Cisa: Certified Information Systems Auditor Study Guide - 4th Edition

Read more

"The industry-leading study guide for the CISA exam, fully updated More than 27,000 IT professionals take the Certified Information Systems Auditor exam each year. SC Magazine lists the CISA as the top certification for security professionals. Compliances, regulations, and best practices for IS auditing are updated twice a year, and this is the most up-to-date book available to prepare aspiring CISAs for the next exam. CISAs are among the five highest-paid IT security professionals; more than 27,000 takethe exam each year and the numbers are growing Standards are updated twice a year, and this book offers the most up-to-date coverage as well as the proven Sybex approach that breaks down the content, tasks, and knowledge areas of the exam to cover every detail. Covers the IS audit process, IT governance, systems and infrastructure lifecycle management, IT service delivery and support, protecting information assets, disaster recovery, and more. Anyone seeking Certified Information Systems Auditor status will be fully prepared for the exam with the detailed information and approach found in this book."--Provided by publisher.

List of contents

Introduction xix
 
Assessment Test xlii
 
Chapter 1 Secrets of a Successful Auditor 1
 
Understanding the Demand for IS Audits 2
 
Executive Misconduct 3
 
More Regulation Ahead 5
 
Basic Regulatory Objective 7
 
Governance Is Leadership 8
 
Three Types of Data Target Different Uses 9
 
Audit Results Indicate the Truth 10
 
Understanding Policies, Standards, Guidelines, and Procedures 11
 
Understanding Professional Ethics 14
 
Following the ISACA Professional Code 14
 
Preventing Ethical Conflicts 16
 
Understanding the Purpose of an Audit 17
 
Classifying General Types of Audits 18
 
Determining Differences in Audit Approach 20
 
Understanding the Auditor's Responsibility 21
 
Comparing Audits to Assessments 21
 
Differentiating between Auditor and Auditee Roles 22
 
Applying an Independence Test 23
 
Implementing Audit Standards 24
 
Where Do Audit Standards Come From? 25
 
Understanding the Various Auditing Standards 27
 
Specific Regulations Defining Best Practices 31
 
Audits to Prove Financial Integrity 34
 
Auditor Is an Executive Position 35
 
Understanding the Importance of Auditor Confidentiality 35
 
Working with Lawyers 36
 
Working with Executives 37
 
Working with IT Professionals 37
 
Retaining Audit Documentation 38
 
Providing Good Communication and Integration 39
 
Understanding Leadership Duties 39
 
Planning and Setting Priorities 40
 
Providing Standard Terms of Reference 41
 
Dealing with Conflicts and Failures 42
 
Identifying the Value of Internal and External Auditors 43
 
Understanding the Evidence Rule 43
 
Stakeholders: Identifying Whom You Need to Interview 44
 
Understanding the Corporate Organizational Structure 45
 
Identifying Roles in a Corporate Organizational Structure 45
 
Identifying Roles in a Consulting Firm Organizational Structure 47
 
Summary 49
 
Exam Essentials 49
 
Review Questions 52
 
Chapter 2 Governance 57
 
Strategy Planning for Organizational Control 61
 
Overview of the IT Steering Committee 64
 
Using the Balanced Scorecard 69
 
IT Subset of the BSC 74
 
Decoding the IT Strategy 74
 
Specifying a Policy 77
 
Project Management 79
 
Implementation Planning of the IT Strategy 90
 
Using COBIT 94
 
Identifying Sourcing Locations 94
 
Conducting an Executive Performance Review 99
 
Understanding the Auditor's Interest in the Strategy 100
 
Overview of Tactical Management 100
 
Planning and Performance 100
 
Management Control Methods 101
 
Risk Management 105
 
Implementing Standards 108
 
Human Resources 109
 
System Life?]Cycle Management 111
 
Continuity Planning 111
 
Insurance 112
 
Overview of Business Process Reengineering 112
 
Why Use Business Process Reengineering 113
 
BPR Methodology 114
 
Genius or Insanity? 114
 
Goal of BPR 114
 
Guiding Principles for BPR 115
 
Knowledge Requirements for BPR 116
 
BPR Techniques 116
 
BPR Application Steps 117
 
Role of IS in BPR 119
 
Business Process Documentation 119
 
BPR Data Management Techniques 120
 
Benchmarking as a BPR Tool 120
 
Using a Business Impact Analysis 121
 
BPR Project Risk Assessment 123
 
Practical Applicatio

About the author

David L. Cannon CISA, CCSP, is President and Founder of CertTest Training Center, a leading CISA training provider. With more than 20 years of experience in IT training and consulting for IT operations, security, system administration, and management, David teaches CISA preparation courses across the country. He is a frequent speaker and lecturer at the leading security and auditing conferences.
Brian T. O'Hara CISA, CISM, CRISC, CISSP is the Information Security Officer (ISO) for Do it Best Corp. and is an ISSA Fellow. He is the President of the Indiana InfraGard Members Alliance, a partnership between the FBI and the private sector and President of the Central Indiana Chapter of ISACA.
Featuring test questions by...Allen Keele CISA, CISM, CISSP, ISO 31000 CICRA, ISO 27001 CICA, ISO 27001 Lead Auditor, ISO 22301 Certified Business Continuity Manager, and Certified Fraud Examiner is the founder of Certified Information Security www.certifiedinfosec.com.

Summary

The ultimate CISA prep guide, with practice exams Sybex's CISA: Certified Information Systems Auditor Study Guide, Fourth Edition is the newest edition of industry-leading study guide for the Certified Information System Auditor exam, fully updated to align with the latest ISACA standards and changes in IS auditing.