Author(s): ISACA
Publisher: Isaca
Year: 2019
Language: English
Pages: 992
Table of Contents......Page 8
Format of This Manual......Page 36
Preparing for the CISA Exam......Page 37
Using the CISA Review Manual......Page 38
Using the CISA Review Manual and Other ISACA Resources......Page 39
Information System Auditing Process......Page 41
Learning Objectives/Task Statements......Page 43
Self-assessment Questions......Page 44
Answers to Self-assessment Questions......Page 47
1.0 Introduction......Page 55
1.1 IS Audit Standards, Guidelines and Codes of Ethics......Page 56
1.2 Business Processes......Page 59
1.3 Types of Controls......Page 97
1.4 Risk-based Audit Planning......Page 104
1.5 Types of Audits and Assessments......Page 113
1.6 Audit Project Management......Page 115
1.7 Sampling Methodology......Page 123
1.8 Audit Evidence Collection Techniques......Page 127
1.9 Data Analytics......Page 132
1.10 Reporting and Communication Techniques......Page 140
1.11 Quality Assurance and Improvement of the Audit Process......Page 147
Case Study......Page 153
Answers to Case Study Questions......Page 156
Governance and Management of IT......Page 160
Suggested Resources for Further Study......Page 162
Self-assessment Questions......Page 163
Answers to Self-assessment Questions......Page 167
2.1 IT Governance and IT Strategy......Page 173
2.2 IT-related Frameworks......Page 187
2.3 IT Standards, Policies and Procedures......Page 188
2.4 Organizational Structure......Page 194
2.5 Enterprise Architecture......Page 217
2.6 Enterprise Risk Management......Page 219
2.7 Maturity Models......Page 224
2.8 Laws, Regulations and Industry Standards Affecting the Organization......Page 227
2.9 IT Resource Management......Page 229
2.10 IT Service Provider Acquisition and Management......Page 237
2.11 IT Performance Monitoring and Reporting......Page 254
2.12 Quality Assurance and Quality Management of IT......Page 261
Case Study......Page 263
Answers to Case Study Questions......Page 265
Information Systems Acquisition, Development and Implementation......Page 269
Learning Objectives/Task Statements......Page 270
Suggested Resources for Further Study......Page 271
Self-assessment Questions......Page 272
Answers to Self-assessment Questions......Page 275
3.1 Project Governance and Management......Page 282
3.2 Business Case and Feasibility Analysis......Page 307
3.3 System Development Methodologies......Page 310
3.4 Control Identification and Design......Page 365
3.5 Testing Methodologies......Page 386
3.6 Configuration and Release Management......Page 395
3.7 System Migration, Infrastructure Deployment and Data Conversion......Page 397
3.8 Post-implementation Review......Page 411
Case Study......Page 415
Answers to Case Study Questions......Page 417
Information Systems Operations and Business Resilience......Page 420
Domain 4 Exam Content Outline......Page 422
Suggested Resources for Further Study......Page 423
Self-assessment Questions......Page 424
Answers to Self-assessment Questions......Page 427
4.1 Common Technology Components......Page 434
4.2 IT Asset Management......Page 445
4.3 Job Scheduling and Production Process Automation......Page 448
4.4 System Interfaces......Page 451
4.6 Data Governance......Page 454
4.7 Systems Performance Management......Page 458
4.8 Problem and Incident Management......Page 474
4.9 Change, Configuration, Release and Patch Management......Page 480
4.10 IT Service Level Management......Page 489
4.11 Database Management......Page 493
4.12 Business Impact Analysis......Page 505
4.13 System Resiliency......Page 509
4.14 Data Backup, Storage and Restoration......Page 512
4.15 Business Continuity Plan......Page 524
4.16 Disaster Recovery Plans......Page 551
Case Study......Page 568
Answers to Case Study Questions......Page 570
Protection of Information Assets......Page 573
Domain 5 Exam Content Outline......Page 575
Suggested Resources for Further Study......Page 576
Self-assessment Questions......Page 577
Answers to Self-Assessment Questions......Page 581
5.1 Information Asset Security Frameworks, Standards and Guidelines......Page 588
5.2 Privacy Principles......Page 599
5.3 Physical Access and Environmental Controls......Page 602
5.4 Identity and Access Management......Page 618
5.5 Network and End-point Security......Page 668
5.6 Data Classification......Page 717
5.7 Data Encryption and Encryption-related Techniques......Page 718
5.8 Public Key Infrastructure......Page 728
5.9 Web-based Communication Technologies......Page 730
5.10 Virtualized Environments......Page 772
5.11 Mobile, Wireless and Internet-of-things Devices......Page 779
5.12 Security Awareness Training and Programs......Page 795
5.13 Information System Attack Methods and Techniques......Page 797
5.14 Security Testing Tools and Techniques......Page 819
5.15 Security Monitoring Tools tand Techniques......Page 829
5.16 Incident Response Management......Page 834
5.17 Evidence Collection and Forensics......Page 836
Case Study......Page 841
Answer to Case Study Questions......Page 843
Appendix A: CISA Exam General Information......Page 849
Appendix B: CISA 2019 Job Practice......Page 854
Glossary......Page 862
Acronyms......Page 911
Index......Page 945