- STAFF PICKS
- GIFTS + GIFT CARDS
- SELL BOOKS
- FIND A STORE
New Trade Paper
Ships in 1 to 3 days
available for shipping or prepaid pickup only
Available for In-store Pickup
in 7 to 12 days
Other titles in the Exam Cram 2 series:
Cisa Exam Cram: Certified Information Systems Auditorby Allen V. Keele
Synopses & Reviews
Want an affordable yet innovative approach to studying for the Certified Information Systems Auditor (CISA) 2005 exam? CISA 2005 Exam Cram 2 is your solution. You will have the essential material for passing the CISA 2005 exam right at your fingertips. All exam objectives are covered and you'll find practice exams, exam alerts, notes, tips and cautions to help guide you through your exam preparation. A CD also provides you with a video introduction to the exam and complete explanations of answers to the practice questions from Certified Tech Trainers (CTT). As a special bonus, you will receive $75 in discounts on CTT products and services. For your smartest, most efficient way to get certified, choose CISA 2005 Exam Cram 2.
About the Author
Allen Keele has 20 certifications, the CISA, CISM, CISSP, and Security+ among them. As president and program developer for Certified Tech Trainers, he has over 14 years experience in information security and risk management. He has authored books on security and lectures at leading companies such as Deloitte and Touche, Blue Cross-Blue Shield, and Fujitsu.
Keith Mortier holds a CISA and CISSP certification and a BS in Computer Information Systems. Within the IT industry, Keith has designed and implemented risk assessment, vulnerability testing and disaster recovery-security plans. Keith is president of LMI solutions providing security services to both commercial and government clients.
Table of Contents
1. The Information Systems (IS) Audit Process.
Conducting IS Audits in Accordance with Generally Accepted IS Audit Standards and Guidelines.
ISACA IS Auditing Standards and Guidelines and Code of Professional Ethics.
Auditing Standards Explained.
The ISACA Code of Professional Ethics.
Ensuring That the Organization’s Information Technology and Business Systems are Adequately Controlled, Monitored, and Assessed.
ISACA’s CobiT Framework.
Risk-Based IS Audit Strategy and Objectives.
Aligning Controls with the Organization’s Business Objectives.
IT Department Head.
Segregation of Duties.
IS Auditing Practices and Techniques.
Audit Planning and Management Techniques.
Information Systems Audits.
Findings and Recommendations.
Organization’s Use of System Platforms, IT Infrastructure, and Applications.
Techniques to Gather Information and Preserve Evidence.
Control Objectives and Controls Related to IS (Such as Preventative and Detective).
Reviewing the Audit.
Communicating Audit Results.
Facilitating Risk Management and Control Practices.
IS, Business, and Audit Risk (Such as Threats and Impacts).
Risk-Analysis Methods, Principles, and Criteria.
2. Management, Planning, and Organization of IS.
Strategy, Policies, Standards, and Procedures.
IS Steering Committee.
The Components of IS Strategies, Policies, Standards, and Procedures.
Evaluating IS Management Practices to Ensure Compliance with IS Policies, Standards, and Procedures.
Evaluating the Process for Strategy Development, Deployment, and Maintenance.
Principles of IS Organizational Structure and Design.
Evaluating IS Organization and Structure.
Evaluating Use of Third-Party Services.
Examining IS Management and Practices.
IS Project-Management Strategies and Policies.
IT Governance, Risk Management, and Control Frameworks.
IS Problem- and Change-Management Strategies and Policies.
IS Quality-Management Strategies and Policies.
IS Information Security Management Strategies and Policies.
IS Business Continuity Management Strategies and Policies.
Contracting Strategies, Processes, and Contract-Management Practices.
Trade Secret Agreements.
Roles and Responsibilities of IS Functions (Including Segregation of Duties).
Practices Related to the Management of Technical and Operational Infrastructure.
Problem Management/Resource Management Procedures.
Key Performance Indicators and Performance-Measurement Techniques.
Exam Prep Questions.
3. Technical Infrastructure and Operational Practices and Infrastructure.
IT Organizational Structure.
Evaluating Hardware Acquisition, Installation, and Maintenance.
Risks and Controls Relating to Hardware Platforms.
Change Control and Configuration Management Principles for Hardware.
Evaluating Systems Software Development, Acquisition, Implementation, and Maintenance.
Understanding Systems Software and Utilities Functionality.
Risks and Controls Related to System Software and Utilities.
Change Control and Configuration Management Principles for System Software.
Evaluating Network Infrastructure Acquisition, Installation, and Maintenance.
Understanding Network Components Functionality.
Networking Concepts and Devices.
The TCP/IP Protocol Suite.
Stateful Packet-Inspection Firewalls.
Internet, Intranet, and Extranet.
Risks and Controls Related to Network Infrastructure.
Evaluating IS Operational Practices.
Risks and Controls Related to IS Operational Practices.
Evaluating the Use of System Performance and Monitoring Processes, Tools, and Techniques.
Exam Prep Questions.
4. Protection of Information Assets.
Understanding and Evaluating Controls Design, Implementation, and Monitoring.
Logical Access Controls.
Techniques for Identification and Authentication.
Network Infrastructure Security.
Digital Signature Techniques.
Network and Internet Security.
Voice Communications Security.
Environmental Protection Practices and Devices.
Physical Security Practices.
Intrusion Methods and Techniques.
Passive and Active Attacks.
Security Testing and Assessment Tools.
Sources of Information on Information Security.
Security Monitoring, Detection, and Escalation Processes and Techniques.
The Processes of Design, Implementation, and Monitoring of Security.
Review Written Policies, Procedures, and Standards.
Logical Access Security Policy.
Formal Security Awareness and Training.
Auditing Logical Access.
Exam Prep Questions.
5. Disaster Recovery and Business Continuity.
Understanding and Evaluating Process Development.
Crisis Management and Business Impact Analysis Techniques.
Disaster Recovery and Business Continuity Planning and Processes.
Duplicate Processing Facilities.
Backup and Storage Methods and Practices.
Storage Area Networks and Electronic Vaulting.
Disaster Recovery and Business Continuity Testing Approaches and Methods.
Preparedness Test (Full Test).
Full Operational Test.
Understanding and Evaluating Business Continuity Planning, Documentation, Processes, and Maintenance
Evaluating the Organization’s Capability to Ensure Business Continuity in the Event of a Business Disruption.
Evaluating Backup and Recovery Provisions in the Event of a Short-Term Disruption.
Evaluating the Capability to Continue Information System Processing in the Event That the Primary Information-Processing Facilities Are Not Available.
Insurance in Relation to Business Continuity and Disaster Recovery.
Human Resource Issues (Evacuation Planning, Response Teams).
Exam Prep Questions
6. Business Application System Development, Acquisition, Implementation, and Maintenance.
Evaluating Application Systems Development and Implementation.
System-Development Methodologies and Tools.
The Phases of the SDLC.
Project-Management Principles, Methods, and Practices.
Post-Implementation Review Techniques.
Evaluating Application Systems Acquisition and Implementation.
Application System-Acquisition Processes.
Application Change Control and Emergency Change-Management Procedures.
Evaluating Application Systems.
Software Quality-Assurance Methods.
Testing Principles, Methods, and Practices.
Exam Prep Questions.
7. Business Process Evaluation and Risk Management.
Evaluating IS Efficiency and Effectiveness of Information Systems in Supporting Business Processes.
Methods and Approaches for Designing and Improving Business Procedures.
Business Performance Indicators.
Evaluating the Design and Implementation of Programmed and Manual Controls.
Business Process Controls.
Evaluating Business Process Change Projects.
Evaluating the Implementation of Risk Management and Governance.
Exam Prep Questions.
8. Practice Exam 1.
9. Answer Key 1.
10. Practice Exam 2.
11. Answer Key 2.
Appendix A: CD Contents and Installation Instructions.
Multiple Test Modes.
Wrong Answer Feedback.
Retake a Previous Exam from Your Exam History.
Configure Your Own Custom Exam.
Start Your Exam from a Predefined Set of Questions.
Custom Exam Mode.
Random Questions and Order of Answers.
Detailed Explanations of Correct and Incorrect Answers.
Attention to Exam Objectives.
Installing the CD.
What Our Readers Are Saying