CISA EXAM CRAM MORTIER K. Bankowa.pl

The CISA 2005 Exam Cram 2 provides readers with the essential material for passing the CISA certification exam. This Exam Cram offers readers an innovative approach to study with a video introduction to the exam and complete explanations of all answers to the questions on the CD. Exam Cram key features, such as covering all exam objectives and providing practice exams, exam alerts, notes, tips, and cautions, remain a central part of this book. The Certified Information Systems Auditor exam is given once a year, every June, in 200 locations worldwide in eleven languages. The Sarbanes-Oxley Act of 2002 elevated systems auditing to a legal requirement for publicly traded companies and many privately held companies are following suit due to increased security risks. The exam is a test of auditing concepts to be used as guidance for systems auditors and as such, changes little from year to year. In addition to successfully completing the CISA exam, candidates must also adhere to ISACAs Code of Professional Ethics, submit evidence of a minimum of five years of professional IS auditing, control or security work experience, and abide by a program of continuing education. Since its inception, more than 35,000 IS auditors, accountants, security practitioners and other leaders in IT governance and assurance from around the world have earned the CISA designation. This is the 10th consecutive year that registrations for the exam have set a new record.

Table of Contents

Introduction.

Self Assessment.

1. The Information Systems (IS) Audit Process.

Conducting IS Audits in Accordance with Generally Accepted IS Audit Standards and Guidelines.

ISACA IS Auditing Standards and Guidelines and Code of Professional Ethics.

Auditing Standards Explained.

The ISACA Code of Professional Ethics.

Ensuring That the Organizations Information Technology and Business Systems are Adequately Controlled, Monitored, and Assessed.

ISACAs CobiT Framework.

Control Self Assessment.

Risk Based IS Audit Strategy and Objectives.

Aligning Controls with the Organizations Business Objectives.

Steering Committee.

Strategic Planning.

Organizational Structure.

IT Department Head.

Security Department.

Quality Assurance.

Applications.

Data Management.

Technical Support.

Operations.

Segregation of Duties.

IS Auditing Practices and Techniques.

Audit Planning and Management Techniques.

Information Systems Audits.

Attestation.

Findings and Recommendations.

SAS 70.

SAS 94.

Attribute Sampling.

Variable Sampling.

Substantive Tests.

Compliance Tests.

Audit Conclusions.

Obtaining Evidence.

Organizations Use of System Platforms, IT Infrastructure, and Applications.

Techniques to Gather Information and Preserve Evidence.

Control Objectives and Controls Related to IS (Such as Preventative and Detective).

Reviewing the Audit.

Communicating Audit Results.

Facilitating Risk Management and Control Practices.

IS, Business, and Audit Risk (Such as Threats and Impacts).

Risk Analysis Methods, Principles, and Criteria.

Communication Techniques.

Personnel Management Techniques.

Practice Questions.

2. Management, Planning, and Organization of IS.

Strategy, Policies, Standards, and Procedures.

Strategic Planning.

IS Steering Committee.

The Components of IS Strategies, Policies, Standards, and Procedures.

Policy Development.

IT Policy.

Procedures.

Evaluating IS Management Practices to Ensure Compliance with IS Policies, Standards, and Procedures.

Evaluating the Process for Strategy Development, Deployment, and Maintenance.

Principles of IS Organizational Structure and Design.

Evaluating IS Organization and Structure.

Evaluating Use of Third-Party Services.

Examining IS Management and Practices.

IS Project-Management Strategies and Policies.

IT Governance, Risk Management, and Control Frameworks.

IS Problem and Change Management Strategies and Policies.

IS Quality Management Strategies and Policies.

IS Information Security Management Strategies and Policies.

IS Business Continuity Management Strategies and Policies.

Contracting Strategies, Processes, and Contract-Management Practices.

Employee Contracts.

Confidentiality Agreement.

Trade Secret Agreements.

Discovery Agreements.

Noncompete Agreements.

Roles and Responsibilities of IS Functions (Including Segregation of Duties).

Practices Related to the Management of Technical and Operational Infrastructure.

Problem Management Resource Management Procedures.

Help Desk.

Scheduling.

Service Level Agreements.

Key Performance Indicators and Performance Measurement Techniques.

Exam Prep Questions.

3. Technical Infrastructure and Operational Practices and Infrastructure.

IT Organizational Structure.

Evaluating Hardware Acquisition, Installation, and Maintenance.

Risks and Controls Relating to Hardware Platforms.

Change Control and Configuration Management Principles for Hardware.

Evaluating Systems Software Development, Acquisition, Implementation, and Maintenance.

Understanding Systems Software and Utilities Functionality.

Risks and Controls Related to System Software and Utilities.

Change Control and Configuration Management Principles for System Software.

Evaluating Network Infrastructure Acquisition, Installation, and Maintenance.

Understanding Network Components Functionality.

Networking Concepts and Devices.

The TCP IP Protocol Suite.

Firewalls.

Packet Filtering Firewalls.

Stateful Packet Inspection Firewalls.

Proxy Firewalls.

Routers.

Modems.

Internet, Intranet, and Extranet.

Risks and Controls Related to Network Infrastructure.

Evaluating IS Operational Practices.

Risks and Controls Related to IS Operational Practices.

Evaluating the Use of System Performance and Monitoring Processes, Tools, and Techniques.

Exam Prep Questions.

4. Protection of Information Assets.

Understanding and Evaluating Controls Design, Implementation, and Monitoring.

Logical Access Controls.

Techniques for Identification and Authentication.

Network Infrastructure Security.

Encryption Techniques.

Digital Signature Techniques.

Network and Internet Security.

Security Software.

Voice Communications Security.

Environmental Protection Practices and Devices.

Physical Access.

Physical Security Practices.

Intrusion Methods and Techniques.

Passive and Active Attacks.

Viruses.

Security Testing and Assessment Tools.

Sources of Information on Information Security.

Security Monitoring, Detection, and Escalation Processes and Techniques.

The Processes of Design, Implementation, and Monitoring of Security.

Review Written Policies, Procedures, and Standards.

Logical Access Security Policy.

Formal Security Awareness and Training.

Data Ownership.

Security Administrators.

Access Standards.

Auditing Logical Access.

Exam Prep Questions.

5. Disaster Recovery and Business Continuity.

Understanding and Evaluating Process Development.

Crisis Management and Business Impact Analysis Techniques.

Disaster Recovery and Business Continuity Planning and Processes.

Hot Sites.

Warm Sites.

Cold Site.

Duplicate Processing Facilities.

Reciprocal Agreements.

Backup and Storage Methods and Practices.

Backup Definitions.

Tape Storage.

Storage Area Networks and Electronic Vaulting.

Disaster Recovery and Business Continuity Testing Approaches and Methods.

Paper Test.

Walk-Through Testing.

Preparedness Test (Full Test).

Full Operational Test.

Understanding and Evaluating Business Continuity Planning, Documentation, Processes, and Maintenance

Evaluating the Organizations Capability to Ensure Business Continuity in the Event of a Business Disruption.

Evaluating Backup and Recovery Provisions in the Event of a Short Term Disruption.

Evaluating the Capability to Continue Information System Processing in the Event That the Primary Information Processing Facilities Are Not Available.

Insurance in Relation to Business Continuity and Disaster Recovery.

Property Insurance.

Liability Insurance.

Human Resource Issues (Evacuation Planning, Response Teams).

Exam Prep Questions

6. Business Application System Development, Acquisition, Implementation, and Maintenance.

Evaluating Application Systems Development and Implementation.

System-Development Methodologies and Tools.

Prototyping.

RAD.

The Phases of the SDLC.

Project Management Principles, Methods, and Practices.

Application Maintenance Principles.

Post Implementation Review Techniques.

Evaluating Application Systems Acquisition and Implementation.

Application Implementation Practices.

Application System Acquisition Processes.

Application Change Control and Emergency Change Management Procedures.

Evaluating Application Systems.

Application Architecture.

Software Quality Assurance Methods.

Testing Principles, Methods, and Practices.

Exam Prep Questions.

7. Business Process Evaluation and Risk Management.

Evaluating IS Efficiency and Effectiveness of Information Systems in Supporting Business Processes.

Methods and Approaches for Designing and Improving Business Procedures.

Business Performance Indicators.

Evaluating the Design and Implementation of Programmed and Manual Controls.

Business Process Controls.

Evaluating Business Process Change Projects.

Evaluating the Implementation of Risk Management and Governance.

Exam Prep Questions.

8. Practice Exam 1.

9. Answer Key 1.

10. Practice Exam 2.

11. Answer Key 2.

Appendix A: CD Contents and Installation Instructions.

Multiple Test Modes.

Wrong Answer Feedback.

Retake a Previous Exam from Your Exam History.

Configure Your Own Custom Exam.

Start Your Exam from a Predefined Set of Questions.

Custom Exam Mode.

Question Types.

Random Questions and Order of Answers.

Detailed Explanations of Correct and Incorrect Answers.

Attention to Exam Objectives.

Installing the CD.

Technical Support.

CISA Glossary.

Index

About the Authors

As president and chief executive officer of Certified Information Security, Allen Keele has more than 15 years of experience in information security and risk management, including 5 years of conducting professional advanced IT lectures and seminars across the United States and throughout the United Kingdom and Caribbean. His lectures have attracted students from leading organizations that include the United States Marine Corps., Deloitte and Touche, Ernst and Young, Lloyds, Thomson Financial, Microsoft Corporation, Blue Cross Blue Shield, Boston University, PriceWaterhouseCoopers, Fujitsu, and many others.

In 2004, Mr. Keele spoke many times on behalf of the Institute for Internal Auditors (IIA) and for the Information Systems Audit and Control Association (ISACA).
Mr. Keele was a featured speaker for ISACA at its North American conference, CACS, in May 2004.
Mr. Keele also was featured as the keynote speaker for Ernst and Youngs InfoSec 2003 in Barbados, for the 14th Annual Caribbean Central Bankers Conference in June 2003, and for an engagement with Clemson University in April 2003.

Considered an expert in several diverse technologies, Mr. Keele currently holds more than 24 professional and technical accreditations, including these:

Certified Information Security Manager and Systems Auditor (CISM CISA), by ISACA
Certified Information Systems Security Professional (CISSP), by (ISC)?
CompTIA Security+
Security Certified Network Professional (SCNP), by Security Certified Program
Check Point Certified Security Expert Plus and Instructor (CCSE+CCSI)
Cisco Certified Network Professional, Network Associate, and Design Associate (CCNP CCNA CCDA)
Nokia Certified Security Administrator and VPN Gateway Administrator (NSA NVGA)
Microsoft Certified Systems Engineer for NT 4.0 and Windows 2000 (MCSE)
Citrix Certified Enterprise Administrator and Instructor (CCEA CCI)
IBM Professional Server Expert (PSE)

Mr. Keele is also a published author with four texts currently available: Check Point Next Generation Security Administration (ISBN B0000692A2, Syngress Media, 2002), CCSA Check Point Certified Security Administrator Study Guide (Exam 156-210) (ISBN 0072194200, Syngress Media, 2002), Configuring Citrix MetaFrame for Windows 2000 Terminal Services (ISBN 1928994180, Syngress, 2000), and CCA Citrix Certified Administrator: MetaFrame 1.8, Exam 218 (ISBN 0072124393, Syngress Media, 2000).

Allen also occasionally authors articles for well-respected online journals such as Tech Republic. He holds a Bachelor of Business Administration degree in risk management from the University of Georgia, has attended Universität Mannheim, and is conversationally fluent in German.

As president of LMI Solutions, Keith Mortier has more than 15 years of experience in information technology, security, and risk management and serves clients in multiple industries. His hands-on experience includes strategic technology planning, risk management, information security auditing, and enterprise architecture development across many industries, including corporations, government, and associations.

Mr. Mortier holds a Bachelor of Science in computer information systems and is an active member of the Information Systems Audit and Control Association. Mr. Mortier holds the Certified Information Systems Security Professionals (CISSP) and the Certified Information Systems Auditor (CISA) designations.

Paperback
467 pages

Po otrzymaniu zamówienia poinformujemy pocztą e-mail lub telefonicznie,
czy wybrany tytuł polskojęzyczny lub anglojęzyczny jest aktualnie na półce księgarni.