Master your Minecraft

Special Offers see all

Enter to WIN a $100 Credit

Subscribe to
for a chance to win.
Privacy Policy

Tour our stores

    Recently Viewed clear list

    Best Books of the Year | December 10, 2014

    Mary Jo Schimelpfenig: IMG Best Fantasy/Sci-Fi of 2014

    Here are the books that knocked my socks off in 2014. All of them would make great gifts; each of them was truly something that evoked that... Continue »

Qualifying orders ship free.
New Trade Paper
Ships in 1 to 3 days
Add to Wishlist
available for shipping or prepaid pickup only
Available for In-store Pickup
in 7 to 12 days
Qty Store Section
1 Remote Warehouse Computers Reference- General

Other titles in the Exam Cram 2 series:

Cisa Exam Cram: Certified Information Systems Auditor


Cisa Exam Cram: Certified Information Systems Auditor Cover


Synopses & Reviews

Publisher Comments:

Want an affordable yet innovative approach to studying for the Certified Information Systems Auditor (CISA) 2005 exam? CISA 2005 Exam Cram 2 is your solution. You will have the essential material for passing the CISA 2005 exam right at your fingertips. All exam objectives are covered and you'll find practice exams, exam alerts, notes, tips and cautions to help guide you through your exam preparation. A CD also provides you with a video introduction to the exam and complete explanations of answers to the practice questions from Certified Tech Trainers (CTT). As a special bonus, you will receive $75 in discounts on CTT products and services. For your smartest, most efficient way to get certified, choose CISA 2005 Exam Cram 2.

About the Author

Allen Keele has 20 certifications, the CISA, CISM, CISSP, and Security+ among them.  As president and program developer for Certified Tech Trainers, he has over 14 years experience in information security and risk management. He has authored books on security and lectures at leading companies such as Deloitte and Touche, Blue Cross-Blue Shield, and Fujitsu. 

Keith Mortier holds a CISA and CISSP certification and a BS in Computer Information Systems. Within the IT industry, Keith has designed and implemented risk assessment, vulnerability testing and disaster recovery-security plans. Keith is president of LMI solutions providing security services to both commercial and government clients.

Table of Contents



1. The Information Systems (IS) Audit Process.

    Conducting IS Audits in Accordance with Generally Accepted IS Audit Standards and Guidelines.

    ISACA IS Auditing Standards and Guidelines and Code of Professional Ethics.

      Auditing Standards Explained.

      The ISACA Code of Professional Ethics.

    Ensuring That the Organization’s Information Technology and Business Systems are Adequately Controlled, Monitored, and Assessed.

      ISACA’s CobiT Framework.

      Control Self-Assessment.

    Risk-Based IS Audit Strategy and Objectives.

    Aligning Controls with the Organization’s Business Objectives.

      Steering Committee.

      Strategic Planning.

      Organizational Structure.

      IT Department Head.

      Security Department.

      Quality Assurance.


      Data Management.

      Technical Support.


    Segregation of Duties.

    IS Auditing Practices and Techniques.

    Audit Planning and Management Techniques.

    Information Systems Audits.


      Findings and Recommendations.

      SAS 70.

      SAS 94.

      Attribute Sampling.

      Variable Sampling.

      Substantive Tests.

      Compliance Tests.

    Audit Conclusions.

      Obtaining Evidence.

      Organization’s Use of System Platforms, IT Infrastructure, and Applications.

      Techniques to Gather Information and Preserve Evidence.

    Control Objectives and Controls Related to IS (Such as Preventative and Detective).

    Reviewing the Audit.

    Communicating Audit Results.

    Facilitating Risk Management and Control Practices.

      IS, Business, and Audit Risk (Such as Threats and Impacts).

    Risk-Analysis Methods, Principles, and Criteria.

    Communication Techniques.

    Personnel-Management Techniques.

    Practice Questions.

2. Management, Planning, and Organization of IS.

    Strategy, Policies, Standards, and Procedures.

      Strategic Planning.

      IS Steering Committee.

    The Components of IS Strategies, Policies, Standards, and Procedures.

      Policy Development.

      IT Policy.


    Evaluating IS Management Practices to Ensure Compliance with IS Policies, Standards, and Procedures.

    Evaluating the Process for Strategy Development, Deployment, and Maintenance.

    Principles of IS Organizational Structure and Design.

      Evaluating IS Organization and Structure.

      Evaluating Use of Third-Party Services.

    Examining IS Management and Practices.

      IS Project-Management Strategies and Policies.

    IT Governance, Risk Management, and Control Frameworks.

    IS Problem- and Change-Management Strategies and Policies.

    IS Quality-Management Strategies and Policies.

    IS Information Security Management Strategies and Policies.

    IS Business Continuity Management Strategies and Policies.

    Contracting Strategies, Processes, and Contract-Management Practices.

      Employee Contracts.

      Confidentiality Agreement.

      Trade Secret Agreements.

      Discovery Agreements.

      Noncompete Agreements.

    Roles and Responsibilities of IS Functions (Including Segregation of Duties).

    Practices Related to the Management of Technical and Operational Infrastructure.

      Problem Management/Resource Management Procedures.

      Help Desk.


      Service-Level Agreements.

      Key Performance Indicators and Performance-Measurement Techniques.

    Exam Prep Questions.

3. Technical Infrastructure and Operational Practices and Infrastructure.

    IT Organizational Structure.

    Evaluating Hardware Acquisition, Installation, and Maintenance.

      Risks and Controls Relating to Hardware Platforms.

      Change Control and Configuration Management Principles for Hardware.

    Evaluating Systems Software Development, Acquisition, Implementation, and Maintenance.

      Understanding Systems Software and Utilities Functionality.

      Risks and Controls Related to System Software and Utilities.

      Change Control and Configuration Management Principles for System Software.

    Evaluating Network Infrastructure Acquisition, Installation, and Maintenance.

      Understanding Network Components Functionality.

      Networking Concepts and Devices.

    The TCP/IP Protocol Suite.


      Packet-Filtering Firewalls.

      Stateful Packet-Inspection Firewalls.

      Proxy Firewalls.



    Internet, Intranet, and Extranet.

      Risks and Controls Related to Network Infrastructure.

    Evaluating IS Operational Practices.

      Risks and Controls Related to IS Operational Practices.

    Evaluating the Use of System Performance and Monitoring Processes, Tools, and Techniques.

    Exam Prep Questions.

4. Protection of Information Assets.

    Understanding and Evaluating Controls Design, Implementation, and Monitoring.

    Logical Access Controls.

      Techniques for Identification and Authentication.

    Network Infrastructure Security.

      Encryption Techniques.

      Digital Signature Techniques.

      Network and Internet Security.

      Security Software.

      Voice Communications Security.

    Environmental Protection Practices and Devices.

    Physical Access.

      Physical Security Practices.

    Intrusion Methods and Techniques.

      Passive and Active Attacks.


    Security Testing and Assessment Tools.

    Sources of Information on Information Security.

    Security Monitoring, Detection, and Escalation Processes and Techniques.

    The Processes of Design, Implementation, and Monitoring of Security.

      Review Written Policies, Procedures, and Standards.

      Logical Access Security Policy.

      Formal Security Awareness and Training.

      Data Ownership.

      Security Administrators.

      Access Standards.

      Auditing Logical Access.

    Exam Prep Questions.

5. Disaster Recovery and Business Continuity.

    Understanding and Evaluating Process Development.

    Crisis Management and Business Impact Analysis Techniques.

    Disaster Recovery and Business Continuity Planning and Processes.

      Hot Sites.

      Warm Sites.

      Cold Site.

      Duplicate Processing Facilities.

      Reciprocal Agreements.

    Backup and Storage Methods and Practices.

      Backup Definitions.

      Tape Storage.

      Storage Area Networks and Electronic Vaulting.

    Disaster Recovery and Business Continuity Testing Approaches and Methods.

      Paper Test.

      Walk-Through Testing.

      Preparedness Test (Full Test).

      Full Operational Test.

    Understanding and Evaluating Business Continuity Planning, Documentation, Processes, and Maintenance 

      Evaluating the Organization’s Capability to Ensure Business Continuity in the Event of a Business Disruption.

      Evaluating Backup and Recovery Provisions in the Event of a Short-Term Disruption.

      Evaluating the Capability to Continue Information System Processing in the Event That the Primary Information-Processing Facilities Are Not Available.

    Insurance in Relation to Business Continuity and Disaster Recovery.

      Property Insurance.

      Liability Insurance.

    Human Resource Issues (Evacuation Planning, Response Teams).

    Exam Prep Questions

6. Business Application System Development, Acquisition, Implementation, and Maintenance.

    Evaluating Application Systems Development and Implementation.

    System-Development Methodologies and Tools.



      The Phases of the SDLC.

    Project-Management Principles, Methods, and Practices.

    Application-Maintenance Principles.

      Post-Implementation Review Techniques.

    Evaluating Application Systems Acquisition and Implementation.

      Application-Implementation Practices.

      Application System-Acquisition Processes.

      Application Change Control and Emergency Change-Management Procedures.

    Evaluating Application Systems.

      Application Architecture.

      Software Quality-Assurance Methods.

      Testing Principles, Methods, and Practices.

    Exam Prep Questions.

7. Business Process Evaluation and Risk Management.

    Evaluating IS Efficiency and Effectiveness of Information Systems in Supporting Business Processes.

      Methods and Approaches for Designing and Improving Business Procedures.

      Business Performance Indicators.

    Evaluating the Design and Implementation of Programmed and Manual Controls.

      Business Process Controls.

    Evaluating Business Process Change Projects.

    Evaluating the Implementation of Risk Management and Governance.

    Exam Prep Questions.

8. Practice Exam 1.

9. Answer Key 1.

10. Practice Exam 2.

11. Answer Key 2.

Appendix A: CD Contents and Installation Instructions.

    Multiple Test Modes.

      Wrong Answer Feedback.

      Retake a Previous Exam from Your Exam History.

      Configure Your Own Custom Exam.

      Start Your Exam from a Predefined Set of Questions.

      Custom Exam Mode.

    Question Types.

    Random Questions and Order of Answers.

    Detailed Explanations of Correct and Incorrect Answers.

    Attention to Exam Objectives.

    Installing the CD.

    Technical Support.

CISA Glossary.


Product Details

Keele, Allen V.
Pearson It Certification
Mortier, Keith
Keele, Allen
Management Information Systems
Information technology
Certification Guides - General
Technical Skills
Management information systems - Auditing
Computers-Reference - General
Edition Description:
Trade paper
Exam Cram 2
Publication Date:
April 2005
Grade Level:
9.06x6.00x1.11 in. 1.24 lbs.

Related Subjects

Computers and Internet » Computers Reference » General
Computers and Internet » Internet » Information

Cisa Exam Cram: Certified Information Systems Auditor New Trade Paper
0 stars - 0 reviews
$36.25 In Stock
Product details 456 pages Que - English 9780789732729 Reviews:
  • back to top


Powell's City of Books is an independent bookstore in Portland, Oregon, that fills a whole city block with more than a million new, used, and out of print books. Shop those shelves — plus literally millions more books, DVDs, and gifts — here at