Book Image

CISA – Certified Information Systems Auditor Study Guide

By : Hemang Doshi
Book Image

CISA – Certified Information Systems Auditor Study Guide

By: Hemang Doshi

Overview of this book

Are you looking to prepare for the CISA exam and understand the roles and responsibilities of an information systems (IS) auditor? The CISA - Certified Information Systems Auditor Study Guide is here to help you get started with CISA exam prep. This book covers all the five CISA domains in detail to help you pass the exam. You’ll start by getting up and running with the practical aspects of an information systems audit. The book then shows you how to govern and manage IT, before getting you up to speed with acquiring information systems. As you progress, you’ll gain knowledge of information systems operations and understand how to maintain business resilience, which will help you tackle various real-world business problems. Finally, you’ll be able to assist your organization in effectively protecting and controlling information systems with IT audit standards. By the end of this CISA book, you'll not only have covered the essential concepts and techniques you need to know to pass the CISA certification exam but also have the ability to apply them in the real world.

Related Content you might be interested in

Current Title:

Small book image
CISA – Certified Information Systems Auditor Study Guide
Hemang Doshi
Aug, 2020 | 590 pages
Small book image
Certified Information Security Manager Exam Prep Guide
Hemang Doshi
Dec, 2022 | 718 pages
Small book image
Certified Information Security Manager Exam Prep Guide
Hemang Doshi
Nov, 2021 | 616 pages
Small book image
ISACA Certified in Risk and Information Systems Control (CRISC®) Exam Guide
Shobhit Mehta
Sep, 2023 | 316 pages
Table of Contents (19 chapters)
Preface
Preface
Who this book is for
What this book covers
To get the most out of this book
Get in touch
1
Section 1: Information System Auditing Process
Section 1: Information System Auditing Process
Free Chapter
2
Audit Planning
Audit Planning
The content of an audit charter
Audit planning
Business process applications and controls
Types of controls
Risk-based audit planning
Types of audit and assessment
Summary
Assessments
3
Audit Execution
Audit Execution
Audit project management
Sampling methodology
Audit evidence collection techniques
Data analytics
Reporting and communication techniques
Control self-assessment
Summary
Assessments
4
Section 2: Governance and Management of IT
Section 2: Governance and Management of IT
5
IT Governance
IT Governance
IT enterprise governance (EGIT)
IT-related frameworks
IT standards, policies, and procedures
Organizational structure
Enterprise architecture
Enterprise risk management
Maturity model
Laws, regulations, and industry standards affecting the organization
Summary
Assessments
6
IT Management
IT Management
IT resource management
IT service provider acquisition and management
IT performance monitoring and reporting
Quality assurance and quality management in IT
Summary
Assessment answers
7
Section 3: Information Systems Acquisition, Development, and Implementation
Section 3: Information Systems Acquisition, Development, and Implementation
8
Information Systems Acquisition and Development
Information Systems Acquisition and Development
Project management structure
Business cases and feasibility analysis
System development methodologies
Control identification and design
Summary
Assessments
9
Information Systems Implementation
Information Systems Implementation
Testing methodology
System migration
Post-implementation review
Summary
Assessments
10
Section 4: Information System Operations and Business Resilience
Section 4: Information System Operations and Business Resilience
11
Information System Operations
Information System Operations
Understanding common technology components
IT asset management
Job scheduling
End user computing
System performance management
Problem and incident management
Change management, configuration management, and patch management
IT service level management
Evaluating the database management process
Summary
Assessment
12
Business Resilience
Business Resilience
Business impact analysis
Data backup and restoration
System resiliency
Business continuity plan
Disaster recovery plan
DRP – test methods
Recovery Time Objective (RTO) and Recovery Point Objective (RPO)
Alternate recovery site
Summary
Assessment
13
Section 5: Protection of Information Assets
Section 5: Protection of Information Assets
14
Information Asset Security and Control
Information Asset Security and Control
Information asset security frameworks, standards, and guidelines
Privacy principles
Physical access and environmental controls
Identity and access management
Biometrics
Summary
Assessments
15
Network Security and Control
Network Security and Control
Network and endpoint devices
Firewall types and implementation
VPN
Voice over Internet Protocol (VoIP)
Wireless networks
Email security
Summary
Assessments
16
Public Key Cryptography and Other Emerging Technologies
Public Key Cryptography and Other Emerging Technologies
Public key cryptography
Elements of PKI
Cloud computing
Virtualization
Mobile computing
Summary
Assessments
17
Security Event Management
Security Event Management
Security awareness training and programs
Information system attack methods and techniques
Security testing tools and techniques
Security monitoring tools and techniques
Incident response management
Evidence collection and forensics
Summary
Assessments
18
Other Books You May Enjoy
Other Books You May Enjoy
Leave a review - let other readers know what you think

Recovery Time Objective (RTO) and Recovery Point Objective (RPO)

The RTO and RPO are two very important aspects to understand from the perspective of the exam as they are very important concepts in the designing of a disaster recovery strategy.

RTO

The RTO is a measure of the user's tolerance to system downtime. In other words, the RTO is the extent of acceptable system downtime. For example, an RTO of 2 hours indicates that an organization will not be overly impacted if its system is down for up to 2 hours.

RPO

The RPO is a measure of the user's tolerance to data loss. In other words, the RPO is the extent of acceptable data loss. For example, an RPO of 2 hours indicates that an organization will not be overly impacted if it loses data for up to 2 hours.

Let's understand each of them by way of the following diagram:

Let's understand the preceding diagram with the aid of some practical examples:

Example 1: An organization can accept data loss for up to 4 hours. However...

Previous Section
End of Section 8
Next Section