Prepare for success on the 2024 CISA exam and further your career in security and audit with this effective study guide
The CISA Certified Information Systems Auditor Study Guide: Covers 2024-2029 Exam Objectives provides comprehensive and accessible test preparation material for the updated CISA exam, which now consists of 150 questions testing knowledge and ability on real-life job practices leveraged by expert professionals.
You’ll efficiently and effectively prepare for the exam with online practice tests and flashcards as well as a digital glossary. The concise and easy-to-follow instruction contained in the 2024-2029 CISA Study Guide covers every aspect of the exam. This study guide helps readers prepare for questions across the five domains on the test: Information System Auditing Process; Governance and Management of IT; Information Systems Acquisition, Development, and Implementation; Information Systems Operation and Business Resilience; and Protection of Information Assets.
This study guide shows readers how to:
- Understand principles, best practices, and pitfalls of cybersecurity, which is now prevalent in virtually every information systems role
- Protect and control information systems and offer conclusions on the state of an organization’s IS/IT security, risk, and control solutions
- Identify critical issues and recommend enterprise-specific practices to support and safeguard the governance of information and related technologies
- Prove not only competency in IT controls, but also an understanding of how IT relates to business
- Includes 1 year free access to the Sybex online learning center, with chapter review questions, full-length practice exams, hundreds of electronic flashcards, and a glossary of key terms, all supported by Wiley’s support agents who are available 24×7 via email or live chat to assist with access and login questions
The CISA Certified Systems Auditor Study Guide: Covers 2024-2029 Exam Objectives is an essential learning resource for all students and professionals preparing for the 2024 version of the CISA exam from ISACA.
Spis treści
Introduction xxiii
Assessment Test xxxv
Chapter 1 IT Governance and Management 1
IT Governance Practices for Executives and Boards of Directors 3
IT Strategic Planning 10
Policies, Processes, Procedures, and Standards 12
Risk Management 23
IT Management Practices 39
Organization Structure and Responsibilities 62
Maintaining an Existing Program 72
Auditing IT Governance 75
Summary 80
Exam Essentials 81
Review Questions 83
Chapter 2 The Audit Process 87
Audit Management 89
ISACA Auditing Standards 99
Risk Analysis 108
Controls 115
Performing an Audit 121
Control Self-Assessment 144
Implementation of Audit Recommendations 147
Audit Quality Assurance 148
Summary 148
Exam Essentials 150
Review Questions 152
Chapter 3 IT Life Cycle Management 157
Benefits Realization 159
Project Management 165
Systems Development Methodologies 191
Infrastructure Development and Deployment 230
Maintaining Information Systems 234
Business Processes 237
Managing Third Parties 244
Application Controls 247
Auditing the Systems Development Life Cycle 253
Auditing Business Controls 258
Auditing Application Controls 258
Auditing Third-Party Risk Management 261
Summary 262
Exam Essentials 264
Review Questions 266
Chapter 4 IT Service Management 271
Information Systems Operations 273
Systems Performance Management 274
Problem and Incident Management 277
Change, Configuration, Release, and Patch Management 279
Operational Log Management 286
IT Service Level Management 288
Database Management Systems 290
Data Management and Governance 294
Other IT Service Management Topics 295
Auditing IT Service Management and Operations 297
Summary 301
Exam Essentials 302
Review Questions 304
Chapter 5 IT Infrastructure 309
Information Systems Hardware 310
Information Systems Architecture and Software 324
Network Infrastructure 330
Asset Inventory and Classification 386
Job Scheduling and Production Process Automation 390
System Interfaces 391
End-User Computing 392
Auditing IT Infrastructure 393
Summary 398
Exam Essentials 399
Review Questions 401
Chapter 6 Business Continuity and Disaster Recovery 405
Business Resilience 406
Incident Response Communications 473
Auditing Business Continuity Planning 475
Auditing Disaster Recovery Planning 479
Summary 484
Exam Essentials 485
Review Questions 487
Chapter 7 Information Security Management 491
Information Security 493
Role of the Information Security Manager 494
Information Security Risks 497
Building an Information Security Strategy 501
Implementing Security Controls 505
Endpoint Security 507
Network Security Controls 511
Cloud Computing Security 519
Cryptography 528
Exploring Cybersecurity Threats 539
Privacy 545
Security Awareness and Training 548
Security Incident Response 550
Auditing Information Security Controls 554
Summary 559
Exam Essentials 560
Review Questions 563
Chapter 8 Identity and Access Management 567
Logical Access Controls 568
Third-party Access Management 587
Environmental Controls 592
Physical Security Controls 599
Human Resources Security 602
Auditing Access Controls 606
Summary 616
Exam Essentials 617
Review Questions 619
Chapter 9 Conducting a Professional Audit 623
Understanding the Audit Cycle 624
How the IS Audit Cycle Is Discussed 625
Overview of the IS Audit Cycle 627
Summary 699
Appendix A Popular Methodologies, Frameworks, and Guidance 701
Common Terms and Concepts 702
Frameworks, Methodologies, and Guidance 710
Notes 738
References 738
Appendix B Answers to Review Questions 741
Chapter 1: IT Governance and Management 742
Chapter 2: The Audit Process 744
Chapter 3: IT Life Cycle Management 746
Chapter 4: IT Service Management 748
Chapter 5: IT Infrastructure 749
Chapter 6: Business Continuity and Disaster Recovery 750
Chapter 7: Information Security Management 752
Chapter 8: Identity and Access Management 754
Index 759
O autorze
ABOUT THE AUTHORS
PETER H. GREGORY, CISA, CISSP, is a career technologist and cybersecurity leader. He is the Senior Director of GRC at GCI Communications, where he leads security policy, control frameworks, business continuity, third-party risk management, privacy, information and AI governance, and law enforcement wiretaps.
MIKE CHAPPLE, Ph D, CISA, CISSP, is a teaching professor of IT, analytics, and operations at the University of Notre Dame. He is a cybersecurity professional and educator with over 25 years experience including as chief information officer of Brand Institute and an information security researcher with the National Security Agency and the U.S. Air Force. Mike is the author of more than 200 books and video courses and provides cybersecurity certification resources at Cert Mike.com.
Więcej książek elektronicznych tego samego autora (ów) / Redaktor
3 386 Ebooki w tej kategorii
