CISA Study Guide 2009 Edition and 140 Technical Drill Practice Questions

Contents updated on Nov 29, 2008.

According to ISACA, the CISA program is its cornerstone certification. Since 1978, the CISA exam has measured excellence in the area of IS auditing, control and security. CISA has grown to be globally recognized and adopted worldwide as a symbol of achievement. There are currently more than 30,000 CISAs worldwide.

To earn the Certified Information Systems Auditor (CISA) designation, you need to pass a multiple choices exam which covers the following content areas:

1. Management, Planning, and Organization of IS
2. Technical Infrastructure and Operational Practices
3. Protection of Information Assets
4. Disaster Recovery and Business Continuity
5. Business Application System Development, Acquisition, Implementation, and Maintenance
6. Business Process Evaluation and Risk Management
7. The IS Audit Process

Success factors in the CISA exam = 40% TECHNOLOGY + 60% BUSINESS PRACTICE. We are not talking about the percentage of questions here. We are talking about the success factor - the technology questions are easy to answer because they are mostly based on factual information. The business practice questions are different - different answers work best in different scenarios under different conditions.

Table of contents (this product has been updated on Nov 29, 2008)

* this study guide has an approximate content page count of 280, plus practice questions.

EXAM FORMAT
ABOUT THIS BOOK
EXAM TOPICS
EXAM REGISTRATION CONTACTS
STUDY PSYCHOLOGY & EXAM TACTICS

KEY EXAM STRATEGIES
STRATEGY ONE: KEYWORD OR KEY PHRASE MATCHING.
STRATEGY TWO: CHOICES GROUPING.
STRATEGY THREE: THINK TRICKY.

SECURITY THEORIES
THE COMPUTER SYSTEM ITSELF AS LARGELY AN UNTRUSTED SYSTEM
DEFENSE IN DEPTH
VULNERABILITIES
SECURITY MEASURES
STANDARDS AND GUIDELINES

IS ORGANIZATION AND INFORMATION ASSETS PROTECTION
THE STAKEHOLDERS
THE BOARD
THE AUDIT MANAGER
AUDIT PERSONNEL

IS CONTROLS
CLASSIFICATION OF CONTROLS
GENERAL CONTROLS VS APPLICATION CONTROLS

ACCESS CONTROL AND THE AUDITING PROCESS
ACCESS CONTROL MODELS
ACLS VERSUS CAPABILITIES
WHAT IS ORANGE BOOK, BY THE WAY?
TYPES OF ACCESS CONTROL
THE AAA CONCEPT
ESTABLISHING ACCOUNTABILITY THROUGH EVENT LOGGING
THE AUDIT PROCESS
THE SARBANES–OXLEY ACT AND THE COSO FRAMEWORK
WHAT IS AUDITING, BY THE WAY?
THE ROLE OF AN AUDITOR
THE AUDIT PROCESS FLOW
AUDIT PLANNING
RECOMMENDED TYPES OF AUDIT
AUDIT FIELDWORKS
AUDIT PROGRAM
AUDIT REPORT
AUDIT FOLLOW-UP

IT STRATEGIC PLANNING
IT STRATEGIC PLANNING DEFINED
THE ROLE OF IS AUDITING IN THE PLANNING PROCESS
IN-HOUSE OR OUTSOURCE?
AVOIDING CONFLICTS OF INTEREST

PROTECTION OF INFORMATION ASSETS THROUGH SECURITY POLICY
INFORMATION ASSETS DEFINED
DATA CLASSIFICATIONS AND LAYER OF RESPONSIBILITIES
SECURITY POLICY
SECURITY MODELS AND MODES OF OPERATIONS
ORGANIZATION SPECIFIC CLASSIFICATION SCHEME
EXAMPLE POLICY
CONSEQUENCES OF VIOLATIONS
EVALUATION
CHANGE CONTROL

BUSINESS CONTINUITY PLANNING, CRISIS COMMUNICATIONS & BIA
DEFINITION
BCP VS BPCP VS DRP
BCP PHASES
STAKEHOLDERS AND CRISIS COMMUNICATIONS
THE RISK ASSESSMENT FLOW
RISK VS THREAT AND VULNERABILITY
IDENTIFYING RISKS
LOSS CALCULATIONS

BUSINESS IMPACT ANALYSIS DEFINED
BIA GOALS AND STEPS
BIA CHECKLIST
PREPARING FOR EMERGENCY
MANAGING RECOVERY
TESTING THE PLAN
USER ACCEPTANCE
PLAN MAINTENANCE
INCIDENT HANDLING

RISK MANAGEMENT
RISK MANAGEMENT DEFINED
THE RISK MANAGEMENT STEPS
IS AUDITING AND RISK MANAGEMENT
RISK-BASED AUDITING

PROJECT MANAGEMENT
PROJECT MANAGEMENT DEFINED
PROJECT MANAGEMENT AND AUDIT

CHANGE MANAGEMENT
CHANGE MANAGEMENT DEFINED
CHANGE MANAGEMENT STRATEGIES
CHANGE MANAGEMENT VS CHANGE CONTROL VS CONFIGURATION MANAGEMENT
CHANGE CONTROL REVISITED

APPLICATION PROGRAM DEVELOPMENT
GENERAL GUIDELINES
SYSTEM CHANGE CONTROL
SOFTWARE DEVELOPMENT PROCESSES AND MODELS
BUY VS MAKE: ACQUISITION MANAGEMENT METHODS

TECHNICAL READINGS

SECTION 1: TOPICS ON SECURITY THEORY
SECTION 2: TOPICS ON HACKING, ATTACKING, DEFENDING AND AUDITING
SECTION 3: TOPICS ON ENCRYPTION AND VPN
SECTION 4: TOPICS ON RESPONDING TO ATTACKS
SECTION 5: TOPICS ON VIRUSES

VALUABLE THIRD PARTY RESOURCES

SAMPLE I.S. AUDIT QUESTIONNAIRE

140 Technical Drill Practice Questions

Study Guide TOC Download

Basic Networking Technotes

Appendix updated 4 July 08 covering:

CMM AND CMMI
ESCROWED ENCRYPTION STANDARD (EES)
OBJECT ORIENTED DESIGN
COMPUTER FORENSICS
INCIDENT RESPONSE (IR)
HIPAA
PLATFORM FOR PRIVACY PREFERENCES PROJECT (P3P)
OECD GUIDELINES
CEI’S COMMANDMENTS OF ETHICS
THE INFOSEC ASSESSMENT METHODOLOGY (IAM)
COVERT CHANNEL ANALYSIS
COMMON CRITERIA (CC)
PHYSICAL AND ENVIRONMENTAL SECURITY
INFORMATION RETENTION & DISPOSAL PROCEDURES
BALANCED SCORECARD
BUSINESS PROCESS REENGINEERING
INTERNAL PREVENTIVE CONTROLS VERSUS COMPENSATING CONTROLS
SOFTWARE DEVELOPMENT APPROACHES: THE PROS & CONS
EMERGING PROCESSOR TECHNOLOGIES
EMERGING WIRELESS SECURITY STANDARDS
HR AND SECURITY

Appendix TOC Download

Now comes with 140 Practice Questions to drill you in computer security, controls and IS audit concepts!!!

The Technical Drill Practice Test Module is designed for reinforcing learning objectives and validating knowledge so you know you're prepared to answer even the toughest questions on the CISA certification exam. You will find this module to be a challenging and effective tool that will help you learn how to recognize IS security threats and recommend proper security control and audit solutions.

All orders come with LIFE TIME FREE UPDATES. Unless otherwise stated, delivery time for all e-book (electronic delivery) orders is 24-hour after payment confirmation. There is no S/H charges for e-book delivery. Sales tax may apply depending on your location.

Subscribe Terms of Use Contact Us