CISA Certified Information Systems Auditor Study Guide 3rd Edition by Hemang Doshi ISBN 9781835882863 by Hemang Doshi instant download after payment.

CISA Certified Information Systems Auditor Study Guide 3rd Edition by Hemang Doshi - Ebook PDF Instant Download/Delivery: 9781835882863
Full download CISA Certified Information Systems Auditor Study Guide 3rd Edition after payment

Product details:

ISBN 13: 9781835882863
Author: Hemang Doshi

Gain practical information systems auditing expertise to pass the latest CISA exam on your first attempt and advance your career Purchase of the book unlocks access to web-based exam prep resources, including over 1000 practice test questions, flashcards, exam tips, and a free eBook PDF

Key Features
Learn from a qualified CISA and bestselling instructor, Hemang Doshi
Aligned with the latest CISA exam objectives from the 28th edition of the Official Review Manual
Assess your exam readiness with over 1000 targeted practice test questions along with flashcards and exam tips
Book Description
Following on from the success of its bestselling predecessor, this third edition of the CISA - Certified Information Systems Auditor Study Guide serves as your go-to resource for acing the CISA exam. Written by renowned CISA expert Hemang Doshi, this guide equips you with practical skills and in-depth knowledge to excel in information systems auditing, setting the foundation for a thriving career. Fully updated to align with the 28th edition of the CISA Official Review Manual, this guide covers the latest exam objectives and provides a deep dive into essential IT auditing areas, including IT governance, systems development, and asset protection. The book follows a structured, three-step approach to solidify your understanding. First, it breaks down the fundamentals with clear, concise explanations. Then, it highlights critical exam-focused points to ensure you concentrate on key areas. Finally, it challenges you with self-assessment questions that reflect the exam format, helping you assess your knowledge. Additionally, you’ll gain access to online resources, including mock exams, interactive flashcards, and invaluable exam tips, ensuring you’re fully prepared for the exam with unlimited practice opportunities. By the end of this guide, you’ll be ready to pass the CISA exam with confidence and advance your career in auditing.
What you will learn
Conduct audits that adhere to globally accepted standards and frameworks
Identify and propose IT processes and control enhancements
Use data analytics tools to optimize audit effectiveness
Evaluate the efficiency of IT governance and management
Examine and implement various IT frameworks and standard
Manage effective audit reporting and communication
Assess evidence collection methods and forensic techniques
Who this book is for
This CISA study guide is for professionals preparing for the CISA exam, including IT auditors, security analysts, and risk managers. It’s ideal for those with a non-technical background looking to advance in IT audit, governance

CISA Certified Information Systems Auditor Study Guide 3rd Table of contents:

Chapter 1: Audit Planning
Making the Most Out of This Book – Your Certification and Beyond
The Contents of an Audit Charter
Key Aspects for the CISA Exam
Audit Planning
Benefits of Audit Planning
Selection Criteria for the Audit Process
Reviewing Audit Planning
Individual Audit Assignments
Audit Process
Key Aspects for the CISA Exam
Business Process Applications and Controls
E-Commerce
Electronic Data Interchange (EDI)
Point of Sale (POS)
Electronic Banking
Electronic Funds Transfer (EFT)
Image Processing
Artificial Intelligence and Expert Systems
Key Aspects from the CISA Exam Perspective
Types of Controls
Preventive Controls
Detective Controls
Corrective Controls
Deterrent Controls
The Difference Between Preventive and Deterrent Controls
Compensating Controls
Control Objectives
Control Measures
Key Aspects for the CISA Exam
Risk-Based Audit Planning
What Is Risk?
Understanding Vulnerability and Threats
Understanding Inherent Risk and Residual Risk
Advantages of Risk-Based Audit Planning
Audit Risk
Risk-Based Auditing Approach
Risk Assessments
Risk Response Methodology
Key Aspects for the CISA Exam
Types of Audits and Assessments
Internal IS Audit Function
Requirement for a Separate IS Audit Function
Governance of an IS Audit Function
Reporting Structure of an IS Audit Function
Management of IS Audit Resources
IS Audit Objective Should be Aligned with the Overall Business Objective
Key Aspects for the CISA Exam Perspective
Managing Third-Party IS Auditors and Other Experts
Regulatory and Other Requirements for Outsourcing
Due Diligence
Appointment Procedures and Best Practices
Contracts, Service-Level Agreements, and Non-Disclosure Agreements
Monitoring the Performance
Key Aspects for the CISA Exam Perspective
Code of Ethics
Summary
Exam Readiness Drill
HOW TO GET STARTED
Chapter 2: Audit Execution
Audit Project Management
Audit Objectives
Audit Phases
Key Aspects for the CISA Exam
Audit testing and Sampling methodology
Sampling Types
Statistical Sampling
Non-Statistical Sampling
Attribute Sampling
Variable Sampling
Stop-or-Go Sampling
Discovery Sampling
Sampling Risk
Other Sampling Terms
The Confidence Coefficient
Level of Risk
Expected Error Rate
Tolerable Error Rate
Sample Mean
Sample Standard Deviation
Compliance versus Substantive Testing
The Differences between Compliance Testing and Substantive Testing
Examples of Compliance Testing and Substantive Testing
The Relationship between Compliance Testing and Substantive Testing
Key Aspects for the CISA Exam
Audit Evidence Collection Techniques
Reliability of Evidence
Independence of the Evidence Provider
Qualifications of the Evidence Provider
Objectivity of the Evidence
Timing of the Evidence
Evidence-Gathering Techniques
Fraud, Irregularities, and Illegal Acts
Key Aspects for the CISA Exam
Data Analytics
CAATs
Precautions While Using CAAT
Continuous Auditing and Monitoring
Integrated Test Facility
System Control Audit Review File
Snapshot Technique
Audit Hook
Continuous and Intermittent Simulation
Key Aspects for the CISA Exam
Reporting and Communication Techniques
Exit Interview
Audit Reporting
Audit Report Objectives
Audit Report Structure
Follow-Up Activities
Key Aspects for the CISA Exam
Control Self-Assessment
Precautions While Implementing CSA
An IS Auditor’s Role in CSA
Key Aspects for the CISA Exam
Agile Auditing
Dictionary Meaning of Agile
Understanding Agile Auditing
Benefits of Agile Auditing
Traditional Auditing vis-à-vis Agile Auditing
Key Aspects for the CISA Exam
Quality Assurance of Audit Processes
Oversight by Audit Committee
Continuous Education and Updating of IS Auditors
Performance Monitoring of IS Audit Functions
Continuous Improvement
Accreditation/Certification of the IS Audit Function
Key Aspects for the CISA Exam
Use of AI in the Audit Process
How Does AI Work in Auditing?
Benefits of Using AI in Audit Processes
Risks of Using AI in Audit Processes
Use Cases of AI in the Audit Process
Best Practices for Using AI in Audit Process
Summary
Exam Readiness Drill
HOW TO GET STARTED
Chapter 3: IT Governance
EGIT
EGIT Processes
The Differences Between Governance and Management
EGIT Good Practices
Effective Information Security Governance
IS Auditor’ Role in EGIT
Key Aspects for the CISA Exam
IT-Related Frameworks
IT Standards, Policies, and Procedures
Policies
Standards
Procedures
Guidelines
Information Security Policy
Contents of the Information Security Policy
Information Security Policy Users
Information Security Policy Audit
Information Security Policy Review
Top-Down and Bottom-Up Approaches to Policy Development
The Top-Down Approach
The Bottom-Up Approach
The Best Approach
Key Aspects for the CISA Exam
Organizational Structure
Relationship Between the IT Strategy Committee and the IT Steering Committee
Differences Between the IT Strategy Committee and the IT Steering Committee
Key Aspects for the CISA Exam
Enterprise Architecture
Enterprise Security Architecture
Open System Architecture
Key Aspects for the CISA Exam
Enterprise Risk Management
Risk Management Process Steps
Asset Identification
Identification of Threats and Vulnerabilities
Evaluation of Impact
Calculation of Risk
Risk Response
Risk Analysis Methods
Qualitative
Semi-quantitative
Quantitative
Risk Treatment
Key Aspects for the CISA Exam
Maturity Model
Laws, Regulations, and Industry Standards Affecting the Organization
An IS Auditor’s Role in Determining Adherence to Laws and Regulations
Key Aspects for the CISA Exam
Data Privacy Program and Principles
Privacy-Related Regulations
Privacy Principles
Important Privacy-Related Terminology
Auditing a Privacy Program
Key Aspects for the CISA Exam
Data Governance and Data Classification
Benefits of Data Classification
Responsibility for Data Classification
Consideration of Legal and Regulatory Requirements
Key Aspects for the CISA Exam
Summary
Exam Readiness Drill
HOW TO GET STARTED
Chapter 4: IT Management
IT Resource Management
Human Resource Management
Hiring
Training
Scheduling and Time Monitoring
During Employment
Termination Policies
IT Management
Financial Management
Key Aspects for the CISA Exam
IT Service Provider Acquisition and Management
Evaluation Criteria for Outsourcing
Steps for Outsourcing
Outsourcing – Risk Reduction Options
Provisions for Outsourcing Contracts
Role of IS Auditors in Monitoring Outsourced Activities
Globalization of IT Functions
Outsourcing and Third-Party Audit Reports
Monitoring and Review of Third-Party Services
Key Aspects for the CISA Exam
IT Performance Monitoring and Reporting
Development of Performance Metrics
Effectiveness of Performance Metrics
Tools and Techniques for Performance Measurement
Six Sigma
Lean Six Sigma
IT Balanced Scorecard
KPIs
Benchmarking
BPR
Root Cause Analysis
Life Cycle Cost-Benefit Analysis
Key Aspects for the CISA Exam
Quality Assurance and Quality Management in IT
Quality Assurance
Quality Management
Importance of Quality Management
Key Aspects for the CISA Exam
Summary
Exam Readiness Drill
HOW TO GET STARTED
Chapter 5: Information Systems Acquisition and Development
Project Management Structure
Project Roles and Responsibilities
Board of Directors
IT Strategy Committee
Project Steering Committee
Project Sponsor
System Development Management
Project Cost Estimation Methods
Software Size Estimation Methods
Project Evaluation Methods
Project Objectives, OBS, and WBS
The Role of the IS Auditor in Project Management
Key Aspects for the CISA Exam
Business Case and Feasibility Analysis
Business Cases
Feasibility Analysis
The IS Auditor’s Role in Business Case Development
System Development Methodologies
SDLC Models
Traditional Waterfall
V-Shaped Model
SDLC Phases
Phase 1 – Feasibility Study
Phase 2 – Requirements
Phase 3 – Software Selection and Acquisition
Phase 4 – Development
Phase 5 – Testing and Implementation
Phase 6 – Post-Implementation
Software Development Methods
Agile Development
Prototyping
RAD
Object-Oriented System Development
Component-Based Development
Software Reengineering and Reverse Engineering
Key Aspects for the CISA Exam
Control Identification and Design
Check Digits
Parity Bits
Checksums
Forward Error Control
Data Integrity Principles
Limit Checks
Automated System Balancing
Sequence Checks
Decision Support Systems
Decision Trees
Key Aspects for the CISA Exam
Summary
Exam Readiness Drill
HOW TO GET STARTED
Chapter 6: Information Systems Implementation
Testing Methodology
Unit Testing
Integration Testing
System Testing
Final Acceptance Testing
Regression Testing
Sociability Test
Pilot Testing
Parallel Testing
White-Box Testing
Black-Box Testing
Alpha Testing
Beta Testing
Testing Approach
Testing Phases
Key Aspects for the CISA Exam
System Migration
Parallel Changeover
Phased Changeover
Abrupt Changeover
Key Aspects for the CISA Exam
Post-Implementation Review
Key Aspects for the CISA Exam
Configuration and Release Management
Release Management
Configuration Management
Baseline Control
Key Aspects for the CISA Exam
Summary
Exam Readiness Drill
HOW TO GET STARTED
Chapter 7: Information Systems Operations
Understanding Common Technology Components
Types of Servers
Universal Serial Bus
USBs – Risks
USBs – Security Controls
Radio-Frequency Identification
RFID – Risks
RFID – Security Controls
IT Asset Management
Performance Reports
Availability Reports
Utilization Reports
Asset Management Reports
Hardware Error Reports
Job Scheduling
End-User Computing and Shadow IT
Key Aspects for the CISA Exam
System Performance Management
Nucleus (Kernel) Functions
Utility Programs
Parameter Setting for the Operating System
Registry
Activity Logging
Software Licensing Issues
Source Code Management
Capacity Management
Key Aspects for the CISA Exam
Problem and Incident Management
Network Management Tools
Key Aspects for the CISA Exam
Change Management, Configuration Management, and Patch Management
Change Management Process
Emergency Change Management
Backout Process
The Effectiveness of a Change Management Process
Patch Management
Configuration Management
Key Aspects for the CISA Exam
IT Service-Level Management
Database Management Process
Advantages of Database Management
Database Structures
Hierarchical Database Model
Network Database Model
Relational Database Model
Object-Oriented Database Model
Database Normalization
Database Checks and Controls
Segregation of Duties
Key Aspects for the CISA Exam
Operational Log Management
Importance of Log Management
Types of Logs
Log Management Life Cycle
Effective Data Collection
Protection of Log Data
Integration with SIEM Systems
Key Aspects for the CISA Exam
Summary
Exam Readiness Drill
HOW TO GET STARTED
Chapter 8: Business Resilience
Business Impact Analysis
Key Aspects for the CISA Exam
Data Backup and Restoration
Types of Backup Strategy
Storage Capacity for Each Backup Scheme
Restoration Capability for Each Backup Strategy
Advantages and Disadvantages of Each Backup Methodology
Key Aspects for the CISA Exam
System Resiliency
Application Resiliency – Clustering
Telecommunication Network Resiliency
Alternative Routing
Diverse Routing
Business Continuity Plan
Steps of the BCP Life Cycle
Contents of the BCP
Responsibility for Declaring a Disaster
A Single Plan
Backup Procedure for Critical Operations
The Involvement of Process Owners in the BCP
BCP and Risk Assessments
Testing the BCP
Key Aspects for the CISA Exam
Disaster Recovery Plan
The BCP versus the DRP
The Relationship Between the DRP and the BIA
Costs Associated with Disaster Recovery
Data Backup
DRP of a Third-Party Service Provider
Resilient Information Assets
Service Delivery Objective
Key Aspects for the CISA Exam
DRP – Test Methods
Checklist Review
Structured Walk-Through
Tabletop Test
Simulation Test
Parallel Test
Full Interruption Test
Key Aspects for the CISA Exam
Recovery Time Objective (RTO) and Recovery Point Objective (RPO)
RTO
RPO
RTO and RPO for Critical Systems
RTO and RPO and Maintenance Costs
RTO, RPO, and Disaster Tolerance
Key Aspects for the CISA Exam
Alternate Recovery Sites
Mirrored Site
Hot Site
Warm Site
Cold Site
Mobile Site
Reciprocal Agreement
Summary
Exam Readiness Drill
HOW TO GET STARTED
Chapter 9: Information Asset Security and Control
Information Asset Security Frameworks
Auditing the Information Security Management Framework
Key Aspects for the CISA Exam
Physical Access and Environmental Controls
Environmental Controls
Alarm Controls
Water and Smoke Detectors
Fire Suppression Systems
Water-Based Sprinkler (WBS)
Dry Pipe Sprinkler
Halon Systems
Carbon Dioxide Systems
Physical Access Control
Bolting Door Locks
Combination Door Locks (Cipher Locks)
Electronic Door Locks
Biometric Door Locks
Deadman Doors
Identification Badges
CCTV Cameras
Workstation Locks
No Sign Boards
Key Aspects for the CISA Exam
Industrial Control Systems
Identity and Access Management
Access Control Categories
Steps for Implementing Logical Access Controls
Control Effectiveness
Default Deny Policy – Allow-All Policy
Degaussing (Demagnetizing)
Naming Convention
Authentication Factors
Single Sign-On
Advantages of SSO
Disadvantages of SSO
Zero Trust
Privileged Access Management
Directory Services
Identity as a Service (IdaaS)
Benefits of IdaaS
Risks of IdaaS
Digital Rights Management (DRM)
Benefits of DRM
Federated Identity Management (FIM)
Benefits of FIM
Key Aspects for the CISA Exam
Biometrics
Biometrics Accuracy Measure
False Acceptance Rate (FAR)
False Rejection Rate (FRR)
Cross-Error Rate (CER) or Equal Error Rate (EER)
Control over the Biometric Process
Types of Biometric Attacks
Key Aspects for the CISA Exam
Summary
Exam Readiness Drill
HOW TO GET STARTED
Chapter 10: Network Security and Control
Networking and Endpoint Devices
Open System Interconnection (OSI) Layers
Networking Devices
Repeaters
Hubs and Switches
Bridges
Routers
Gateway
Network Devices and the OSI Layer
Network Physical Media
Fiber-Optic Cables
Twisted Pair (Copper Circuit)
Infrared and Radio (Wireless)
Identifying the Risks of Physical Network Media
Attenuation
Electromagnetic Interference (EMI)
Crosstalk
Network Diagram
Network Protocols
Dynamic Host Configuration Protocol
Transport Layer Security and Secure Socket Layer
Transmission Control Protocol and User Data Protocol
Secure Shell and Telnet
Network Attached Storage (NAS)
Content Delivery Network (CDN)
Network Time Protocol (NTP)
How Does NTP Work?
Network Segmentation
How Does Network Segmentation Work?
Key Aspects for the CISA Exam
Firewall Types and Implementation
Types of Firewalls
Packet-Filtering Router
Stateful Inspection

People also search for CISA Certified Information Systems Auditor Study Guide 3rd:

cisa – certified information systems auditor study guide pdf
    
cisa certified information systems auditor study guide third edition packt
    
cisa certified information systems auditor all-in-one exam guide
    
isaca cisa – certified information systems auditor
    
certified information systems auditor cisa requirements
    
cisa - certified information systems auditor study guide(packt publishin

Tags: Hemang Doshi, CISA, Information