Publisher Description

The ultimate CISA prep guide, with practice exams Sybex's CISA: Certified Information Systems Auditor Study Guide, Fourth Edition is the newest edition of industry-leading study guide for the Certified Information System Auditor exam, fully updated to align with the latest ISACA standards and changes in IS auditing. This new edition provides complete guidance toward all content areas, tasks, and knowledge areas of the exam and is illustrated with real-world examples. All CISA terminology has been revised to reflect the most recent interpretations, including 73 definition and nomenclature changes. Each chapter summary highlights the most important topics on which you'll be tested, and review questions help you gauge your understanding of the material. You also get access to electronic flashcards, practice exams, and the Sybex test engine for comprehensively thorough preparation. For those who audit, control, monitor, and assess enterprise IT and business systems, the CISA certification signals knowledge, skills, experience, and credibility that delivers value to a business. This study guide gives you the advantage of detailed explanations from a real-world perspective, so you can go into the exam fully prepared.

• Discover how much you already know by beginning with an assessment test
• Understand all content, knowledge, and tasks covered by the CISA exam
• Get more in-depths explanation and demonstrations with an all-new training video
• Test your knowledge with the electronic test engine, flashcards, review questions, and more

Back Cover

Covers 100% of CISA's most current objectives including, IT Governance, The IS Audit Process, System Implementation and Operations, Protecting Information Assets and much more... Includes interactive online learning environment with: Hundreds of sample questions Electronic flashcards Searchable key term glossary Interactive test engine Your A to Z Study Guide for the CISA Exam Those who hold the CISA certification are among the highest paid in the security field. This complete Sybex Study Guide covers 100% of the CISA exam objectives, and is fully updated to comply with the most recent release of the IT Audit Framework (ITAF). Each chapter includes a summary, Exam Essentials, and review questions with answers. This revised edition also features bonus content including ISO standards and a completely updated glossary of terms and definitions, since many have changed. Together with the exclusive Sybex online learning environment and training video, it provides everything you need for success. Coverage of 100% of all exam objectives in this Study Guide means you'll be ready to: Understand policies, standards, guidelines, and procedures Plan strategy and use business process reengineering Perform an audit risk assessment Work with the Open Systems Interconnect Model Manage the system development life cycle Handle system implementation and operations Recognize types of threats Support business continuity and disaster recovery Interactive learning environment Take your exam prep to the next level with Sybex's superior interactive online study tools. To access our learning environment, , type in your unique PIN, and instantly gain access to: Interactive test bank with 2 bonus practice exams. Practice exams help you identify areas where further review is needed. 400 total questions include 240 questions from Certified Information Security (tm) and #1 best-selling ISACA exam prep author Allen Keele's Online CISA Certification Exam Training. More than 300 Electronic Flashcards to reinforce learning and last minute prep before the exam. Comprehensive glossary in PDF format gives you instant access to the key terms so you are fully prepared. A special offer on Allen Keele's CISA SuperReview online training which since 2006 has earned a world-wide reputation for providing everything you need to know for ISACA's CISA certification exam, and delivering the passing score you strive for. This course is NOT adapted from Sybex's CISA Study Guide Fourth Edition but is an excellent extension to your studies if you want to be absolutely sure to pass your CISA exam on the very first attempt. (Offer subject to change or expiration.)

Flap

Covers 100% of CISA's most current objectives including, IT Governance, The IS Audit Process, System Implementation and Operations, Protecting Information Assets and much more... Includes interactive online learning environment with: Hundreds of sample questions Electronic flashcards Searchable key term glossary Interactive test engine Your A to Z Study Guide for the CISA Exam Those who hold the CISA certification are among the highest paid in the security field. This complete Sybex Study Guide covers 100% of the CISA exam objectives, and is fully updated to comply with the most recent release of the IT Audit Framework (ITAF). Each chapter includes a summary, Exam Essentials, and review questions with answers. This revised edition also features bonus content including ISO standards and a completely updated glossary of terms and definitions, since many have changed. Together with the exclusive Sybex online learning environment and training video, it provides everything you need for success. Coverage of 100% of all exam objectives in this Study Guide means you'll be ready to: Understand policies, standards, guidelines, and procedures Plan strategy and use business process reengineering Perform an audit risk assessment Work with the Open Systems Interconnect Model Manage the system development life cycle Handle system implementation and operations Recognize types of threats Support business continuity and disaster recovery Interactive learning environment Take your exam prep to the next level with Sybex's superior interactive online study tools. To access our learning environment, , type in your unique PIN, and instantly gain access to: Interactive test bank with 2 bonus practice exams. Practice exams help you identify areas where further review is needed. 400 total questions include 240 questions from Certified Information Security (tm) and #1 best-selling ISACA exam prep author Allen Keele's Online CISA Certification Exam Training. More than 300 Electronic Flashcards to reinforce learning and last minute prep before the exam. Comprehensive glossary in PDF format gives you instant access to the key terms so you are fully prepared. A special offer on Allen Keele's CISA SuperReview online training which since 2006 has earned a world-wide reputation for providing everything you need to know for ISACA's CISA certification exam, and delivering the passing score you strive for. This course is NOT adapted from Sybex's CISA Study Guide Fourth Edition but is an excellent extension to your studies if you want to be absolutely sure to pass your CISA exam on the very first attempt. (Offer subject to change or expiration.)

Author Biography

David L. Cannon CISA, CCSP, is President and Founder of CertTest Training Center, a leading CISA training provider. With more than 20 years of experience in IT training and consulting for IT operations, security, system administration, and management, David teaches CISA preparation courses across the country. He is a frequent speaker and lecturer at the leading security and auditing conferences. Brian T. O'Hara CISA, CISM, CRISC, CISSP is the Information Security Officer (ISO) for Do it Best Corp. and is an ISSA Fellow. He is the President of the Indiana InfraGard Members Alliance, a partnership between the FBI and the private sector and President of the Central Indiana Chapter of ISACA. Featuring test questions by... Allen Keele CISA, CISM, CISSP, ISO 31000 CICRA, ISO 27001 CICA, ISO 27001 Lead Auditor, ISO 22301 Certified Business Continuity Manager, and Certified Fraud Examiner is the founder of Certified Information Security

Table of Contents

Introduction xix Assessment Test xlii Chapter 1 Secrets of a Successful Auditor 1 Understanding the Demand for IS Audits 2 Executive Misconduct 3 More Regulation Ahead 5 Basic Regulatory Objective 7 Governance is Leadership 8 Three Types of Data Target Different Uses 9 Audit Results Indicate the Truth 10 Understanding Policies, Standards, Guidelines, and Procedures 11 Understanding Professional Ethics 14 Following the ISACA Professional Code 14 Preventing Ethical Conflicts 16 Understanding the Purpose of an Audit 17 Classifying General Types of Audits 18 Determining Differences in Audit Approach 20 Understanding the Auditor's Responsibility 21 Comparing Audits to Assessments 21 Differentiating between Auditor and Auditee Roles 22 Applying an Independence Test 23 Implementing Audit Standards 24 Where Do Audit Standards Come From? 25 Understanding the Various Auditing Standards 27 Specific Regulations Defining Best Practices 31 Audits to Prove Financial Integrity 34 Auditor is an Executive Position 35 Understanding the Importance of Auditor Confidentiality 35 Working with Lawyers 36 Working with Executives 37 Working with IT Professionals 37 Retaining Audit Documentation 38 Providing Good Communication and Integration 39 Understanding Leadership Duties 39 Planning and Setting Priorities 40 Providing Standard Terms of Reference 41 Dealing with Conflicts and Failures 42 Identifying the Value of Internal and External Auditors 43 Understanding the Evidence Rule 43 Stakeholders: Identifying Whom You Need to Interview 44 Understanding the Corporate Organizational Structure 45 Identifying Roles in a Corporate Organizational Structure 45 Identifying Roles in a Consulting Firm Organizational Structure 47 Summary 49 Exam Essentials 49 Review Questions 52 Chapter 2 Governance 57 Strategy Planning for Organizational Control 61 Overview of the IT Steering Committee 64 Using the Balanced Scorecard 69 IT Subset of the BSC 74 Decoding the IT Strategy 74 Specifying a Policy 77 Project Management 79 Implementation Planning of the IT Strategy 90 Using COBIT 94 Identifying Sourcing Locations 94 Conducting an Executive Performance Review 99 Understanding the Auditor's Interest in the Strategy 100 Overview of Tactical Management 100 Planning and Performance 100 Management Control Methods 101 Risk Management 105 Implementing Standards 108 Human Resources 109 System LifeCycle Management 111 Continuity Planning 111 Insurance 112 Overview of Business Process Reengineering 112 Why Use Business Process Reengineering 113 BPR Methodology 114 Genius or Insanity? 114 Goal of BPR 114 Guiding Principles for BPR 115 Knowledge Requirements for BPR 116 BPR Techniques 116 BPR Application Steps 117 Role of IS in BPR 119 Business Process Documentation 119 BPR Data Management Techniques 120 Benchmarking as a BPR Tool 120 Using a Business Impact Analysis 121 BPR Project Risk Assessment 123 Practical Application of BPR 125 Practical Selection Methods for BPR 127 Troubleshooting BPR Problems 128 Understanding the Auditor's Interest in Tactical Management 129 Operations Management 129 Sustaining Operations 130 Tracking Actual Performance 130 Controlling Change 131 Understanding the Auditor's Interest in Operational Delivery 131 Summary 132 Exam Essentials 132 Review Questions 134 Chapter 3 Audit Process 139 Understanding the Audit Program 140 Audit Program Objectives and Scope 141 Audit Program Extent 143 Audit Program Responsibilities 144 Audit Program Resources 144 Audit Program Procedures 145 Audit Program Implementation 146 Audit Program Records 146 Audit Program Monitoring and Review 147 Planning Individual Audits 148 Establishing and Approving an Audit Charter 151 Role of the Audit Committee 151 Preplanning Specific Audits 153 Understanding the Variety of Audits 154 Identifying Restrictions on Scope 156 Gathering Detailed Audit Requirements 158 Using a Systematic Approach to Planning 159 Comparing Traditional Audits to Assessments and SelfAssessments 161 Performing an Audit Risk Assessment 162 Determining Whether an Audit is Possible 163 Identifying the Risk Management Strategy 165 Determining Feasibility of Audit 167 Performing the Audit 167 Selecting the Audit Team 167 Determining Competence and Evaluating Auditors 168 Ensuring Audit Quality Control 170 Establishing Contact with the Auditee 171 Making Initial Contact with the Auditee 172 Using Data Collection Techniques 174 Conducting Document Review 176 Understanding the Hierarchy of Internal Controls 177 Reviewing Existing Controls 179 Preparing the Audit Plan 182 Assigning Work to the Audit Team 183 Preparing Working Documents 184 Conducting Onsite Audit Activities 185 Gathering Audit Evidence 186 Using Evidence to Prove a Point 186 Understanding Types of Evidence 187 Selecting Audit Samples 187 Recognizing Typical Evidence for IS Audits 188 Using ComputerAssisted Audit Tools 189 Understanding Electronic Discovery 191 Grading of Evidence 193 Timing of Evidence 195 Following the Evidence Life Cycle 195 Conducting Audit Evidence Testing 198 Compliance Testing 198 Substantive Testing 199 Tolerable Error Rate 200 Recording Test Results 200 Generating Audit Findings 201 Detecting Irregularities and Illegal Acts 201 Indicators of Illegal or Irregular Activity 202 Responding to Irregular or Illegal Activity 202 Findings Outside of Audit Scope 203 Report Findings 203 Approving and Distributing the Audit Report 205 Identifying Omitted Procedures 205 Conducting Followup (Closing Meeting) 205 Summary 206 Exam Essentials 207 Review Questions 210 Chapter 4 Networking Technology Basics 215 Understanding the Differences in Computer Architecture 217 Selecting the Best System 221 Identifying Various Operating Systems 221 Determining the Best Computer Class 224 Comparing Computer Capabilities 227 Ensuring System Control 228 Dealing with Data Storage 230 Using Interfaces and Ports 235 Introducing the Open Systems Interconnection Model 237 Layer 1: Physical Layer 240 Layer 2: DataLink Layer 240 Layer 3: Network Layer 242 Layer 4: Transport Layer 248 Layer 5: Session Layer 249 Layer 6: Presentation Layer 250 Layer 7: Application Layer 250 Understanding How Computers Communicate 251 Understanding Physical Network Design 252 Understanding Network Cable Topologies 253 Bus Topologies 254 Star Topologies 254 Ring Topologies 255 Meshed Networks 256 Differentiating Network Cable Types 258 Coaxial Cable 258 Unshielded TwistedPair (UTP) Cable 259 FiberOptic Cable 260 Connecting Network Devices 260 Using Network Services 263 Domain Name System 263 Dynamic Host Configuration Protocol 265 Expanding the Network 266 Using Telephone Circuits 268 Network Firewalls 271 Remote VPN Access 276 Using Wireless Access Solutions 280 Firewall Protection for Wireless Networks 284 Remote DialUp Access 284 WLAN Transmission Security 284 Achieving 802.11i RSN Wireless Security 287 Intrusion Detection Systems 288 Summarizing the Various Area Networks 291 Using Software as a Service (SaaS) 292 Advantages 292 Disadvantages 293 Cloud Computing 294 The Basics of Managing the Network 295 Automated LAN Cable Tester 295 Protocol Analyzers 295 Remote Monitoring Protocol Version 2 297 Summary 298 Exam Essentials 298 Review Questions 301 Chapter 5 Information Systems Life Cycle 307 Governance in Software Development 308 Management of Software Quality 310 Capability Maturity Model 310 International Organization for Standardization 312 Typical Commercial Records Classification Method 316 Overview of the Executive Steering Committee 317 Identifying Critical Success Factors 318 Using the Scenario Approach 318 Aligning Software to Business Needs 319 Change Management 323 Management of the Software Project 323 Choosing an Approach 323 Using Traditional Project Management 324 Overview of the System Development Life Cycle 327 Phase 1: Feasibility Study 331 Phase 2: Requirements Definition 334 Phase 3: System Design 339 Phase 4: Development 343 Phase 5: Implementation 354 Phase 6: Postimplementation 361 Phase 7: Disposal 363 Overview of Data Architecture 364 Databases 364 Database Transaction Integrity 368 Decision Support Systems 369 Presenting Decision Support Data 370 Using Artificial Intelligence 370 Program Architecture 371 Centralization vs. Decentralization 372 Electronic Commerce 372 Summary 374 Exam Essentials 374 Review Questions 376 Chapter 6 System Implementation and Operations 381 Understanding the Nature of IT Services 383 Performing IT Operations Management 385 Meeting IT Functional Objectives 385 Using the IT Infrastructure Library 387 Supporting IT Goals 389 Understanding Personnel Roles and Responsibilities 389 Using Metrics 394 Evaluating the Help Desk 396 Performing ServiceLevel Management 397 Outsourcing IT Functions 398 Performing Capacity Management 399 Using Administrative Protection 400 Information Security Management 401 IT Security Governance 401 Authority Roles over Data 402 Data Retention Requirements 403 Document Physical Access Paths 404 Personnel Management 405 Physical Asset Management 406 Compensating Controls 408 Performing Problem Management 409 Incident Handling 410 Digital Forensics 412 Monitoring the Status of Controls 414 System Monitoring 415 Document Logical Access Paths 416 System Access Controls 417 Data File Controls 420 Application Processing Controls 421 Log Management 423 Antivirus Software 424 Active Content and Mobile Software Code 424 Maintenance Controls 427 Implementing Physical Protection 430 Data Processing Locations 432 Environmental Controls 432 Safe Media Storage 440 Summary 442 Exam Essentials 442 Review Questions 444 Chapter 7 Protecting Information Assets 449 Understanding the Threat 450 Recognizing Types of Threats and Computer Crimes 452 Identifying the Perpetrators 454 Understanding Attack Methods 458 Implementing Administrative Protection 469 Using Technical Protection 472 Technical Control Classification 472 Application Software Controls 474 Authentication Methods 475 Network Access Protection 488 Encryption Methods 489 PublicKey Infrastructure 496 Network Security Protocols 502 Telephone Security 507 Technical Security Testing 507 Summary 509 Exam Essentials 509 Review Questions 511 Chapter 8 Business Continuity and Disaster Recovery 517 Debunking the Myths 518 Myth 1: Facility Matters 519 Myth 2: IT Systems Matter 519 From Myth to Reality 519 Understanding the Five Conflicting Disciplines Called Business Continuity 520 Defining Disaster Recovery 521 Surviving Financial Challenges 522 Valuing Brand Names 522 Rebuilding after a Disaster 523 Defining the Purpose of Business Continuity 524 Uniting Other Plans with Business Continuity 527 Identifying Business Continuity Practices 527 Identifying the Management Approach 529 Following a Program Management Approach 531 Understanding the Five Phases of a Business Continuity Program 532 Phase 1: Setting Up the BC Program 532 Phase 2: The Discovery Process 535 Phase 4: Plan Implementation 560 Phase 5: Maintenance and Integration 562 Understanding the Auditor Interests in BC/DR Plans 563 Summary 564 Exam Essentials 564 Review Questions 566 Appendix Answers to Review Questions 571 Index 591

Long Description

Covers 100% of CISAs most current objectives including, IT Governance, The IS Audit Process, System Implementation and Operations, Protecting Information Assets and much more... Includes interactive online learning environment with: + Hundreds of sample questions + Electronic flashcards + Searchable key term glossary + Instructional video + Interactive test engine Your A to Z Study Guide for the CISA Exam Those who hold the CISA certification are among the highest paid in the security field. This complete Sybex Study Guide covers 100% of the CISA exam objectives, and is fully updated to comply with the most recent release of the IT Audit Framework (ITAF). Each chapter includes a summary, Exam Essentials, and review questions with answers. This revised edition also features bonus content including ISO standards and a completely updated glossary of terms and definitions, since many have changed. Together with the exclusive Sybex online learning environment and training video, it provides everything you need for success. Coverage of 100% of all exam objectives in this Study Guide means youll be ready to: Understand policies, standards, guidelines, and procedures Plan strategy and use business process reengineering Perform an audit risk assessment Work with the Open Systems Interconnect Model Manage the system development life cycle Handle system implementation and operations Recognize types of threats Support business continuity and disaster recovery Interactive learning environment Take your exam prep to the next level with Sybexs superior interactive online study tools. To access our learning environment, , type in your unique PIN, and instantly gain access to: Interactive test bank with 2 bonus practice exams. Practice exams help you identify areas where further review is needed. 400 total questions include 240 questions from Certified Information Security (tm) and #1 best-selling ISACA exam prep author Allen Keeles Online CISA Certification Exam Training. More than 300 Electronic Flashcards to reinforce learning and last minute prep before the exam. Comprehensive glossary in PDF format gives you instant access to the key terms so you are fully prepared. A special offer on Allen Keeles CISA SuperReview online training which since 2006 has earned a world-wide reputation for providing everything you need to know for ISACAs CISA certification exam, and delivering the passing score you strive for. This course is NOT adapted from Sybexs CISA Study Guide Fourth Edition but is an excellent extension to your studies if you want to be absolutely sure to pass your CISA exam on the very first attempt. (Offer subject to change or expiration.)

Details