CISA – Certified Information Systems Auditor Study Guide

By : Hemang Doshi

CISA – Certified Information Systems Auditor Study Guide

By: Hemang Doshi

Overview of this book

Are you looking to prepare for the CISA exam and understand the roles and responsibilities of an information systems (IS) auditor? The CISA - Certified Information Systems Auditor Study Guide is here to help you get started with CISA exam prep. This book covers all the five CISA domains in detail to help you pass the exam. You’ll start by getting up and running with the practical aspects of an information systems audit. The book then shows you how to govern and manage IT, before getting you up to speed with acquiring information systems. As you progress, you’ll gain knowledge of information systems operations and understand how to maintain business resilience, which will help you tackle various real-world business problems. Finally, you’ll be able to assist your organization in effectively protecting and controlling information systems with IT audit standards. By the end of this CISA book, you'll not only have covered the essential concepts and techniques you need to know to pass the CISA certification exam but also have the ability to apply them in the real world.

Preface

Who this book is for

What this book covers

To get the most out of this book

Get in touch

Section 1: Information System Auditing Process

Free Chapter

Audit Planning

The content of an audit charter

Audit planning

Business process applications and controls

Types of controls

Risk-based audit planning

Types of audit and assessment

Summary

Assessments

Audit Execution

Audit project management

Sampling methodology

Audit evidence collection techniques

Data analytics

Reporting and communication techniques

Control self-assessment

Summary

Assessments

Section 2: Governance and Management of IT

IT Governance

IT enterprise governance (EGIT)

IT-related frameworks

IT standards, policies, and procedures

Organizational structure

Enterprise architecture

Enterprise risk management

Maturity model

Laws, regulations, and industry standards affecting the organization

Summary

Assessments

IT Management

IT resource management

IT service provider acquisition and management

IT performance monitoring and reporting

Quality assurance and quality management in IT

Summary

Assessment answers

Section 3: Information Systems Acquisition, Development, and Implementation

Information Systems Acquisition and Development

Project management structure

Business cases and feasibility analysis

System development methodologies

Control identification and design

Summary

Assessments

Information Systems Implementation

Testing methodology

System migration

Post-implementation review

Summary

Assessments

Section 4: Information System Operations and Business Resilience

Information System Operations

Understanding common technology components

IT asset management

Job scheduling

End user computing

System performance management

Problem and incident management

Change management, configuration management, and patch management

IT service level management

Evaluating the database management process

Summary

Assessment

Business Resilience

Business impact analysis

Data backup and restoration

System resiliency

Business continuity plan

Disaster recovery plan

DRP – test methods

Recovery Time Objective (RTO) and Recovery Point Objective (RPO)

Alternate recovery site

Summary

Assessment

Section 5: Protection of Information Assets

Information Asset Security and Control

Information asset security frameworks, standards, and guidelines

Privacy principles

Physical access and environmental controls

Identity and access management

Biometrics

Summary

Assessments

Network Security and Control

Network and endpoint devices

Firewall types and implementation

VPN

Voice over Internet Protocol (VoIP)

Wireless networks

Email security

Summary

Assessments

Public Key Cryptography and Other Emerging Technologies

Public key cryptography

Summary

Security Event Management

Security awareness training and programs

Information system attack methods and techniques

Security testing tools and techniques

Security monitoring tools and techniques

Incident response management

Evidence collection and forensics

Summary

Assessments

Other Books You May Enjoy

Leave a review - let other readers know what you think

Customer Reviews

5 star

4 star

3 star

2 star

1 star

Biometrics

Biometric verification is a process through which a person can be uniquely identified and authenticated by verifying one or more of their biological features. Examples of these biometric identifiers include a palm, hand geometry, fingerprints, retina and iris patterns, voice, and DNA.

Biometrics – accuracy measure

The accuracy of a biometric system determines how well a system meets the objective. Accuracy measures determine the success factor of the biometric system. In this section, we will discuss a few biometrics accuracy measures.

False acceptance rate (FAR)

This is the rate of acceptance of a false person (that is, an unauthorized person). Biometric control will not restrict the unauthorized person.

For example, if biometrics allows access to an unauthorized person, then it is referred to as false acceptance.

False rejection rate (FRR)

This is the rate of rejection of the correct person (that is, an authorized person). Biometrics will reject even an authorized...

CISA – Certified Information Systems Auditor Study Guide

By : Hemang Doshi

CISA – Certified Information Systems Auditor Study Guide

By: Hemang Doshi

Overview of this book

Related Content you might be interested in

Current Title:

CISA – Certified Information Systems Auditor Study Guide

Certified Information Security Manager Exam Prep Guide

Certified Information Security Manager Exam Prep Guide

ISACA Certified in Risk and Information Systems Control (CRISC®) Exam Guide

Biometrics

Biometrics – accuracy measure

False acceptance rate (FAR)

False rejection rate (FRR)