Book Image

CISA – Certified Information Systems Auditor Study Guide - Second Edition

By : Hemang Doshi
5 (3)
Book Image

CISA – Certified Information Systems Auditor Study Guide - Second Edition

5 (3)
By: Hemang Doshi

Overview of this book

With the latest updates and revised study material, this second edition of the Certified Information Systems Auditor Study Guide provides an excellent starting point for your CISA certification preparation. The book strengthens your grip on the core concepts through a three-step approach. First, it presents the fundamentals with easy-to-understand theoretical explanations. Next, it provides a list of key aspects that are crucial from the CISA exam perspective, ensuring you focus on important pointers for the exam. Finally, the book makes you an expert in specific topics by engaging you with self-assessment questions designed to align with the exam format, challenging you to apply your knowledge and sharpen your understanding. Moreover, the book comes with lifetime access to supplementary resources on an online platform, including CISA flashcards, practice questions, and valuable exam tips. With unlimited access to the website, you’ll have the flexibility to practice as many times as you desire, maximizing your exam readiness. By the end of this book, you’ll have developed the proficiency to successfully obtain the CISA certification and significantly upgrade your auditing career.

Related Content you might be interested in

Current Title:

Small book image
CISA – Certified Information Systems Auditor Study Guide - Second Edition
Hemang Doshi
Jun, 2023 | 330 pages
Small book image
Certified Information Security Manager Exam Prep Guide
Hemang Doshi
Dec, 2022 | 718 pages
Small book image
Certified Information Security Manager Exam Prep Guide
Hemang Doshi
Nov, 2021 | 616 pages
Small book image
Mastering Information Security Compliance Management
Greeshma M R | Adarsh Nair
Aug, 2023 | 236 pages
Table of Contents (14 chapters)
Preface
Preface
Online Exam-Prep Tools
Who This Book Is For
What This Book Covers
How to Get the Most out of This Book
Recorded Lectures
Requirements for the Online Content
Instructions for Unlocking the Online Content
Quick Access to the Website
Conventions Used
Get in Touch
Share Your Thoughts
Download a Free PDF Copy of This Book
1
Chapter 1: Audit Planning
Chapter 1: Audit Planning
The Contents of an Audit Charter
Audit Planning
Business Process Applications and Controls
Types of Controls
Risk-Based Audit Planning
Types of Audits and Assessments
Summary
Chapter Review Questions
Free Chapter
2
Chapter 2: Audit Execution
Chapter 2: Audit Execution
Audit Project Management
Sampling Methodology
Audit Evidence Collection Techniques
Data Analytics
Reporting and Communication Techniques
Control Self-Assessment
Summary
Chapter Review Questions
3
Chapter 3: IT Governance
Chapter 3: IT Governance
Enterprise Governance of IT (EGIT)
IT-Related Frameworks
IT Standards, Policies, and Procedures
Organizational Structure
Enterprise Architecture
Enterprise Risk Management
Maturity Model
Laws, Regulations, and Industry Standards Affecting the Organization
Summary
Chapter Review Questions
4
Chapter 4: IT Management
Chapter 4: IT Management
IT Resource Management
IT Service Provider Acquisition and Management
IT Performance Monitoring and Reporting
Quality Assurance and Quality Management in IT
Summary
Chapter Review Questions
5
Chapter 5: Information Systems Acquisition and Development
Chapter 5: Information Systems Acquisition and Development
Project Management Structure
Business Case and Feasibility Analysis
System Development Methodologies
Control Identification and Design
Summary
Chapter Review Questions
6
Chapter 6: Information Systems Implementation
Chapter 6: Information Systems Implementation
Testing Methodology
System Migration
Post-Implementation Review
Summary
Chapter Review Questions
7
Chapter 7: Information Systems Operations
Chapter 7: Information Systems Operations
Understanding Common Technology Components
IT Asset Management
Job Scheduling
End User Computing
System Performance Management
Problem and Incident Management
Change Management, Configuration Management, and Patch Management
IT Service-Level Management
Evaluating the Database Management Process
Summary
Chapter Review Questions
8
Chapter 8: Business Resilience
Chapter 8: Business Resilience
Business Impact Analysis
Data Backup and Restoration
System Resiliency
Business Continuity Plan
Disaster Recovery Plan
DRP – Test Methods
Recovery Time Objective (RTO) and Recovery Point Objective (RPO)
Alternate Recovery Sites
Summary
Chapter Review Questions
9
Chapter 9: Information Asset Security and Control
Chapter 9: Information Asset Security and Control
Information Asset Security Frameworks, Standards, and Guidelines
Privacy Principles
Physical Access and Environmental Controls
Identity and Access Management
Biometrics
Summary
Chapter Review Questions
10
Chapter 10: Network Security and Control
Chapter 10: Network Security and Control
Network and Endpoint Devices
Firewall Types and Implementation
VPN
Voice over Internet Protocol (VoIP)
Wireless Networks
Email Security
Summary
Chapter Review Questions
11
Chapter 11: Public Key Cryptography and Other Emerging Technologies
Chapter 11: Public Key Cryptography and Other Emerging Technologies
Public Key Cryptography
Elements of PKI
Cloud Computing
Virtualization
Mobile Computing
Internet of Things (IoT)
Summary
Chapter Review Questions
12
Chapter 12: Security Event Management
Chapter 12: Security Event Management
Security Awareness Training and Programs
Information System Attack Methods and Techniques
Security Testing Tools and Techniques
Security Monitoring Tools and Techniques
Incident Response Management
Evidence Collection and Forensics
Summary
Chapter Review Questions
Why subscribe?
13
Other Books You May Enjoy
Other Books You May Enjoy
Share Your Thoughts
Download a Free PDF Copy of This Book

Summary

In this chapter, you explored various aspects of audit project management and learned about different sampling techniques. You also explored different audit evidence collection techniques, reporting techniques, and practical aspects of CSA.

The following are some of the important topics that were covered in this chapter:

  • The initial step in designing an audit plan is to determine the audit universe for the organization. The audit universe is the list of all the processes and systems under the scope of the audit. Once the audit universe is identified, a risk assessment is to be conducted to identify the critical processes and systems.
  • Statistical sampling is the preferred mode of sampling when the probability of error must be objectively quantified.
  • It is advisable to report the finding even if corrective action is taken by the auditee. For any action taken on the basis of audit observation, the audit report should identify the finding and describe the corrective action taken.
  • The objective of CSA is to involve functional staff to monitor high-risk processes. CSA aims to educate line management in the area of control responsibility and monitoring. The replacement of audit functions is not the objective of CSA.

In the next chapter, you will explore the enterprise governance of IT and related frameworks.

Previous Section
End of Section 8
Next Section