| | Copyright |
| | The CISA Cram Sheet |
| | | IS Audit Process |
| | | Management, Planning, and Organization of IS |
| | | Technical Infrastructure and Operational Practices |
| | | Protection of Information Assets |
| | | Disaster Recovery and Business Continuity |
| | | Business Application System Development, Acquisition, Implementation, and Maintenance |
| | | Business Process Evaluation and Risk Management |
| | A Note from Series Editor Ed Tittel |
| | Acknowledgements |
| | About the Authors |
| | About the Technical Editor |
| | We Want to Hear from You! |
| | Introduction |
| | | About the CISA Exam and Content Areas |
| | | How to Prepare for the Exam |
| | | Additional Exam-Preparation Resources |
| | | What This Book Will Do |
| | | What This Book Will Not Do |
| | Self-Assessment |
| | | Certified Information Systems Auditors in the Real World |
| | Chapter 1. The Information Systems (IS) Audit Process |
| | | Conducting IS Audits in Accordance with Generally Accepted IS Audit Standards and Guidelines |
| | | ISACA IS Auditing Standards and Guidelines and Code of Professional Ethics |
| | | Ensuring That the Organization's Information Technology and Business Systems Are Adequately Controlled, Monitored, and Assessed |
| | | Risk-Based IS Audit Strategy and Objectives |
| | | Aligning Controls with the Organization's Business Objectives |
| | | Segregation of Duties |
| | | IS Auditing Practices and Techniques |
| | | Audit Planning and Management Techniques |
| | | Information Systems Audits |
| | | Audit Conclusions |
| | | Control Objectives and Controls Related to IS (Such as Preventative and Detective) |
| | | Reviewing the Audit |
| | | Communicating Audit Results |
| | | Facilitating Risk Management and Control Practices |
| | | Risk-Analysis Methods, Principles, and Criteria |
| | | Communication Techniques |
| | | Personnel-Management Techniques |
| | | Practice Questions |
| | Chapter 2. Management, Planning, and Organization of IS |
| | | Strategy, Policies, Standards, and Procedures |
| | | The Components of IS Strategies, Policies, Standards, and Procedures |
| | | Evaluating IS Management Practices to Ensure Compliance with IS Policies, Standards, and Procedures |
| | | Evaluating the Process for Strategy Development, Deployment, and Maintenance |
| | | Principles of IS Organizational Structure and Design |
| | | Examining IS Management and Practices |
| | | IT Governance, Risk Management, and Control Frameworks |
| | | IS Problem- and Change-Management Strategies and Policies |
| | | IS Quality-Management Strategies and Policies |
| | | IS Information Security Management Strategies and Policies |
| | | IS Business Continuity Management Strategies and Policies |
| | | Contracting Strategies, Processes, and Contract-Management Practices |
| | | Roles and Responsibilities of IS Functions (Including Segregation of Duties) |
| | | Practices Related to the Management of Technical and Operational Infrastructure |
| | | Exam Prep Questions |
| | Chapter 3. Technical Infrastructure and Operational Practices and Infrastructure |
| | | IT Organizational Structure |
| | | Evaluating Hardware Acquisition, Installation, and Maintenance |
| | | Evaluating Systems Software Development, Acquisition, Implementation, and Maintenance |
| | | Evaluating Network Infrastructure Acquisition, Installation, and Maintenance |
| | | The TCP/IP Protocol Suite |
| | | Routers |
| | | Internet, Intranet, and Extranet |
| | | Evaluating IS Operational Practices |
| | | Evaluating the Use of System Performance and Monitoring Processes, Tools, and Techniques |
| | | Exam Prep Questions |
| | Chapter 4. Protection of Information Assets |
| | | Understanding and Evaluating Controls Design, Implementation, and Monitoring |
| | | Logical Access Controls |
| | | Network Infrastructure Security |
| | | Environmental Protection Practices and Devices |
| | | Physical Access |
| | | Intrusion Methods and Techniques |
| | | Security Testing and Assessment Tools |
| | | Sources of Information on Information Security |
| | | Security Monitoring, Detection, and Escalation Processes and Techniques |
| | | The Processes of Design, Implementation, and Monitoring of Security |
| | | Exam Prep Questions |
| | Chapter 5. Disaster Recovery and Business Continuity |
| | | Understanding and Evaluating Process Development |
| | | Crisis Management and Business Impact Analysis Techniques |
| | | Disaster Recovery and Business Continuity Planning and Processes |
| | | Backup and Storage Methods and Practices |
| | | Disaster Recovery and Business Continuity Testing Approaches and Methods |
| | | Understanding and Evaluating Business Continuity Planning, Documentation, Processes, and Maintenance |
| | | Insurance in Relation to Business Continuity and Disaster Recovery |
| | | Human Resource Issues (Evacuation Planning, Response Teams) |
| | | Exam Prep Questions |
| | Chapter 6. Business Application System Development, Acquisition, Implementation, and Maintenance |
| | | Evaluating Application Systems Development and Implementation |
| | | System-Development Methodologies and Tools |
| | | Project-Management Principles, Methods, and Practices |
| | | Application-Maintenance Principles |
| | | Evaluating Application Systems Acquisition and Implementation |
| | | Evaluating Application Systems |
| | | Exam Prep Questions |
| | Chapter 7. Business Process Evaluation and Risk Management |
| | | Evaluating IS Efficiency and Effectiveness of Information Systems in Supporting Business Processes |
| | | Evaluating the Design and Implementation of Programmed and Manual Controls |
| | | Evaluating Business Process Change Projects |
| | | Evaluating the Implementation of Risk Management and Governance |
| | | Exam Prep Questions |
| | Chapter 8. Practice Exam 1 |
| | Chapter 9. Answer Key 1 |
| | Chapter 10. Practice Exam 2 |
| | Chapter 11. Answer Key 2 |
| | A CD Contents and Installation Instructions |
| | | Multiple Test Modes |
| | | Question Types |
| | | Random Questions and Order of Answers |
| | | Detailed Explanations of Correct and Incorrect Answers |
| | | Attention to Exam Objectives |
| | | Installing the CD |
| | | Technical Support |
| | CISA Glossary |
| | Index |