CertMag.com, CramSession.com, and GoCertify.com. Michael has created security audit and assessment course material for various

companies and universities. Although audits and assessments are where he spends the bulk of his time, teaching and contributing to the written body of IT security knowledge is how Michael believes he can give something back to the community that has given him so much. He is a member of the American College of Forensic Examiners and of the Texas Association

for Educational Technology. When not working, Michael enjoys traveling and restoring muscle cars.