Skip to main content

CISA Certified Information Systems Auditor Study Guide

CISA Certified Information Systems Auditor Study Guide

David L. Cannon, Timothy S. Bergmann, Brady Pamplin

ISBN: 978-0-782-14438-3

May 2006

480 pages

Select type: Paperback

Product not available for purchase

Description

Demand for qualified and certified information systems (IS) auditors has increased dramatically since the adoption of the Sarbanes-Oxley Act in 2002. Now you can prepare for CISA certification, the one certification designed specifically for IS auditors, and improve your job skills with this valuable book. Not only will you get the valuable preparation you need for the CISA exam, you?ll also find practical information to prepare you for the real world. This invaluable guide contains:

Authoritative coverage of all CISA exam objectives, including:

  • The IS Audit Process.
  • IT Governance.
  • Systems and Infrastructure Lifecycle Management.
  • IT Service Delivery and Support.
  • Protection of Information Assets.
  • Disaster Recovery and Business Continuity.

Practical information that will prepare you for the real world such as:

  • Secrets of successful auditing.
  • Government regulations at a glance.
  • Incident handling checklist.
  • Scenarios providing insight into professional audit systems and controls.

Additional exam and career preparation tools such as:

  • Challenging chapter review questions.
  • A glossary of terms.
  • Tips on preparing for exam day.
  • Information on related certifications.

A free CD-ROM with:

  • Advanced testing software with challenging chapter review questions plus bonus practice exams so you can test your knowledge.
  • Flashcards that run on your PC, Pocket PC, or Palm handheld.
  • The entire book in searchable and printable PDF.

Related Resources

Instructor

Contact your Rep for all inquiries

Introduction.

Assessment Test.

Chapter 1: Secrets of a Successful IS Auditor.

Chapter 2: Audit Process.

Chapter 3: IT Governance.

Chapter 4: Networking Technology.

Chapter 5: Life Cycle Management.

Chapter 6: IT Service Delivery.

Chapter 7: Information Asset Protection.

Chapter 8: Disaster Recovery and Business Continuity.

Glossary.

Index.

ChapterPageDetailsDatePrint Run
5211Error in Figure 5.4 Six phases of SDLC
Phase 4 under Buy should read Configuration

Phase 4 under Build should read Development
5/23/07

4191Text error: Chapter 4 Review Question no. 6
The correct answer (as given on pg. 195) is B. But B. is misprinted.

Option B. should read:
B. Physical, Data-Link, Network, Transport, Session, Presentation, Application.
6/12/07

IntroductionxxviiText Correction
Line 9:
...of formal PMI training and 1,500 hours... should read
...of formal PMI training or 1,500 hours...
6/21/07

18Text Correction
4th bullet point: Statement on Auditing Standards (SAS), standards 1 through 101... should read
Statement on Auditing Standards (SAS), standards 1 through 114...
6/21/07

19Omission in ISACA IS Audit Standards
S11 Use of Risk Analysis in Audit Planning
Add a second sentence: Risk planning is used to determine if audit is possible, our level of competency to conduct the audit, and plan for the maximum return on investment when designing specific audits.
6/21/07

110Error in Figure 1.2
Bottom row, far right column, last bullet point: Other automated controlsSampleof
delete Sampleof
6/21/07

253Misspelled word in Figure 2.2
Under Knowledge of business, 3rd line: Reproting should be Reporting
6/21/07

256Text correction, Figure 2.3
5th row, 1st column, line 3: List of nonbusiness should read
List of non-business expenses
6/21/07

270Error in figure 2.4
An arrow is missing which should point from Presentation back to Postanalysis Preservation Storage
6/21/07

281Two text corrections under "Exam Essentials"
Paragraph 3, Be familiar with how to plan for specific audits.
3rd sentence: The auditor will be to identify... should read
The auditor will need to identify...

Paragraph 5, Be familiar with IS control objectives and performing control assessment
last sentence: The IS auditors responsible... should read
The IS auditor is responsible...
6/21/07

3105Text Correction
Under Performance Review, line 6:
A score of zero indicate nothing... should read
A score of zero indicates nothing...
6/21/07

3107Two text corrections under "Risk Management"
line 2:
Now let's look one... should read Now let's look at one...

line 4 should read:
The first step in risk management is to calculate how much a single loss event (SLE) would cost.
6/21/07

3109Text Correction
Under Information Security Risk, 3rd sentence:

News articles discuss the government organizations from competing countries attempt to bring the technology to native organizations that are residents of their country.

should read

News articles discuss government agencies from competing countries conspiring to bring new technology to native organizations that are residents in their country.
6/22/07

3114Text Correction
Under Managing outsourcing, last sentence:
Besides the control issue, and an excellent idea to implement...

should read

Besides the control issue, an excellent idea is to implement...
6/22/07

3127Text Correction
Under Tactical Management 2nd paragraph, 3rd sentence:
Tactical management should be using... should read
Tactical management should be performed using...
6/22/07

4166Incorrect diagram in Figure 4.19
The diagram in Figure 4.19, OSI Application Layer , was mistakenly duplicated from Figure 4.12 on page 161. The correct diagram shows Layer 7, Application , across the top, and includes the text User problem solving (ie Word, Excel...)
6/22/07

4167Mis-numbered diagram in Figure 4.20
The numbers in the left-most column, under Your PC are incorrect. Next to the top box, Running CRM Sales database across network, should be the numeral 7 . The boxes should be numbered in descending order, down to 1 next to the bottom box, Network Card LAN cable.
6/22/07

4167Mis-numbered diagram in Figure 4.20
The numbers in the left-most column, under Your PC are incorrect. Next to the top box, Running CRM Sales database across network, should be the numeral 7 . The boxes should be numbered in descending order, down to 1 next to the bottom box, Network Card LAN cable.
6/22/07

4172Text error in Figure 4.27, "Partial mesh network"
The text at the bottom of the figure, No redundant link between C and D
should read
No redundant link between nodes C and D or A and D
6/22/07

4172Text error in Figure 4.27, "Partial mesh network"
The text at the bottom of the figure, No redundant link between C and D
should read
No redundant link between nodes C and D or A and D
6/22/07

5207Text Correction
Paragraph 2, last sentence, We will discuss separation of duties will additional detail...
should read
We will discuss separation of duties with additional detail...
6/22/07

5215Text Correction
Under Auditor Interests in the Feasibility Phase , last sentence:
You would also verify that the project received formal management before proceeding...
should read
You would also verify that the project received formal management approval before proceeding...
6/22/07

5215Text Correction
Under Auditor Interests in the Feasibility Phase , last sentence:
You would also verify that the project received formal management before proceeding...
should read
You would also verify that the project received formal management approval before proceeding...
6/22/07

5234Incorrect Text in Figure 5.14
Figure 5.14, Database columns, also known as attributes contains erroneous text.

In the first column, ID replace the numbers given with
059673
062287

In the third column, Address, replace the text with
960 W. Northwest Hwy #260
320 E. Warm Springs #B3
6/22/07

5247Incorrect answer given for Chapter 5 Review Qestion #7
The answer to Question 7, D. fixed length is incorrect.
The correct answer is C. variable . The explanation remains correct.
6/22/07

7279Text Correction
Under Examples of Threats and Computer Crimes, second paragraph, last sentence:
Have equivalent controls in place to prevent... should read
Have equivalent controls been put in place to prevent...
6/22/07

7279Text Correction
Under Examples of Threats and Computer Crimes, second paragraph, last sentence:
Have equivalent controls in place to prevent... should read
Have equivalent controls been put in place to prevent...
6/22/07

7293Text Correction
In the NOTE box, first line:
As an auditors, we have observed... should read
As auditors, we have observed...
6/22/07