Warenkorb
€ 0,00 0 Buch dabei,
portofrei
Exam Prep CISA: Certified Information Systems Auditor als Buch
PORTO-
FREI

Exam Prep CISA: Certified Information Systems Auditor

Sprache: Englisch.
Buch (kartoniert)
The "CISA Exam Prep "provides you with the market' s most comprehensive and current material for passing the new CISA certification exam. Exam Prep' s best-selling study methods feature chapter review questions, practice exams, exam alerts, not … weiterlesen
Buch

54,49*

inkl. MwSt.
Portofrei
Lieferbar innerhalb von zwei Wochen
Exam Prep CISA: Certified Information Systems Auditor als Buch

Produktdetails

Titel: Exam Prep CISA: Certified Information Systems Auditor
Autor/en: Michael Gregg

ISBN: 0789735733
EAN: 9780789735737
Sprache: Englisch.
PEARSON IT CERTIFICATION

Mai 2007 - kartoniert - 578 Seiten

Beschreibung

The "CISA Exam Prep "provides you with the market' s most comprehensive and current material for passing the new CISA certification exam. Exam Prep' s best-selling study methods feature chapter review questions, practice exams, exam alerts, notes, tips, and cautions. You' ll also have exclusive access to online test questions, which help you assess your understanding of the material before you take your exam.

Inhaltsverzeichnis

Introduction ... 1 How This Book Helps You ... 1 About the CISA Exam ... 2 CISA Exam Objectives ... 2 How to Prepare for the Exam ... 3 Additional Exam-Preparation Resources ... 4 Practice Tests ... 5 What This Book Does ... 5 What This Book Does Not Do... 6 Contacting the Author ... 6 About the Book ... 6 Instructional Features ... 7 Extensive Practice Test Options ... 8 Final Preparation ... 9 Final Words of Wisdom ... 9 Study and Exam Prep Tips ... 11 Learning Styles ... 12 Study Tips ... 12 Study Strategies ... 12 Pretesting Yourself... 14 Exam Prep Tips ... 14 Exam Format ... 15 Question Types ... 16 More Exam Preparation Tips ... 16 Final Considerations ... 18 Part I: IT Governance and the Audit Process Chapter 1: The Audit Process ... 21 Introduction ... 24 Issues and Challenges of the IS Auditor... 24 Audit Planning ... 26 Standards and Guidelines for ISACA IS Auditors ... 27 ISACA Standards... 28 ISACA Code of Ethics ... 31 Risk Analysis... 32 Risk Management ... 33 Risk-Based Audits ... 35 Auditing and the Use of Internal Controls ... 36 CobiT ... 38 The Audit Process ... 39 Audit Classification ... 40 Audit Programs ... 41 Audit Methodology ... 42 Objectives of the Audit ... 45 Compliance Versus Substantive Testing ... 46 Sampling and Embedded Audit Modules... 46 Evidence ... 47 Detection of Fraud ... 48 Audit Closing ... 49 Changes in the IS Audit Process ... 50 The Control Self-Assessment Process ... 50 Integrated Auditing ... 51 Continuous Auditing ... 52 Chapter Summary ... 54 Key Terms... 54 Apply Your Knowledge... 55 Exercises ... 55 Exam Questions... 59 Answers to Exam Questions... 61 Need to Know More?... 62 Chapter 2: IT Governance ... 63 Introduction ... 67 Best Practices for Senior Management ... 67 Audit's Role in Governance ... 69 IT Steering Committee ... 70 Measuring Performance ... 71 Information Security Governance ... 72 The Role of Strategy, Policies, Planning, and Procedures ... 74 Policy Development ... 75 Policies and Procedures ... 76 Risk Identification and Management ... 79 The Risk-Management Team ... 80 Asset Identification ... 81 Threat Identification ... 81 Risk-Analysis Methods ... 83 Management Practices and Controls ... 88 Employee Management ... 89 Sourcing ... 93 Change Management and Quality Improvement Techniques... 95 Understanding Personnel Roles and Responsibilities ... 99 Employee Roles and Duties... 100 Segregation of Duties ... 101 Chapter Summary ... 104 Key Terms ... 104 Apply Your Knowledge... 105 Exercises ... 105 Exam Questions... 107 Answers to Exam Questions... 109 Need to Know More?... 110 Part II: System and Infrastructure Lifecycle Management Chapter 3: Lifecycle Management ... 113 Introduction ... 117 Project Management... 117 Roles, Responsibility, and Structure ... 118 Project Culture and Objectives ... 119 Project-Management Practices ... 120 Project Initiation ... 121 Project Planning ... 121 Project Control and Execution ... 128 Closing a Project ... 128 Business Application Development... 130 Systems-Development Methodology ... 131 Alternative Application-Development Techniques... 142 Application-Development Approaches... 144 Information Systems Maintenance Practices... 146 Chapter Summary ... 148 Key Terms ... 148 Apply Your Knowledge... 148 Exercises ... 149 Exam Questions... 150 Answers to Exam Questions... 152 Need to Know More?... 154 Chapter 4: System Infrastructure Control ... 155 Introduction ... 158 Programmed and Manual Application Controls... 158 Business Process Controls ... 159 Auditing Application Controls ... 168 Understanding the Application ... 168 Observation and Testing... 169 Data Integrity Controls ... 170 Application System Testing ... 172 Continuous Online Auditing ... 173 Auditing Systems Development, Acquisition, and Maintenance ... 176 Project Management... 177 Business Application Systems ... 178 E-Commerce ... 179 Electronic Data Interchange ... 180 Email ... 181 Business Intelligence ... 182 Chapter Summary ... 187 Key Terms ... 187 Apply Your Knowledge... 188 Exercises ... 188 Exam Questions... 189 Answers to Exam Questions... 191 Need to Know More?... 192 Part III: IT Service Delivery and Support Chapter 5: Information Systems Hardware and Architecture... 195 Introduction ... 198 Information Systems Operation ... 198 Monitoring Resource Usage ... 200 Help Desk and Support ... 204 Change-Management Process ... 206 Information Systems Hardware... 209 The Central Processing Unit... 210 Memory ... 212 I/O Bus Standards ... 213 Computer Types ... 214 Computer Configurations and Roles ... 215 Radio Frequency Identification ... 218 Hardware Maintenance Program ... 219 Hardware Monitoring and Capacity Management... 219 Information Systems Architecture and Software ... 221 Software Development ... 221 Operating Systems ... 223 Secondary Storage ... 224 Data Communication Software ... 225 Database-Management Systems ... 226 Database Structure ... 227 Software Licensing Issues... 230 Chapter Summary ... 231 Key Terms ... 231 Apply Your Knowledge... 232 Exercises ... 232 Exam Questions... 234 Answers to Exam Questions... 236 Need to Know More?... 237 Chapter 6: Information Systems Used for IT Delivery and Support... 239 Introduction ... 242 Network Infrastructure... 242 Network Types... 242 Network Standards and Protocols ... 244 The OSI Model ... 244 Network Services and Applications... 248 Comparing the OSI Model to the TCP/IP Model ... 249 Network Design ... 254 Network Cabling... 256 Network Equipment ... 259 Firewalls ... 263 Wide Area Networks ... 267 Wireless Networks ... 269 Internet ... 272 Network Administration and Control ... 274 Risks to Network Infrastructure and Controls ... 276 Chapter Summary ... 277 Key Terms ... 277 Apply Your Knowledge... 280 Exercises ... 280 Exam Questions... 282 Answers to Exam Questions... 284 Need to Know More?... 285 Part IV: Protection of Information Assets Chapter 7: Protection of Logical Assets... 289 Introduction ... 293 The Goals of Logical Security ... 293 Information Security Protection Mechanisms... 294 The Role of Confidentiality, Integrity, and Availability... 295 Logical Access Controls ... 303 Identification and Authentication (I&A) ... 303 Single Sign-On ... 307 Remote Access Security ... 309 Auditing and Logging... 311 Handling Confidential Information ... 312 Common Attack Patterns... 313 Passive Attacks ... 313 Active Attacks... 314 Network Infrastructure... 319 Network and Internet Security ... 320 Client/Server Security ... 324 LAN Security... 325 Wireless LAN Security... 326 Voice Communications... 328 Phreakers ... 328 PBX ... 328 VoIP... 329 Virus Protection ... 329 Containing Threats to Information Security ... 330 Emergency Response ... 332 Computer Forensics ... 334 Auditing Information Security... 335 Auditing Network Infrastructure Security... 337 Ethical Hacking and Penetration Testing ... 337 Network Assessments ... 339 Tracking Change ... 339 Encryption ... 340 Encryption Methods ... 341 Cryptographic Real-World Solutions... 349 Encryption Risks and Attacks ... 351 Chapter Summary ... 353 Key Terms ... 353 Apply Your Knowledge... 355 Exercises ... 356 Exam Questions... 357 Answers to Exam Questions... 359 Need to Know More?... 360 Chapter 8: Physical Security ... 361 Introduction ... 364 Physical Security ... 364 Physical Security Exposures... 365 Physical Security Controls ... 371 Environmental Protection Practices... 381 Power Anomalies... 381 Power Protections ... 382 Heating, Ventilation, and Air Conditioning (HVAC) ... 383 Fire Prevention, Detection, and Suppression ... 384 Physical Authentication ... 386 Authentication Methods ... 387 Policies and Procedures ... 389 Types of Policies ... 389 Purpose of Policies ... 390 Defining Policies ... 390 Deploying and Implementing Policies ... 391 Physical Asset and Information Control ... 392 Chapter Summary ... 395 Key Terms ... 395 Apply Your Knowledge... 397 Exercises ... 397 Exam Questions... 397 Answers to Exam Questions... 399 Need to Know More?... 400 Part V: Business Continuity and Disaster Recovery Chapter 9: Business Continuity and Disaster Recovery ... 403 Introduction ... 406 Disaster Recovery ... 406 Disasters and Disruptive Events ... 406 BCP in the Real World... 409 ISACA and the BCP Process ... 409 Recovery Alternatives ... 425 Alternate Processing Sites ... 426 Hardware Recovery... 429 Software and Data Recovery ... 431 Backup and Restoration ... 432 Telecommunications Recovery ... 434 Verification of Disaster Recovery and Business Continuity Process ... 436 Chapter Summary ... 438 Key Terms ... 438 Apply Your Knowledge... 439 Exercises ... 440 Exam Questions... 441 Answers to Exam Questions... 443 Need to Know More?... 444 Part VI: Final Preparation Fast Facts ... 447 1.0: IS Audit Process... 448 2.0: IT Governance... 451 3.0: Systems and Infrastructure Lifecycle Management ... 454 4.0: IT Service Delivery and Support... 460 5.0: Protection of Information Assets... 466 6.0: Business Continuity and Disaster Recovery... 470 Practice Exam ... 475 Practice Exam Questions ... 476 Answers to Practice Exam Questions ... 509 Answers at a Glance to Practice Exam ... 509 Answers with Explanations... 510 Glossary... 527 Index ... 565

Portrait

As the founder and president of Superior Solutions, Inc., a Houston-based IT security consulting and auditing firm, Michael Gregg has more than 15 years of experience in information security and risk management. He holds two associate's degrees, a bachelor's degree, and a master's degree. Some of the certifications he holds include the following: CISA, CISSP, MCSE, CTT+, A+, N+, Security+, CNA, CCNA, CIW Security Analyst, CCE, CEH, CHFI, CEI, DCNP, ES Dragon IDS, ES Advanced Dragon IDS, and TICSA. Michael not only has experience in performing security audits and assessments, but he also is the co-author of Inside Network Security Assessment: Guarding Your IT Infrastructure (ISBN 0672328097, Sams, 2005). Other publications he has authored include the CISSP Exam Cram 2 (ISBN 078973446X, Que, 2005) and the Certified Ethical Hacker Exam Prep 2 (ISBN 0789735318, Que, 2006). Michael is a site expert for TechTarget.com websites, including SearchSMB.com and SearchNetworking.com; he also serves on their editorial advisory board. His articles have been published on IT websites including CertMag.com, CramSession.com, and GoCertify.com. Michael has created security audit and assessment course material for various companies and universities. Although audits and assessments are where he spends the bulk of his time, teaching and contributing to the written body of IT security knowledge is how Michael believes he can give something back to the community that has given him so much. He is a member of the American College of Forensic Examiners and of the Texas Association for Educational Technology. When not working, Michael enjoys traveling and restoring muscle cars.

Mehr aus dieser Reihe

zurück
Phr Exam Prep Pearson Ucertify Course and Exam Prep Bundle
Buch (gebunden)
von Cathy Winterfiel…
Phr Exam Prep Pearson Ucertify Course Student Access Card: Professional in Human Resources
Buch (gebunden)
von Cathy Winterfiel…
Comptia A+ Flash Cards Online Student Access Code Card
Buch (gebunden)
von David L. Prowse
vor
Servicehotline
089 - 70 80 99 47

Mo. - Fr. 8.00 - 20.00 Uhr
Sa. 10.00 - 20.00 Uhr
Filialhotline
089 - 30 75 75 75

Mo. - Sa. 9.00 - 20.00 Uhr
Bleiben Sie in Kontakt:
Sicher & bequem bezahlen:
akzeptierte Zahlungsarten: Überweisung, offene Rechnung,
Visa, Master Card, American Express, Paypal
Zustellung durch:
* Alle Preise verstehen sich inkl. der gesetzlichen MwSt. Informationen über den Versand und anfallende Versandkosten finden Sie hier.
** Deutschsprachige eBooks und Bücher dürfen aufgrund der in Deutschland geltenden Buchpreisbindung und/oder Vorgaben von Verlagen nicht rabattiert werden. Soweit von uns deutschsprachige eBooks und Bücher günstiger angezeigt werden, wurde bei diesen kürzlich von den Verlagen der Preis gesenkt oder die Buchpreisbindung wurde für diese Titel inzwischen aufgehoben. Angaben zu Preisnachlässen beziehen sich auf den dargestellten Vergleichspreis.