This is the eBook version of the print title. Note that the eBook may not provide access to the practice test software that accompanies the print book. Learn, prepare, and practice for CISA exam success with this Cert Guide from Pearson IT Certification, a leader in IT certification learning. Master CISA exam topics Assess your knowledge with chapter-ending quizzes Review key concepts with exam preparation tasks Certified Information Systems Auditor (CISA) Cert Guide is a best-of-breed exam study guide. World-renowned enterprise IT security leaders Michael Gregg and Rob Johnson share preparation hints and test-taking tips, helping you identify areas of weakness and improve both your conceptual knowledge and hands-on skills. Material is presented in a concise manner, focusing on increasing your understanding and retention of exam topics. The book presents you with an organized test preparation routine through the use of proven series elements and techniques. Exam topic lists make referencing easy. Chapter-ending Exam Preparation Tasks help you drill on key concepts you must know thoroughly. Review questions help you assess your knowledge, and a final preparation chapter guides you through tools and resources to help you craft your final study plan. Well-regarded for its level of detail, assessment features, and challenging review questions and exercises, this study guide helps you master the concepts and techniques that will allow you to succeed on the exam the first time. The study guide helps you master all the topics on the CISA exam, including: Essential information systems audit techniques, skills, and standards IT governance, management/control frameworks, and process optimization Maintaining critical services: business continuity and disaster recovery Acquiring information systems: build-or-buy, project management, and development methodologies Auditing and understanding system controls System maintenance and service management, including frameworks and networking infrastructure Asset protection via layered administrative, physical, and technical controls Insider and outsider asset threats: response and management

Table of Contents:
Introduction xxiii Chapter 1 The CISA Certification 3     Exam Intent 3     Why the CISA Certification Is So Important 4         CISA: The Gold Standard 5     Exam Requirements 6     CISA Exam Windows 6         Scheduling to Take the Exam 7         Deadline to Apply for the CISA Certification 7         ISACA Agreements 9         CISA Exam Domains 10         Question Format and Grading 13         Exam Grading 13         Exam Questions 14         Getting Exam Results and Retests 15         Maintaining CISA Certification 16         Reporting CPE Hours Earned 16         Earning CPE Hours 17     Top 10 Tips and Tricks 18     Chapter Summary 19     Define Key Terms 20     Suggested Readings and Resources 20 Chapter 2 The Information Systems Audit 23     “Do I Know This Already?” Quiz 23     Foundation Topics 27     Skills and Knowledge Required to Be an IS Auditor 27         Work-Related Skills 27     Knowledge of Ethical Standards 28     ISACA Standards, Procedures, Guidelines, and Baselines 31         Knowledge of Regulatory Standards 35         Guidance Documents 36         Auditing Compliance with Regulatory Standards 38         Knowledge of Business Processes 38         Types of Audits 39     Risk Assessment Concepts 40         Risk Management 43     Auditing and the Use of Internal Controls 45     The Auditing Life Cycle 47         Audit Methodology 47         The Auditing Life Cycle Steps 48         Chain of Custody and Evidence Handling 49         Automated Work Papers 50         CAATs 51         Audit Closing 52         Report Writing 53     The Control Self-Assessment Process 54     Continuous Monitoring 55     Quality Assurance 56     The Challenges of Audits 57         Communicating Results 57         Negotiation and the Art of Handling Conflicts 58     Chapter Summary 59     Exam Preparation Tasks 60     Review All the Key Topics 60     Complete Tables from Memory 61     Define Key Terms 61     Exercises 61     2.1 Network Inventory 61     Review Questions 64     Suggested Readings and Resources 68 Chapter 3 The Role of IT Governance 71     “Do I Know This Already?” Quiz 71     Foundation Topics 75     The IT Steering Committee 75     Corporate Structure 77     IT Governance Frameworks 77         COBIT 78         ITIL 78         COBIT Versus ITIL 79     Enterprise Risk Management 80         The Risk Management Team 81         Asset Identification 82         Threat Identification 82         Quantitative Risk Assessment 84         Qualitative Risk Assessment 86         The Three Lines of Defense Model 87     Policy Development 90         Policy 91         Policy, Standards, Procedures, and Baselines 92         Auditing Policies, Standards, Procedures, and Baselines 93         Data Classification 96         Security Policy 98     Management Practices of Employees 100         Forced Vacations, Rotation of Assignments, and Dual Control 102         Separation Events 102         Roles and Responsibilities 103         Segregation of Duties (SoD) 105         Compensating Controls 106         Key Employee Controls 106     Performance Management 107         Key Performance Terms 108     Management and Control Frameworks 110         Enterprise Architecture 111         Change Management 113         Quality Management 113     Maturity Models 116         Implementing a Maturity Model 118     Management’s Role in Compliance 119     Process Optimization Techniques 121         Taguchi 122         PDCA 123         Taguchi Versus PDCA 124     Management of IT Suppliers 125         Third-Party Outsourcing 125         Third-Party Audits 126         Contract Management 127         Performance Monitoring 128         Relationship Management 129     Chapter Summary 130     Exam Preparation Tasks 130     Review All the Key Topics 130     Complete Tables from Memory 131     Key Terms 131     Exercises 132         3.1 Determining the steps for quantitative risk assessment 132     Review Questions 133     Suggested Readings and Resources 135 Chapter 4 Maintaining Critical Services 137     “Do I Know This Already?” Quiz 137     Foundation Topics 140     Threats to Business Operations 140     The Business Continuity Planning (BCP) Process 142         Project Management and Initiation 143         Business Impact Analysis 144         Criticality Analysis 147         Development and Recovery Strategy 149         Final Plan Design and Implementation 151         Training and Awareness 152         Implementation and Testing 153         Paper Tests 155         Preparedness Tests 155         Full Operation Tests 156         Monitoring and Maintenance 156         Understanding BCP Metrics 157     Recovery Strategies 159         Alternate Processing Sites 159         Alternate Processing Options 160         Hardware Recovery 163         Redundant Array of Independent Disks 164         Software and Data Recovery 165         Backup and Restoration 167         Telecommunications Recovery 169         Verification of Disaster Recovery and Business Continuity Process Tasks 170         The Disaster Life Cycle 172     Chapter Summary 174     Exam Preparation Tasks 174     Review All the Key Topics 175     Define Key Terms 175     Exercises 175         4.1 Business Impact and Risk 175     Review Questions 177     Suggested Readings and Resources 179 Chapter 5 Information Systems Acquisition and Development 181     “Do I Know This Already?” Quiz 181     Foundation Topics 185     IT Acquisition and Project Management 185         IT Acquisition 185         Software Escrow Agreements 185         Software Licensing 185         Project Management 187         Roles, Responsibility, and Structure of Project Management 188         Project Culture and Objectives 189         Making the Business Case for Investment 190         Return on Investment 191         Project Management Activities and Practices 192         Project Initiation 193         Project Planning 193         Project Control and Execution 199         Project Closing 199     Business Application Development 200         Systems-Development Methodology 200         Phase 1: Initiation phase 202         Phase 2: Development 204         Phase 3: Implementation 208         Phase 4: Operation and Maintenance 210         Phase 5: Disposal 211         Tools and Methods for Software Development 212     Information Systems Maintenance 213     Outsourcing and Alternative System Development 214         Cloud Computing 216         Cloud Threats 218         Application-Development Approaches 219         N-tier 220         Virtualization 221     Chapter Summary 222     Exam Preparation Tasks 223     Review All the Key Topics 223     Complete Tables from Memory 223     Define Key Terms 224     Exercises 224         5.1 Project Management 224         5.2 Project Management 225     Review Questions 226     Suggested Readings and Resources 229 Chapter 6 Auditing and Understanding System Controls 231     “Do I Know This Already?” Quiz 231     Foundation Topics 235     Audit Universe and Application Auditing 235     Programmed and Manual Application Controls 236         Business Process Controls 237         Input Controls 237         Processing Controls 239         Data File Controls 241         Output Controls 242     Auditing Application Controls 243         Understanding the Application 243         Observation and Testing 244         Data Integrity Controls 245         Application System Testing 246         Continuous Online Auditing 247     Auditing Systems Development, Acquisition, and Maintenance 249         Project Management 250     Business Application Systems 252         E-commerce 253         Electronic Data Interchange 254         Email 255         Business Intelligence 256         Decision Support Systems 257         Artificial Intelligence and Expert Systems 258         Customer Relationship Management 258         Supply Chain Management 259         Social Media 260     Chapter Summary 260     Exam Preparation Tasks 261     Review All the Key Topics 261     Define Key Terms 262     Exercises 262         6-1 Software Application Audit 262     Review Questions 263     Suggested Readings and Resources 266 Chapter 7 Systems Maintenance and Service Management 269     “Do I Know This Already?” Quiz 269     Foundation Topics 273     Service Management Frameworks 273         COBIT 273         FitSM 274         ISO 20000 274         eTOM 275     Fundamental Technologies 275         Operating Systems 275         Secondary Storage 277         Utility Software 277         Database-Management Systems 278         Database Structure 279         Software Licensing Issues 282         Digital Rights Management 283     Network Infrastructure 283         Network Types 284         Network Standards and Protocols 285         The OSI Reference Model 286         The Application Layer 287         The Presentation Layer 287         The Session Layer 288         The Transport Layer 288         The Network Layer 288         The Data Link Layer 289         The Physical Layer 289         Network Services and Applications 290         Comparing the OSI Model to the TCP/IP Model 292         The Network Access Layer 292         The Internet Layer 293         The Host-to-Host/Transport Layer 295         The Application Layer 296         Network Services 297         Wireless Technologies 298         Bluetooth 298         802.11 Wireless 299         Smartphones, Tablets, and Hotspots 302         Network Equipment 303         Edge Devices 306         DMZ 306         Firewalls 306         Firewall Configuration 308         IDS/IPS 310         Wide Area Networks 312         Packet Switching 312         Circuit Switching 313     Capacity Planning and Systems Performance Monitoring 314         Network Analyzers 316         System Utilization and Load Balancing 317         Third Parties and Cloud Providers 318         Network Design 318         Network Cabling 320     Chapter Summary 323     Exam Preparation Tasks 324     Review All the Key Topics 324     Define Key Terms 324     Exercises 325         7.1 Organizing Network Components 325     Review Questions 328     Suggested Readings and Resources 331 Chapter 8 Protection of Assets 333     “Do I Know This Already?” Quiz 333     Foundation Topics 336     Access Control 336         Identification and Authentication (I&A) 336         Authentication by Knowledge 336         Authentication by Ownership 338         Authentication by Characteristic 338         Single Sign-on 340         Federation 343         Remote Access 345         RADIUS 345         Diameter 346         TACACS 346         Additional Remote Access Options 346         SSH 347         VPNs 348         Physical and Environmental Access Controls 349         Fences, Gates, and Bollards 349         Other Physical and Environmental Controls 351         Using Guards to Restrict Access 352         Locks 353         Lighting 354         CCTV 355         Heating, Ventilation, and Air Conditioning (HVAC) 356     Security Controls for Hardware and Software 356         Securing Voice Communications 356         Encryption’s Role as a Security Control 357         Private Key Encryption 359         Data Encryption Standard (DES) 361         Advanced Encryption Standard (AES) 362         Public Key Encryption 362         RSA Encryption 363         Elliptic Curve Cryptography (ECC) 363         Quantum Cryptography 364         Hashing and Digital Signatures 364         Public Key Infrastructure (PKI) 365         Using Cryptography to Secure Assets 367         Internet Security Protocols 368     Protection of Information Assets 369         Information Life Cycle 369         Access Restriction 370         Laws Related to the Protection of Information 370         Maintaining Compliance 371         Protection of Privacy 372         Using Data Classification to Secure Critical Resources 373     Data Leakage and Attacks 374         Attacks Against Encryption 374         Threats from Unsecured Devices 375         Threats from Improper Destruction 378         Threats to the Infrastructure 378     Chapter Summary 380     Exam Preparation Tasks 381     Review All the Key Topics 381     Complete Tables from Memory 382     Define Key Terms 382     Review Questions 382     Suggested Reading and Resources 384 Chapter 9 Asset Threats, Response, and Management 387     “Do I Know This Already?” Quiz 387     Foundation Topics 391     Security Controls 391         Technical Controls 391         Cloud Computing 391         Operating Systems 391         Databases 393         Virtualization 395         Administrative Controls 396     Attack Methods and Techniques 399         Social Engineering and Nontechnical Attacks 399         Sniffing 400         Man-in-the-Middle Attacks and Hijacking 401         Denial of Service 402         Botnets 403         Malware 404         Wireless and Bluetooth 405         SQL Injection 408         Buffer Overflow 409         XSS and XSRF 411         Logic Bombs, Rounding Down, and Asynchronous Attacks 411         Integer Overflow 412         Password Attacks 412     Prevention and Detection Tools and Techniques 414         Audit and Log Review 414         Security Testing Techniques 415         Vulnerability Scanning 416         Penetration Testing 416     Problem and Incident Management Practices 418         Tracking Change 418         Fraud Risk Factors 419         Insiders 419         Outsiders 419         Incident Response 420         Emergency Incident Response Team 422         Incident Response Process 422         Incident Response and Results 424         Forensic Investigation 425         Forensics Steps 426         Other Forensic Types 427         Computer Crime Jurisdiction 429     Chapter Summary 430     Exam Preparation Tasks 430     Review All the Key Topics 430     Complete Tables from Memory 431     Define Key Terms 431     Review Questions 431     Suggested Reading and Resources 433 Chapter 10 Final Preparation 437     Tools for Final Preparation 437         Pearson Test Prep Practice Test Software and Questions on the Website 437         Accessing the Pearson Test Prep Software Online 438         Accessing the Pearson Test Prep Software Offline 438         Customizing Your Exams 439         Updating Your Exams 440         Premium Edition 440         Memory Tables 441         Chapter-Ending Review Tools 441     Suggested Plan for Final Review/Study 441     Summary 442 Glossary 445 Appendix A Answers to the “Do I Know This Already” Quizzes and Review Questions 467 Online Elements: Appendix B Memory Tables Appendix C Memory Tables Answer Key 9780789758446, TOC, 10/4/2017