Lýsing:
Building on the proven approach of other Sybex Study Guides, this updated book of more than 700 comprehensive pages complies with the recent release of the September 2014 IT Audit Framework (ITAF) and with that prepares readers to take the new exam based on those guidelines. This Study Guide covers the Content Areas and Tasks and Knowledge Areas and breaks them down for the reader in a clear and concise manner.
The book begins with an Assessment Test and then moves on to: IT Governance The IS Audit Process Networking Technology Basics Information Systems Life Cycle System Implementation and Operations Protecting Information Assets Business Continuity and Disaster Recovery Each chapter ends with a summary, Exam Essentials (most important items on which one will be tested), Review Questions, and Answers to Review Questions.
In this new edition, all the CISA terminology & definitions have been revised to keep up with new definition in regulations & ISO standards in light of the major breaches which occurred during 2012-14 causing the guidelines and the certification requirements to change. Approximately 73 terms have newer definitions or nomenclature changes. Unique to this study guide only, ISO standards are included as the governing body, ISACA, must comply with these standards now and in the future.
Annað
- Höfundur: David L. Cannon
- Útgáfa:4
- Útgáfudagur: 2016-02-18
- Hægt að prenta út 2 bls.
- Hægt að afrita 10 bls.
- Format:Page Fidelity
- ISBN 13: 9781119056256
- Print ISBN: 9781119056249
- ISBN 10: 111905625X
Efnisyfirlit
- CISA: Certified Information Systems Auditor: Study Guide
- Contents
- Introduction
- Assessment Test
- Chapter 1 Secrets of a Successful Auditor
- Understanding the Demand for IS Audits
- Executive Misconduct
- More Regulation Ahead
- Basic Regulatory Objective
- Governance Is Leadership
- Three Types of Data Target Different Uses
- Audit Results Indicate the Truth
- Understanding Policies, Standards, Guidelines, and Procedures
- Understanding Professional Ethics
- Following the ISACA Professional Code
- Preventing Ethical Conflicts
- Understanding the Purpose of an Audit
- Classifying General Types of Audits
- Determining Differences in Audit Approach
- Understanding the Auditor’s Responsibility
- Comparing Audits to Assessments
- Differentiating between Auditor and Auditee Roles
- Applying an Independence Test
- Implementing Audit Standards
- Where Do Audit Standards Come From?
- Understanding the Various Auditing Standards
- Specific Regulations Defining Best Practices
- Audits to Prove Financial Integrity
- Auditor Is an Executive Position
- Understanding the Importance of Auditor Confidentiality
- Working with Lawyers
- Working with Executives
- Working with IT Professionals
- Retaining Audit Documentation
- Providing Good Communication and Integration
- Understanding Leadership Duties
- Planning and Setting Priorities
- Providing Standard Terms of Reference
- Dealing with Conflicts and Failures
- Identifying the Value of Internal and External Auditors
- Understanding the Evidence Rule
- Stakeholders: Identifying Whom You Need to Interview
- Understanding the Corporate Organizational Structure
- Identifying Roles in a Corporate Organizational Structure
- Identifying Roles in a Consulting Firm Organizational Structure
- Summary
- Exam Essentials
- Review Questions
- Understanding the Demand for IS Audits
- Chapter 2 Governance
- Strategy Planning for Organizational Control
- Overview of the IT Steering Committee
- Using the Balanced Scorecard
- IT Subset of the BSC
- Decoding the IT Strategy
- Specifying a Policy
- Project Management
- Implementation Planning of the IT Strategy
- Using COBIT
- Identifying Sourcing Locations
- Conducting an Executive Performance Review
- Understanding the Auditor’s Interest in the Strategy
- Overview of Tactical Management
- Planning and Performance
- Management Control Methods
- Risk Management
- Implementing Standards
- Human Resources
- System Life-Cycle Management
- Continuity Planning
- Insurance
- Overview of Business Process Reengineering
- Why Use Business Process Reengineering
- BPR Methodology
- Genius or Insanity?
- Goal of BPR
- Guiding Principles for BPR
- Knowledge Requirements for BPR
- BPR Techniques
- BPR Application Steps
- Role of IS in BPR
- Business Process Documentation
- BPR Data Management Techniques
- Benchmarking as a BPR Tool
- Using a Business Impact Analysis
- BPR Project Risk Assessment
- Practical Application of BPR
- Practical Selection Methods for BPR
- Troubleshooting BPR Problems
- Understanding the Auditor’s Interest in Tactical Management
- Operations Management
- Sustaining Operations
- Tracking Actual Performance
- Controlling Change
- Understanding the Auditor’s Interest in Operational Delivery
- Summary
- Exam Essentials
- Review Questions
- Strategy Planning for Organizational Control
- Chapter 3 Audit Process
- Understanding the Audit Program
- Audit Program Objectives and Scope
- Audit Program Extent
- Audit Program Responsibilities
- Audit Program Resources
- Audit Program Procedures
- Audit Program Implementation
- Audit Program Records
- Audit Program Monitoring and Review
- Planning Individual Audits
- Establishing and Approving an Audit Charter
- Role of the Audit Committee
- Preplanning Specific Audits
- Understanding the Variety of Audits
- Identifying Restrictions on Scope
- Gathering Detailed Audit Requirements
- Using a Systematic Approach to Planning
- Comparing Traditional Audits to Assessments and Self-Assessments
- Performing an Audit Risk Assessment
- Determining Whether an Audit Is Possible
- Identifying the Risk Management Strategy
- Determining Feasibility of Audit
- Performing the Audit
- Selecting the Audit Team
- Determining Competence and Evaluating Auditors
- Ensuring Audit Quality Control
- Establishing Contact with the Auditee
- Making Initial Contact with the Auditee
- Using Data Collection Techniques
- Conducting Document Review
- Understanding the Hierarchy of Internal Controls
- Reviewing Existing Controls
- Preparing the Audit Plan
- Assigning Work to the Audit Team
- Preparing Working Documents
- Conducting Onsite Audit Activities
- Gathering Audit Evidence
- Using Evidence to Prove a Point
- Understanding Types of Evidence
- Selecting Audit Samples
- Recognizing Typical Evidence for IS Audits
- Using Computer-Assisted Audit Tools
- Understanding Electronic Discovery
- Grading of Evidence
- Timing of Evidence
- Following the Evidence Life Cycle
- Conducting Audit Evidence Testing
- Compliance Testing
- Substantive Testing
- Tolerable Error Rate
- Recording Test Results
- Generating Audit Findings
- Detecting Irregularities and Illegal Acts
- Indicators of Illegal or Irregular Activity
- Responding to Irregular or Illegal Activity
- Findings Outside of Audit Scope
- Report Findings
- Approving and Distributing the Audit Report
- Identifying Omitted Procedures
- Conducting Follow-up (Closing Meeting)
- Summary
- Exam Essentials
- Review Questions
- Understanding the Audit Program
- Chapter 4 Networking Technology Basics
- Understanding the Differences in Computer Architecture
- Selecting the Best System
- Identifying Various Operating Systems
- Determining the Best Computer Class
- Comparing Computer Capabilities
- Ensuring System Control
- Dealing with Data Storage
- Using Interfaces and Ports
- Introducing the Open Systems Interconnection Model
- Layer 1: Physical Layer
- Layer 2: Data-Link Layer
- Layer 3: Network Layer
- Layer 4: Transport Layer
- Layer 5: Session Layer
- Layer 6: Presentation Layer
- Layer 7: Application Layer
- Understanding How Computers Communicate
- Understanding Physical Network Design
- Understanding Network Cable Topologies
- Bus Topologies
- Star Topologies
- Ring Topologies
- Meshed Networks
- Differentiating Network Cable Types
- Coaxial Cable
- Unshielded Twisted-Pair (UTP) Cable
- Fiber-Optic Cable
- Connecting Network Devices
- Using Network Services
- Domain Name System
- Dynamic Host Configuration Protocol
- Expanding the Network
- Using Telephone Circuits
- Network Firewalls
- Remote VPN Access
- Using Wireless Access Solutions
- Firewall Protection for Wireless Networks
- Remote Dial-Up Access
- WLAN Transmission Security
- Achieving 802.11i RSN Wireless Security
- Intrusion Detection Systems
- Summarizing the Various Area Networks
- Using Software as a Service (SaaS)
- Advantages
- Disadvantages
- Cloud Computing
- The Basics of Managing the Network
- Automated LAN Cable Tester
- Protocol Analyzers
- Remote Monitoring Protocol Version 2
- Summary
- Exam Essentials
- Review Questions
- Chapter 5 Information Systems Life Cycle
- Governance in Software Development
- Management of Software Quality
- Capability Maturity Model
- International Organization for Standardization
- Typical Commercial Records Classification Method
- Overview of the Executive Steering Committee
- Identifying Critical Success Factors
- Using the Scenario Approach
- Aligning Software to Business Needs
- Change Management
- Management of the Software Project
- Choosing an Approach
- Using Traditional Project Management
- Overview of the System Development Life Cycle
- Phase 1: Feasibility Study
- Phase 2: Requirements Definition
- Phase 3: System Design
- Phase 4: Development
- Phase 5: Implementation
- Phase 6: Postimplementation
- Phase 7: Disposal
- Overview of Data Architecture
- Databases
- Database Transaction Integrity
- Decision Support Systems
- Presenting Decision Support Data
- Using Artificial Intelligence
- Program Architecture
- Centralization vs. Decentralization
- Electronic Commerce
- Summary
- Exam Essentials
- Review Questions
- Chapter 6 System Implementation and Operations
- Understanding the Nature of IT Services
- Performing IT Operations Management
- Meeting IT Functional Objectives
- Using the IT Infrastructure Library
- Supporting IT Goals
- Understanding Personnel Roles and Responsibilities
- Using Metrics
- Evaluating the Help Desk
- Performing Service-Level Management
- Outsourcing IT Functions
- Performing Capacity Management
- Using Administrative Protection
- Information Security Management
- IT Security Governance
- Authority Roles over Data
- Data Retention Requirements
- Document Physical Access Paths
- Personnel Management
- Physical Asset Management
- Compensating Controls
- Performing Problem Management
- Incident Handling
- Digital Forensics
- Monitoring the Status of Controls
- System Monitoring
- Document Logical Access Paths
- System Access Controls
- Data File Controls
- Application Processing Controls
- Log Management
- Antivirus Software
- Active Content and Mobile Software Code
- Maintenance Controls
- Implementing Physical Protection
- Data Processing Locations
- Environmental Controls
- Safe Media Storage
- Summary
- Exam Essentials
- Review Questions
- Chapter 7 Protecting Information Assets
- Understanding the Threat
- Recognizing Types of Threats and Computer Crimes
- Identifying the Perpetrators
- Understanding Attack Methods
- Implementing Administrative Protection
- Using Technical Protection
- Technical Control Classification
- Application Software Controls
- Authentication Methods
- Network Access Protection
- Encryption Methods
- Public-Key Infrastructure
- Network Security Protocols
- Telephone Security
- Technical Security Testing
- Summary
- Exam Essentials
- Review Questions
- Understanding the Threat
- Chapter 8 Business Continuity and Disaster Recovery
- Debunking the Myths
- Myth 1: Facility Matters
- Myth 2: IT Systems Matter
- From Myth to Reality
- Understanding the Five Conflicting Disciplines Called Business Continuity
- Defining Disaster Recovery
- Surviving Financial Challenges
- Valuing Brand Names
- Rebuilding after a Disaster
- Defining the Purpose of Business Continuity
- Uniting Other Plans with Business Continuity
- Identifying Business Continuity Practices
- Identifying the Management Approach
- Following a Program Management Approach
- Understanding the Five Phases of a Business Continuity Program
- Phase 1: Setting Up the BC Program
- Phase 2: The Discovery Process
- Phase 4: Plan Implementation
- Phase 5: Maintenance and Integration
- Understanding the Auditor Interests in BC/DR Plans
- Summary
- Exam Essentials
- Review Questions
- Debunking the Myths
- Appendix Answers to Review Questions
- Index
- Advert
- EULA
UM RAFBÆKUR Á HEIMKAUP.IS
Bókahillan þín er þitt svæði og þar eru bækurnar þínar geymdar. Þú kemst í bókahilluna þína hvar og hvenær sem er í tölvu eða snjalltæki. Einfalt og þægilegt!Rafbók til eignar
Rafbók til eignar þarf að hlaða niður á þau tæki sem þú vilt nota innan eins árs frá því bókin er keypt.
Þú kemst í bækurnar hvar sem er
Þú getur nálgast allar raf(skóla)bækurnar þínar á einu augabragði, hvar og hvenær sem er í bókahillunni þinni. Engin taska, enginn kyndill og ekkert vesen (hvað þá yfirvigt).
Auðvelt að fletta og leita
Þú getur flakkað milli síðna og kafla eins og þér hentar best og farið beint í ákveðna kafla úr efnisyfirlitinu. Í leitinni finnur þú orð, kafla eða síður í einum smelli.
Glósur og yfirstrikanir
Þú getur auðkennt textabrot með mismunandi litum og skrifað glósur að vild í rafbókina. Þú getur jafnvel séð glósur og yfirstrikanir hjá bekkjarsystkinum og kennara ef þeir leyfa það. Allt á einum stað.
Hvað viltu sjá? / Þú ræður hvernig síðan lítur út
Þú lagar síðuna að þínum þörfum. Stækkaðu eða minnkaðu myndir og texta með multi-level zoom til að sjá síðuna eins og þér hentar best í þínu námi.
Fleiri góðir kostir
- Þú getur prentað síður úr bókinni (innan þeirra marka sem útgefandinn setur)
- Möguleiki á tengingu við annað stafrænt og gagnvirkt efni, svo sem myndbönd eða spurningar úr efninu
- Auðvelt að afrita og líma efni/texta fyrir t.d. heimaverkefni eða ritgerðir
- Styður tækni sem hjálpar nemendum með sjón- eða heyrnarskerðingu
- Gerð : 208
- Höfundur : 12182
- Útgáfuár : 2016
- Leyfi : 379