Thank you for visiting us. We are currently updating our shopping cart and regret to advise that it will be unavailable until September 1, 2014. We apologise for any inconvenience and look forward to serving you again.

Wiley
Wiley.com
Print this page Share

CISA: Certified Information Systems Auditor Study Guide

ISBN: 978-0-7821-4438-3
480 pages
May 2006
CISA: Certified Information Systems Auditor Study Guide (0782144381) cover image
Demand for qualified and certified information systems (IS) auditors has increased dramatically since the adoption of the Sarbanes-Oxley Act in 2002. Now you can prepare for CISA certification, the one certification designed specifically for IS auditors, and improve your job skills with this valuable book. Not only will you get the valuable preparation you need for the CISA exam, you ll also find practical information to prepare you for the real world. This invaluable guide contains:

Authoritative coverage of all CISA exam objectives, including:

  • The IS Audit Process.
  • IT Governance.
  • Systems and Infrastructure Lifecycle Management.
  • IT Service Delivery and Support.
  • Protection of Information Assets.
  • Disaster Recovery and Business Continuity.

Practical information that will prepare you for the real world such as:

  • Secrets of successful auditing.
  • Government regulations at a glance.
  • Incident handling checklist.
  • Scenarios providing insight into professional audit systems and controls.

Additional exam and career preparation tools such as:

  • Challenging chapter review questions.
  • A glossary of terms.
  • Tips on preparing for exam day.
  • Information on related certifications.

A free CD-ROM with:

  • Advanced testing software with challenging chapter review questions plus bonus practice exams so you can test your knowledge.
  • Flashcards that run on your PC, Pocket PC, or Palm handheld.
  • The entire book in searchable and printable PDF.
See More
Introduction.

Assessment Test.

Chapter 1: Secrets of a Successful IS Auditor.

Chapter 2: Audit Process.

Chapter 3: IT Governance.

Chapter 4: Networking Technology.

Chapter 5: Life Cycle Management.

Chapter 6: IT Service Delivery.

Chapter 7: Information Asset Protection.

Chapter 8: Disaster Recovery and Business Continuity.

Glossary.

Index.

See More
David L. Cannon, CISA, CCSP, is President of CertTest Training Center, a leading CISA training provider. He has over fifteen years of experience in IT training and consulting.

Timothy S. Bergmann, PMP, is Director of Education for CertTest Training. He has over twenty years of experience in IT training and management.

Brady Pamplin, an instructor at CertTest Training, has over thirty years of experience in IT, including systems design and administration, project management, database administration, and disaster recovery planning.

See More

Do you think you've discovered an error in this book? Please check the list of errata below to see if we've already addressed the error. If not, please submit the error via our Errata Form. We will attempt to verify your error; if you're right, we will post a correction below.

ChapterPageDetailsDatePrint Run
5 211 Error in Figure 5.4 Six phases of SDLC
Phase 4 under "Buy" should read "Configuration"

Phase 4 under "Build" should read "Development"
5/23/07
4 191 Text error: Chapter 4 Review Question no. 6
The correct answer (as given on pg. 195) is B. But B. is misprinted.

Option B. should read:
B. Physical, Data-Link, Network, Transport, Session, Presentation, Application.
6/12/07
Introduction xxvii Text Correction
Line 9:
"...of formal PMI training and 1,500 hours..." should read
"...of formal PMI training or 1,500 hours..."
6/21/07
1 8 Text Correction
4th bullet point: "Statement on Auditing Standards (SAS), standards 1 through 101..." should read
"Statement on Auditing Standards (SAS), standards 1 through 114..."
6/21/07
1 9 Omission in ISACA IS Audit Standards
S11 Use of Risk Analysis in Audit Planning
Add a second sentence: "Risk planning is used to determine if audit is possible, our level of competency to conduct the audit, and plan for the maximum return on investment when designing specific audits."
6/21/07
1 10 Error in Figure 1.2
Bottom row, far right column, last bullet point: "Other automated controlsSampleof"
delete "Sampleof"
6/21/07
2 53 Misspelled word in Figure 2.2
Under "Knowledge of business," 3rd line: "Reproting" should be "Reporting"
6/21/07
2 56 Text correction, Figure 2.3
5th row, 1st column, line 3: "List of nonbusiness" should read
"List of non-business expenses"
6/21/07
2 70 Error in figure 2.4
An arrow is missing which should point from "Presentation" back to "Postanalysis Preservation Storage"
6/21/07
2 81 Two text corrections under "Exam Essentials"
Paragraph 3, "Be familiar with how to plan for specific audits."
3rd sentence: "The auditor will be to identify..." should read
"The auditor will need to identify..."

Paragraph 5, "Be familiar with IS control objectives and performing control assessment"
last sentence: "The IS auditors responsible..." should read
"The IS auditor is responsible..."
6/21/07
3 105 Text Correction
Under Performance Review, line 6:
A score of zero indicate nothing..." should read
"A score of zero indicates nothing..."
6/21/07
3 107 Two text corrections under "Risk Management"
line 2:
"Now let's look one..." should read "Now let's look at one..."

line 4 should read:
"The first step in risk management is to calculate how much a single loss event (SLE) would cost."
6/21/07
3 109 Text Correction
Under "Information Security Risk," 3rd sentence:

"News articles discuss the government organizations from competing countries attempt to bring the technology to native organizations that are residents of their country."

should read

"News articles discuss government agencies from competing countries conspiring to bring new technology to native organizations that are residents in their country."
6/22/07
3 114 Text Correction
Under "Managing outsourcing," last sentence:
"Besides the control issue, and an excellent idea to implement..."

should read

"Besides the control issue, an excellent idea is to implement..."
6/22/07
3 127 Text Correction
Under "Tactical Management" 2nd paragraph, 3rd sentence:
"Tactical management should be using..." should read
"Tactical management should be performed using..."
6/22/07
4 166 Incorrect diagram in Figure 4.19
The diagram in Figure 4.19, "OSI Application Layer", was mistakenly duplicated from Figure 4.12 on page 161. The correct diagram shows Layer 7, "Application", across the top, and includes the text "User problem solving (ie Word, Excel...)"
6/22/07
4 167 Mis-numbered diagram in Figure 4.20
The numbers in the left-most column, under "Your PC" are incorrect. Next to the top box, "Running CRM Sales database across network," should be the numeral "7". The boxes should be numbered in descending order, down to "1" next to the bottom box, "Network Card LAN cable."
6/22/07
4 167 Mis-numbered diagram in Figure 4.20
The numbers in the left-most column, under "Your PC" are incorrect. Next to the top box, "Running CRM Sales database across network," should be the numeral "7". The boxes should be numbered in descending order, down to "1" next to the bottom box, "Network Card LAN cable."
6/22/07
4 172 Text error in Figure 4.27, "Partial mesh network"
The text at the bottom of the figure, "No redundant link between C and D"
should read
"No redundant link between nodes C and D or A and D"
6/22/07
4 172 Text error in Figure 4.27, "Partial mesh network"
The text at the bottom of the figure, "No redundant link between C and D"
should read
"No redundant link between nodes C and D or A and D"
6/22/07
5 207 Text Correction
Paragraph 2, last sentence, "We will discuss separation of duties will additional detail..."
should read
"We will discuss separation of duties with additional detail..."
6/22/07
5 215 Text Correction
Under "Auditor Interests in the Feasibility Phase", last sentence:
"You would also verify that the project received formal management before proceeding..."
should read
"You would also verify that the project received formal management approval before proceeding..."
6/22/07
5 215 Text Correction
Under "Auditor Interests in the Feasibility Phase", last sentence:
"You would also verify that the project received formal management before proceeding..."
should read
"You would also verify that the project received formal management approval before proceeding..."
6/22/07
5 234 Incorrect Text in Figure 5.14
Figure 5.14, "Database columns, also known as attributes" contains erroneous text.

In the first column, "ID" replace the numbers given with
059673
062287

In the third column, "Address," replace the text with
960 W. Northwest Hwy #260
320 E. Warm Springs #B3
6/22/07
5 247 Incorrect answer given for Chapter 5 Review Qestion #7
The answer to Question 7, "D. fixed length" is incorrect.
The correct answer is "C. variable". The explanation remains correct.
6/22/07
7 279 Text Correction
Under "Examples of Threats and Computer Crimes," second paragraph, last sentence:
"Have equivalent controls in place to prevent..." should read
"Have equivalent controls been put in place to prevent..."
6/22/07
7 279 Text Correction
Under "Examples of Threats and Computer Crimes," second paragraph, last sentence:
"Have equivalent controls in place to prevent..." should read
"Have equivalent controls been put in place to prevent..."
6/22/07
7 293 Text Correction
In the "NOTE" box, first line:
"As an auditors, we have observed..." should read
"As auditors, we have observed..."
6/22/07
See More
Back to Top