Cisa Certified Information Systems Auditor Study Guide: Covers 2024 - 2029 Exam Objectives (Paperback)

Introduction xxiii

Assessment Test xxxv

Chapter 1 IT Governance and Management 1

IT Governance Practices for Executives and Boards of Directors 3

IT Strategic Planning 10

Policies, Processes, Procedures, and Standards 12

Risk Management 23

IT Management Practices 39

Organization Structure and Responsibilities 62

Maintaining an Existing Program 72

Auditing IT Governance 75

Summary 80

Exam Essentials 81

Review Questions 83

Chapter 2 The Audit Process 87

Audit Management 89

ISACA Auditing Standards 99

Risk Analysis 108

Controls 115

Performing an Audit 121

Control Self-Assessment 144

Implementation of Audit Recommendations 147

Audit Quality Assurance 148

Summary 148

Exam Essentials 150

Review Questions 152

Chapter 3 IT Life Cycle Management 157

Benefits Realization 159

Project Management 165

Systems Development Methodologies 191

Infrastructure Development and Deployment 230

Maintaining Information Systems 234

Business Processes 237

Managing Third Parties 244

Application Controls 247

Auditing the Systems Development Life Cycle 253

Auditing Business Controls 258

Auditing Application Controls 258

Auditing Third-Party Risk Management 261

Summary 262

Exam Essentials 264

Review Questions 266

Chapter 4 IT Service Management 271

Information Systems Operations 273

Systems Performance Management 274

Problem and Incident Management 277

Change, Configuration, Release, and Patch Management 279

Operational Log Management 286

IT Service Level Management 288

Database Management Systems 290

Data Management and Governance 294

Other IT Service Management Topics 295

Auditing IT Service Management and Operations 297

Summary 301

Exam Essentials 302

Review Questions 304

Chapter 5 IT Infrastructure 309

Information Systems Hardware 310

Information Systems Architecture and Software 324

Network Infrastructure 330

Asset Inventory and Classification 386

Job Scheduling and Production Process Automation 390

System Interfaces 391

End-User Computing 392

Auditing IT Infrastructure 393

Summary 398

Exam Essentials 399

Review Questions 401

Chapter 6 Business Continuity and Disaster Recovery 405

Business Resilience 406

Incident Response Communications 473

Auditing Business Continuity Planning 475

Auditing Disaster Recovery Planning 479

Summary 484

Exam Essentials 485

Review Questions 487

Chapter 7 Information Security Management 491

Information Security 493

Role of the Information Security Manager 494

Information Security Risks 497

Building an Information Security Strategy 501

Implementing Security Controls 505

Endpoint Security 507

Network Security Controls 511

Cloud Computing Security 519

Cryptography 528

Exploring Cybersecurity Threats 539

Privacy 545

Security Awareness and Training 548

Security Incident Response 550

Auditing Information Security Controls 554

Summary 559

Exam Essentials 560

Review Questions 563

Chapter 8 Identity and Access Management 567

Logical Access Controls 568

Third-party Access Management 587

Environmental Controls 592

Physical Security Controls 599

Human Resources Security 602

Auditing Access Controls 606

Summary 616

Exam Essentials 617

Review Questions 619

Chapter 9 Conducting a Professional Audit 623

Understanding the Audit Cycle 624

How the IS Audit Cycle Is Discussed 625

Overview of the IS Audit Cycle 627

Summary 699

Appendix A Popular Methodologies, Frameworks, and Guidance 701

Common Terms and Concepts 702

Frameworks, Methodologies, and Guidance 710

Notes 738

References 738

Appendix B Answers to Review Questions 741

Chapter 1: IT Governance and Management 742

Chapter 2: The Audit Process 744

Chapter 3: IT Life Cycle Management 746

Chapter 4: IT Service Management 748

Chapter 5: IT Infrastructure 749

Chapter 6: Business Continuity and Disaster Recovery 750

Chapter 7: Information Security Management 752

Chapter 8: Identity and Access Management 754

Index 759