CISA – Certified Information Systems Auditor Study Guide - Second Edition

CISA – Certified Information Systems Auditor Study Guide - Second Edition

by Hemang Doshi
Released June 2023
Publisher(s): Packt Publishing
ISBN: 9781803248158

Read it now on the O’Reilly learning platform with a 10-day free trial.

O’Reilly members get unlimited access to books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Book description

Master the practical aspects of information systems auditing to pass the CISA exam and accelerate your career. Purchase of the book unlocks access to web-based exam prep resources like practice questions, flashcards, and more. Purchase of the print or Kindle book includes a free eBook in PDF format.

Key Features

  • Enhance your understanding of each topic by practicing a set of exam-oriented questions
  • Revise concepts easily focusing on key aspects from CISA exam perspective, highlighted in each chapter
  • Accelerate your exam prep with additional study material including flashcards, practice questions, and exam tips

Book Description

With the latest updates and revised study material, this second edition of the Certified Information Systems Auditor Study Guide provides an excellent starting point for your CISA certification preparation. The book strengthens your grip on the core concepts through a three-step approach. First, it presents the fundamentals with easy-to-understand theoretical explanations. Next, it provides a list of key aspects that are crucial from the CISA exam perspective, ensuring you focus on important pointers for the exam. Finally, the book makes you an expert in specific topics by engaging you with self-assessment questions designed to align with the exam format, challenging you to apply your knowledge and sharpen your understanding.

Moreover, the book comes with lifetime access to supplementary resources on an online platform, including CISA flashcards, practice questions, and valuable exam tips. With unlimited access to the website, you’ll have the flexibility to practice as many times as you desire, maximizing your exam readiness.

By the end of this book, you’ll have developed the proficiency to successfully obtain the CISA certification and significantly upgrade your auditing career.

What you will learn

  • Perform an audit in accordance with globally accepted standards and frameworks
  • Recognize and recommend opportunities for improvement
  • Understand data analytics tools and processes
  • Comprehend the effectiveness of IT governance
  • Evaluate different type of frameworks
  • Manage audit reporting and communication
  • Evaluate evidence collection and forensics processes

Who this book is for

This CISA study guide is specifically tailored for anyone with a non-technical background who wants to achieve the CISA certification. It caters to those currently working in or looking to seek employment in IT audit and security management roles.

Table of contents

  1. CISA – Certified Information Systems Auditor Study Guide
  2. Second Edition
  3. Contributors
  4. About the Author
  5. About the Reviewers
  6. Preface
    1. Online Exam-Prep Tools
    2. Who This Book Is For
    3. What This Book Covers
    4. How to Get the Most out of This Book
    5. Recorded Lectures
    6. Requirements for the Online Content
    7. Instructions for Unlocking the Online Content
    8. Quick Access to the Website
    9. Conventions Used
    10. Get in Touch
    11. Share Your Thoughts
    12. Download a Free PDF Copy of This Book
  7. Chapter 1: Audit Planning
    1. The Contents of an Audit Charter
      1. Key Aspects from the CISA Exam Perspective
    2. Audit Planning
      1. Benefits of Audit Planning
      2. Selection Criteria
      3. Reviewing Audit Planning
      4. Individual Audit Assignments
      5. Key Aspects from the CISA Exam Perspective
    3. Business Process Applications and Controls
      1. E-Commerce
      2. Electronic Data Interchange (EDI)
      3. Point of Sale (POS)
      4. Electronic Banking
      5. Electronic Funds Transfer (EFT)
      6. Image Processing
      7. Artificial Intelligence and Expert Systems
      8. Key Aspects from the CISA Exam Perspective
    4. Types of Controls
      1. Preventive Controls
      2. Detective Controls
      3. Corrective Controls
      4. Deterrent Controls
      5. The Difference between Preventive and Deterrent Controls
      6. Compensating Controls
      7. Control Objectives
      8. Control Measures
      9. Key Aspects from the CISA Exam Perspective
    5. Risk-Based Audit Planning
      1. What Is Risk?
      2. Understanding Vulnerability and Threats
      3. Understanding Inherent Risk and Residual Risk
      4. Advantages of Risk-Based Audit Planning
      5. Audit Risk
      6. Risk-Based Auditing Approach
      7. Risk Assessments
      8. Risk Response Methodology
      9. Top-Down and Bottom-Up Approaches to Policy Development
      10. Key Aspects from the CISA Exam Perspective
    6. Types of Audits and Assessments
    7. Summary
    8. Chapter Review Questions
  8. Chapter 2: Audit Execution
    1. Audit Project Management
      1. Audit Objectives
      2. Audit Phases
      3. Fraud, Irregularities, and Illegal Acts
      4. Key Aspects from the CISA Exam Perspective
    2. Sampling Methodology
      1. Sampling Types
      2. Sampling Risk
      3. Other Sampling Terms
      4. Compliance versus Substantive Testing
      5. Key Aspects from the CISA Exam Perspective
    3. Audit Evidence Collection Techniques
      1. Reliability of Evidence
      2. Evidence-Gathering Techniques
      3. Key Aspects from the CISA Exam Perspective
    4. Data Analytics
      1. Examples of the Effective Use of Data Analytics
      2. CAATs
      3. Examples of the Effective Use of CAAT Tools
      4. Precautions while Using CAAT
      5. Continuous Auditing and Monitoring
      6. Continuous Auditing Techniques
      7. Key Aspects from the CISA Exam Perspective
    5. Reporting and Communication Techniques
      1. Exit Interview
      2. Audit Reporting
      3. Audit Report Objectives
      4. Audit Report Structure
      5. Follow-Up Activities
      6. Key Aspects from the CISA Exam Perspective
    6. Control Self-Assessment
      1. Objectives of CSA
      2. Benefits of CSA
      3. Precautions while Implementing CSA
      4. An IS Auditor’s Role in CSA
      5. Key Aspects from the CISA Exam Perspective
    7. Summary
    8. Chapter Review Questions
  9. Chapter 3: IT Governance
    1. Enterprise Governance of IT (EGIT)
      1. EGIT Processes
      2. The Differences between Governance and Management
      3. EGIT Good Practices
      4. Effective Information Security Governance
      5. EGIT – Success Factors
      6. Key Aspects from the CISA Exam Perspective
    2. IT-Related Frameworks
    3. IT Standards, Policies, and Procedures
      1. Policies
      2. Standards
      3. Procedures
      4. Guidelines
      5. Information Security Policy
      6. Key Aspects from the CISA Exam Perspective
    4. Organizational Structure
      1. Relationship between the IT Strategy Committee and the IT Steering Committee
      2. Differences between the IT Strategy Committee and the IT Steering Committee
      3. Key Aspects from the CISA Exam Perspective
    5. Enterprise Architecture
      1. Enterprise Security Architecture
      2. Key Aspects from the CISA Exam Perspective
    6. Enterprise Risk Management
      1. Risk Management Process Steps
      2. Risk Analysis Methods
      3. Risk Treatment
      4. Key Aspects from the CISA Exam Perspective
    7. Maturity Model
    8. Laws, Regulations, and Industry Standards Affecting the Organization
      1. An IS Auditor’s Role in Determining Adherence to Laws and Regulations
      2. Key Aspects from the CISA Exam Perspective
    9. Summary
    10. Chapter Review Questions
  10. Chapter 4: IT Management
    1. IT Resource Management
      1. Human Resource Management
      2. IT Management Practices
      3. Financial Management Practices
      4. Key Aspects from the CISA Exam Perspective
    2. IT Service Provider Acquisition and Management
      1. Evaluation Criteria for Outsourcing
      2. Steps for Outsourcing
      3. Outsourcing – Risk Reduction Options
      4. Provisions for Outsourcing Contracts
      5. Role of IS Auditors in Monitoring Outsourced Activities
      6. Globalization of IT Functions
      7. Outsourcing and Third-Party Audit Reports
      8. Monitoring and Review of Third-Party Services
      9. Key Aspects from the CISA Exam Perspective
    3. IT Performance Monitoring and Reporting
      1. Development of Performance Metrics
      2. Effectiveness of Performance Metrics
      3. Tools and Techniques
      4. Key Aspects from the CISA Exam Perspective
    4. Quality Assurance and Quality Management in IT
      1. Quality Assurance
      2. Quality Management
      3. Key Aspects from the CISA Exam Perspective
    5. Summary
    6. Chapter Review Questions
  11. Chapter 5: Information Systems Acquisition and Development
    1. Project Management Structure
      1. Project Roles and Responsibilities
      2. Project Objectives, OBS, and WBS
      3. Key Aspects from the CISA Exam Perspective
    2. Business Case and Feasibility Analysis
      1. Business Cases
      2. Feasibility Analysis
      3. The IS Auditor’s Role in Business Case Development
    3. System Development Methodologies
      1. SDLC Models
      2. SDLC phases
      3. Software Development Methods
      4. Software Reengineering and Reverse Engineering
      5. Key Aspects from the CISA Exam Perspective
    4. Control Identification and Design
      1. Check Digits
      2. Parity Bits
      3. Checksums
      4. Forward Error Control
      5. Data Integrity Principles
      6. Decision Support Systems
      7. Decision Trees
      8. Key Aspects from the CISA Exam Perspective
    5. Summary
    6. Chapter Review Questions
  12. Chapter 6: Information Systems Implementation
    1. Testing Methodology
      1. Unit Testing
      2. Integration Testing
      3. System Testing
      4. Testing Approach
      5. Testing Phases
      6. Key Aspects from the CISA Exam Perspective
    2. System Migration
      1. Parallel Changeover
      2. Phased Changeover
      3. Abrupt Changeover
      4. Key Aspects from the CISA Exam Perspective
    3. Post-Implementation Review
      1. Key Aspects from the CISA Exam Perspective
    4. Summary
    5. Chapter Review Questions
  13. Chapter 7: Information Systems Operations
    1. Understanding Common Technology Components
      1. The Types of Servers
      2. Universal Serial Bus
      3. Radio Frequency Identification
    2. IT Asset Management
      1. Performance Reports
    3. Job Scheduling
    4. End User Computing
    5. System Performance Management
      1. Nucleus (Kernel) Functions
      2. Utility Programs
      3. Parameter Setting for the Operating System
      4. Registry
      5. Activity Logging
      6. Software Licensing Issues
      7. Source Code Management
      8. Capacity Management
      9. Key Aspects from a CISA Exam Perspective
    6. Problem and Incident Management
      1. Network Management Tools
      2. Key Aspects from a CISA Exam Perspective
    7. Change Management, Configuration Management, and Patch Management
      1. Change Management Process
      2. Patch Management
      3. Configuration Management
      4. Emergency Change Management
      5. Backout Process
      6. The Effectiveness of a Change Management Process
      7. Key Aspects from a CISA Exam Perspective
    8. IT Service-Level Management
    9. Evaluating the Database Management Process
      1. Advantages of Database Management
      2. Database Structures
      3. Key Aspects from a CISA Exam Perspective
    10. Summary
    11. Chapter Review Questions
  14. Chapter 8: Business Resilience
    1. Business Impact Analysis
      1. Key Aspects from the Perspective of the CISA Exam
    2. Data Backup and Restoration
      1. Types of Backup Strategy
      2. Storage Capacity for Each Backup Scheme
      3. Key Aspects from the Perspective of the CISA Exam
    3. System Resiliency
      1. Application Resiliency – Clustering
      2. Telecommunication Network Resiliency
    4. Business Continuity Plan
      1. Steps of the BCP Life Cycle
      2. Contents of the BCP
      3. Backup Procedure for Critical Operations
      4. The Involvement of Process Owners in the BCP
      5. BCP and Risk Assessments
      6. Testing the BCP
      7. Key Aspects from the Perspective of the CISA Exam
    5. Disaster Recovery Plan
      1. The BCP versus the DRP
      2. Key Aspects from the CISA Exam Perspective
    6. DRP – Test Methods
      1. Checklist Review
      2. Structured Walkthrough
      3. Tabletop Test
      4. Simulation Test
      5. Parallel Test
      6. Full Interruption Test
      7. Key Aspects from the CISA Exam Perspective
    7. Recovery Time Objective (RTO) and Recovery Point Objective (RPO)
      1. RPO
      2. RTO and RPO for Critical Systems
      3. RTO and RPO and Maintenance Costs
      4. RTO, RPO, and Disaster Tolerance
      5. Key Aspects from the CISA Exam Perspective
    8. Alternate Recovery Sites
      1. Mirrored Site
      2. Hot Site
      3. Warm Site
      4. Cold Site
      5. Mobile Site
      6. Reciprocal Agreement
      7. Summary
    9. Summary
    10. Chapter Review Questions
  15. Chapter 9: Information Asset Security and Control
    1. Information Asset Security Frameworks, Standards, and Guidelines
      1. Auditing the Information Security Management Framework
      2. Key Aspects from the CISA Exam Perspective
    2. Privacy Principles
    3. Physical Access and Environmental Controls
      1. Environmental Controls
      2. Alarm Controls
      3. Water and Smoke Detectors
      4. Fire Suppression Systems
      5. Physical Access Control
      6. Key Aspects from the CISA Exam Perspective
    4. Identity and Access Management
      1. Access Control Categories
      2. Default Deny Policy – Allow All Policy
      3. Degaussing (Demagnetizing)
      4. Naming Convention
      5. Single Sign-On
      6. Key Aspects from the CISA Exam Perspective
    5. Biometrics
      1. Biometrics Accuracy Measure
      2. Control over the Biometric Process
      3. Types of Biometric Attacks
    6. Summary
    7. Chapter Review Questions
  16. Chapter 10: Network Security and Control
    1. Network and Endpoint Devices
      1. Open System Interconnection (OSI) Layers
      2. Networking Devices
      3. Network Devices and the OSI Layer
      4. Network Physical Media
      5. Identifying the Risks of Physical Network Media
      6. Network Protocols
      7. Key Aspects from the CISA Exam Perspective
    2. Firewall Types and Implementation
      1. Types of Firewalls
      2. What is a Bastion Host?
      3. What is a Proxy?
      4. Types of Firewall Implementation
      5. The Firewall and the Corresponding OSI layer
      6. Key Aspects from the CISA Exam Perspective
    3. VPN
      1. Types of VPN
      2. VPNs – security risks
      3. VPNs – Technical Aspects
      4. Key Aspects from the Perspective of the CISA Exam
    4. Voice over Internet Protocol (VoIP)
      1. Key Aspects from the CISA Exam Perspective
    5. Wireless Networks
      1. Enabling MAC Filtering
      2. Enabling Encryption
      3. Disabling a Service Set Identifier (SSID)
      4. Disabling DHCP
      5. Common Attack Methods and Techniques for a Wireless Network
      6. Key Aspects from the CISA Exam Perspective
    6. Email Security
      1. Key Aspects from the CISA Exam Perspective
    7. Summary
    8. Chapter Review Questions
  17. Chapter 11: Public Key Cryptography and Other Emerging Technologies
    1. Public Key Cryptography
      1. Symmetric Encryption versus Asymmetric Encryption
      2. Encryption Keys
      3. The Hash of the Message
      4. Combining Symmetric and Asymmetric Methods
      5. Key Aspects from the CISA Exam Perspective
    2. Elements of PKI
      1. PKI Terminology
      2. Processes Involved in PKI
      3. Certifying Authority versus Registration Authority
      4. Key Aspects from the CISA Exam Perspective
    3. Cloud Computing
      1. Cloud Computing – Deployment Models
      2. Types of Cloud Services
      3. Cloud Computing – the IS Auditor’s Role
    4. Virtualization
    5. Mobile Computing
    6. Internet of Things (IoT)
    7. Summary
    8. Chapter Review Questions
  18. Chapter 12: Security Event Management
    1. Security Awareness Training and Programs
      1. Participants
      2. Security Awareness Methods
      3. Social Engineering Attacks
      4. Evaluating the Effectiveness of Security Programs
      5. Key Aspects from the CISA Exam Perspective
    2. Information System Attack Methods and Techniques
      1. Malicious Code
      2. Biometric Attacks
      3. Key Aspects from the CISA Exam Perspective
    3. Security Testing Tools and Techniques
      1. General Security Controls
      2. Network Penetration Tests
      3. Key Aspects from the CISA Exam Perspective
    4. Security Monitoring Tools and Techniques
      1. IDS
      2. IPS
      3. Honeypots and Honey Nets
      4. Key Aspects from the CISA Exam Perspective
    5. Incident Response Management
      1. Computer Security Incident Response Team
      2. Key Aspects from the CISA Exam Perspective
    6. Evidence Collection and Forensics
      1. Chain of Custody
      2. Key Elements of Computer Forensics
    7. Summary
    8. Chapter Review Questions
    9. Why subscribe?
  19. Other Books You May Enjoy
    1. Share Your Thoughts
    2. Download a Free PDF Copy of This Book

Product information

  • Title: CISA – Certified Information Systems Auditor Study Guide - Second Edition
  • Author(s): Hemang Doshi
  • Release date: June 2023
  • Publisher(s): Packt Publishing
  • ISBN: 9781803248158