CHF53.90
Download steht sofort bereit
This is the eBook version of the print title. Note that the eBook may not provide access to the practice test software that accompanies the print book.
Learn, prepare, and practice for CISA exam success with this Cert Guide from Pearson IT Certification, a leader in IT certification learning.
The book presents you with an organized test preparation routine through the use of proven series elements and techniques. Exam topic lists make referencing easy. Chapter-ending Exam Preparation Tasks help you drill on key concepts you must know thoroughly. Review questions help you assess your knowledge, and a final preparation chapter guides you through tools and resources to help you craft your final study plan.
Well-regarded for its level of detail, assessment features, and challenging review questions and exercises, this study guide helps you master the concepts and techniques that will allow you to succeed on the exam the first time.
The study guide helps you master all the topics on the CISA exam, including:
Autorentext
Michael Gregg (CISSP, SSCP, CISA, MCSE, MCT, CTT+, A+, N+, Security+, CCNA, CASP, CISA, CISM, CEH, CHFI, and GSEC) works for a Houston, Texas-based IT security consulting firm.
Michael is responsible for working with organizations to develop cost-effective and innovative technology solutions to security issues and for evaluating the security of emerging technologies. He has more than 20 years of experience in the IT field and holds two associate's degrees, a bachelor's degree, and a master's degree. In addition to co-authoring the first, second, and third editions of Security Administrator Street Smarts, Michael has written or co-authored 15 other books, including The Network Security Test Lab: A Step-by-Step Guide (Wiley, 2015); CompTIA Security+ Rapid Review (Microsoft, 2013); Certified Ethical Hacker Cert Guide (Pearson, 2017); and CISSP Exam Cram (Que, 2016).
Michael has been quoted in newspapers such as the New York Times and featured on various television and radio shows, including NPR, ABC, CBS, Fox News, CNN, and others, discussing cybersecurity and ethical hacking. He has created more than a dozen IT security training classes, and he has created and performed video instruction on many security topics, such as cybersecurity, CISSP, CASP, Security+, and others. When not consulting, teaching, or writing, Michael enjoys 1960s muscle cars and has a slot in his garage for a new project car.
Rob Johnson (CISSP, CISA, CISM, CGEIT, and CRISC) is experienced in information risk, IT audit, privacy, and security management. He has a diverse background that includes hands-on operational experience as well as providing strategic risk assessment and support to leadership and board-level audiences.
Rob currently serves as a senior vice president and technology executive with global teams and responsibilities at Bank of America. He has held various technology and executive positions throughout his career, including chief information security officer for a global insurance company, head of IT audit for a major domestic bank, chief information security officer for a large midwestern bank, chief cybersecurity architect and product owner for a major software house where he led deployments across 15 countries, and senior partner at a consulting firm.
Rob is well known across a number of industry groups. He is a published author and frequent speaker at conferences. Rob has served on a number of ISACA global committees; for example, he was formerly the chair of the ISACA Education Committee and a member of the ISACA Assurance Committee to name a few. In addition, Rob was one of the 12 members of the prestigious ISACA COBIT 5 Task Force, which led to the creation of the COBIT 5 global standard.
Rob holds a Bachelor of Science Degree in Interdisciplinary Studies from the University of Houston. He lives a quiet life, where he enjoys his children, watches his amazing son Donald win chess tournaments, and spends time with his wonderful wife, Lin.
Inhalt
Introduction xxiii Chapter 1 The CISA Certification 3 Exam Intent 3 Why the CISA Certification Is So Important 4 CISA: The Gold Standard 5 Exam Requirements 6 CISA Exam Windows 6 Scheduling to Take the Exam 7 Deadline to Apply for the CISA Certification 7 ISACA Agreements 9 CISA Exam Domains 10 Question Format and Grading 13 Exam Grading 13 Exam Questions 14 Getting Exam Results and Retests 15 Maintaining CISA Certification 16 Reporting CPE Hours Earned 16 Earning CPE Hours 17 Top 10 Tips and Tricks 18 Chapter Summary 19 Define Key Terms 20 Suggested Readings and Resources 20 Chapter 2 The Information Systems Audit 23 "Do I Know This Already?" Quiz 23 Foundation Topics 27 Skills and Knowledge Required to Be an IS Auditor 27 Work-Related Skills 27 Knowledge of Ethical Standards 28 ISACA Standards, Procedures, Guidelines, and Baselines 31 Knowledge of Regulatory Standards 35 Guidance Documents 36 Auditing Compliance with Regulatory Standards 38 Knowledge of Business Processes 38 Types of Audits 39 Risk Assessment Concepts 40 Risk Management 43 Auditing and the Use of Internal Controls 45 The Auditing Life Cycle 47 Audit Methodology 47 The Auditing Life Cycle Steps 48 Chain of Custody and Evidence Handling 49 Automated Work Papers 50 CAATs 51 Audit Closing 52 Report Writing 53 The Control Self-Assessment Process 54 Continuous Monitoring 55 Quality Assurance 56 The Challenges of Audits 57 Communicating Results 57 Negotiation and the Art of Handling Conflicts 58 Chapter Summary 59 Exam Preparation Tasks 60 Review All the Key Topics 60 Complete Tables from Memory 61 Define Key Terms 61 Exercises 61 2.1 Network Inventory 61 Review Questions 64 Suggested Readings and Resources 68 Chapter 3 The Role of IT Governance 71 "Do I Know This Already?" Quiz 71 Foundation Topics 75 The IT Steering Committee 75 Corporate Structure 77 IT Governance Frameworks 77 COBIT 78 ITIL 78 COBIT Versus ITIL 79 Enterprise Risk Management 80 The Risk Management Team 81 Asset Identification 82 Threat Identification 82 Quantitative Risk Assessment 84 Qualitative Risk Assessment 86 The Three Lines of Defense Model 87 Policy Development 90 Policy 91 Policy, Standards, Procedures, and Baselines 92 Auditing Policies, Standards, Procedures, and Baselines 93 Data Classification 96 Security Policy 98 Management Practices of Employees 100 Forced Vacations, Rotation of Assignments, and Dual Control 102 Separation Events 102 Roles and Responsibilities 103 Segregation of Duties (SoD) 105 Compensating Controls 106 Key Employee Controls 106 Performance Management 107 Key Performance Terms 108 Management and Control Frameworks 110 Enterprise Architecture 111 Change Management 113 Q…