دسترسی نامحدود
برای کاربرانی که ثبت نام کرده اند
دانلود کتاب CISA – Certified Information Systems Auditor Study Guide
دانلود کتاب CISA - راهنمای مطالعه حسابرس سیستم های اطلاعاتی معتبر
مشخصات کتاب
CISA – Certified Information Systems Auditor Study Guide
ویرایش: 3
نویسندگان: Hemang Doshi
سری:
ISBN (شابک) : 9781835882863
ناشر: Packt Publishing Pvt. Ltd.
سال نشر: 2024
تعداد صفحات: 0
زبان: English
فرمت فایل : EPUB (درصورت درخواست کاربر به PDF، EPUB یا AZW3 تبدیل می شود)
حجم فایل: 10 مگابایت
قیمت کتاب (تومان) : 73,000
در صورت تبدیل فایل کتاب CISA – Certified Information Systems Auditor Study Guide به فرمت های PDF، EPUB، AZW3، MOBI و یا DJVU می توانید به پشتیبان اطلاع دهید تا فایل مورد نظر را تبدیل نمایند.
توجه داشته باشید کتاب CISA - راهنمای مطالعه حسابرس سیستم های اطلاعاتی معتبر نسخه زبان اصلی می باشد و کتاب ترجمه شده به فارسی نمی باشد. وبسایت اینترنشنال لایبرری ارائه دهنده کتاب های زبان اصلی می باشد و هیچ گونه کتاب ترجمه شده یا نوشته شده به فارسی را ارائه نمی دهد.
توضیحاتی درمورد کتاب به خارجی
فهرست مطالب
CISA – Certified Information Systems Auditor Study Guide
Third Edition
Contributors
About the Author
About the Reviewers
Foreword
Preface
Who This Book Is For
What This Book Covers
How to Get the Most out of This Book
Recorded Lectures
Online Practice Resources
Download the Color Images
Conventions Used
Get in Touch
Share Your Thoughts
Download a Free PDF Copy of This Book
Audit Planning
Making the Most Out of This Book – Your Certification and Beyond
The Contents of an Audit Charter
Key Aspects for the CISA Exam
Audit Planning
Benefits of Audit Planning
Selection Criteria for the Audit Process
Reviewing Audit Planning
Individual Audit Assignments
Audit Process
Key Aspects for the CISA Exam
Business Process Applications and Controls
E-Commerce
Electronic Data Interchange (EDI)
Point of Sale (POS)
Electronic Banking
Electronic Funds Transfer (EFT)
Image Processing
Artificial Intelligence and Expert Systems
Key Aspects from the CISA Exam Perspective
Types of Controls
Preventive Controls
Detective Controls
Corrective Controls
Deterrent Controls
The Difference Between Preventive and Deterrent Controls
Compensating Controls
Control Objectives
Control Measures
Key Aspects for the CISA Exam
Risk-Based Audit Planning
What Is Risk?
Understanding Vulnerability and Threats
Understanding Inherent Risk and Residual Risk
Advantages of Risk-Based Audit Planning
Audit Risk
Risk-Based Auditing Approach
Risk Assessments
Risk Response Methodology
Key Aspects for the CISA Exam
Types of Audits and Assessments
Internal IS Audit Function
Requirement for a Separate IS Audit Function
Governance of an IS Audit Function
Reporting Structure of an IS Audit Function
Management of IS Audit Resources
IS Audit Objective Should be Aligned with the Overall Business Objective
Key Aspects for the CISA Exam Perspective
Managing Third-Party IS Auditors and Other Experts
Regulatory and Other Requirements for Outsourcing
Due Diligence
Appointment Procedures and Best Practices
Contracts, Service-Level Agreements, and Non-Disclosure Agreements
Monitoring the Performance
Key Aspects for the CISA Exam Perspective
Code of Ethics
Summary
Exam Readiness Drill
HOW TO GET STARTED
Audit Execution
Audit Project Management
Audit Objectives
Audit Phases
Key Aspects for the CISA Exam
Audit testing and Sampling methodology
Sampling Types
Statistical Sampling
Non-Statistical Sampling
Attribute Sampling
Variable Sampling
Stop-or-Go Sampling
Discovery Sampling
Sampling Risk
Other Sampling Terms
The Confidence Coefficient
Level of Risk
Expected Error Rate
Tolerable Error Rate
Sample Mean
Sample Standard Deviation
Compliance versus Substantive Testing
The Differences between Compliance Testing and Substantive Testing
Examples of Compliance Testing and Substantive Testing
The Relationship between Compliance Testing and Substantive Testing
Key Aspects for the CISA Exam
Audit Evidence Collection Techniques
Reliability of Evidence
Independence of the Evidence Provider
Qualifications of the Evidence Provider
Objectivity of the Evidence
Timing of the Evidence
Evidence-Gathering Techniques
Fraud, Irregularities, and Illegal Acts
Key Aspects for the CISA Exam
Data Analytics
CAATs
Precautions While Using CAAT
Continuous Auditing and Monitoring
Integrated Test Facility
System Control Audit Review File
Snapshot Technique
Audit Hook
Continuous and Intermittent Simulation
Key Aspects for the CISA Exam
Reporting and Communication Techniques
Exit Interview
Audit Reporting
Audit Report Objectives
Audit Report Structure
Follow-Up Activities
Key Aspects for the CISA Exam
Control Self-Assessment
Precautions While Implementing CSA
An IS Auditor’s Role in CSA
Key Aspects for the CISA Exam
Agile Auditing
Dictionary Meaning of Agile
Understanding Agile Auditing
Benefits of Agile Auditing
Traditional Auditing vis-à-vis Agile Auditing
Key Aspects for the CISA Exam
Quality Assurance of Audit Processes
Oversight by Audit Committee
Continuous Education and Updating of IS Auditors
Performance Monitoring of IS Audit Functions
Continuous Improvement
Accreditation/Certification of the IS Audit Function
Key Aspects for the CISA Exam
Use of AI in the Audit Process
How Does AI Work in Auditing?
Benefits of Using AI in Audit Processes
Risks of Using AI in Audit Processes
Use Cases of AI in the Audit Process
Best Practices for Using AI in Audit Process
Summary
Exam Readiness Drill
HOW TO GET STARTED
IT Governance
EGIT
EGIT Processes
The Differences Between Governance and Management
EGIT Good Practices
Effective Information Security Governance
IS Auditor’ Role in EGIT
Key Aspects for the CISA Exam
IT-Related Frameworks
IT Standards, Policies, and Procedures
Policies
Standards
Procedures
Guidelines
Information Security Policy
Contents of the Information Security Policy
Information Security Policy Users
Information Security Policy Audit
Information Security Policy Review
Top-Down and Bottom-Up Approaches to Policy Development
The Top-Down Approach
The Bottom-Up Approach
The Best Approach
Key Aspects for the CISA Exam
Organizational Structure
Relationship Between the IT Strategy Committee and the IT Steering Committee
Differences Between the IT Strategy Committee and the IT Steering Committee
Key Aspects for the CISA Exam
Enterprise Architecture
Enterprise Security Architecture
Open System Architecture
Key Aspects for the CISA Exam
Enterprise Risk Management
Risk Management Process Steps
Asset Identification
Identification of Threats and Vulnerabilities
Evaluation of Impact
Calculation of Risk
Risk Response
Risk Analysis Methods
Qualitative
Semi-quantitative
Quantitative
Risk Treatment
Key Aspects for the CISA Exam
Maturity Model
Laws, Regulations, and Industry Standards Affecting the Organization
An IS Auditor’s Role in Determining Adherence to Laws and Regulations
Key Aspects for the CISA Exam
Data Privacy Program and Principles
Privacy-Related Regulations
Privacy Principles
Important Privacy-Related Terminology
Auditing a Privacy Program
Key Aspects for the CISA Exam
Data Governance and Data Classification
Benefits of Data Classification
Responsibility for Data Classification
Consideration of Legal and Regulatory Requirements
Key Aspects for the CISA Exam
Summary
Exam Readiness Drill
HOW TO GET STARTED
IT Management
IT Resource Management
Human Resource Management
Hiring
Training
Scheduling and Time Monitoring
During Employment
Termination Policies
IT Management
Financial Management
Key Aspects for the CISA Exam
IT Service Provider Acquisition and Management
Evaluation Criteria for Outsourcing
Steps for Outsourcing
Outsourcing – Risk Reduction Options
Provisions for Outsourcing Contracts
Role of IS Auditors in Monitoring Outsourced Activities
Globalization of IT Functions
Outsourcing and Third-Party Audit Reports
Monitoring and Review of Third-Party Services
Key Aspects for the CISA Exam
IT Performance Monitoring and Reporting
Development of Performance Metrics
Effectiveness of Performance Metrics
Tools and Techniques for Performance Measurement
Six Sigma
Lean Six Sigma
IT Balanced Scorecard
KPIs
Benchmarking
BPR
Root Cause Analysis
Life Cycle Cost-Benefit Analysis
Key Aspects for the CISA Exam
Quality Assurance and Quality Management in IT
Quality Assurance
Quality Management
Importance of Quality Management
Key Aspects for the CISA Exam
Summary
Exam Readiness Drill
HOW TO GET STARTED
Information Systems Acquisition and Development
Project Management Structure
Project Roles and Responsibilities
Board of Directors
IT Strategy Committee
Project Steering Committee
Project Sponsor
System Development Management
Project Cost Estimation Methods
Software Size Estimation Methods
Project Evaluation Methods
Project Objectives, OBS, and WBS
The Role of the IS Auditor in Project Management
Key Aspects for the CISA Exam
Business Case and Feasibility Analysis
Business Cases
Feasibility Analysis
The IS Auditor’s Role in Business Case Development
System Development Methodologies
SDLC Models
Traditional Waterfall
V-Shaped Model
SDLC Phases
Phase 1 – Feasibility Study
Phase 2 – Requirements
Phase 3 – Software Selection and Acquisition
Phase 4 – Development
Phase 5 – Testing and Implementation
Phase 6 – Post-Implementation
Software Development Methods
Agile Development
Prototyping
RAD
Object-Oriented System Development
Component-Based Development
Software Reengineering and Reverse Engineering
Key Aspects for the CISA Exam
Control Identification and Design
Check Digits
Parity Bits
Checksums
Forward Error Control
Data Integrity Principles
Limit Checks
Automated System Balancing
Sequence Checks
Decision Support Systems
Decision Trees
Key Aspects for the CISA Exam
Summary
Exam Readiness Drill
HOW TO GET STARTED
Information Systems Implementation
Testing Methodology
Unit Testing
Integration Testing
System Testing
Final Acceptance Testing
Regression Testing
Sociability Test
Pilot Testing
Parallel Testing
White-Box Testing
Black-Box Testing
Alpha Testing
Beta Testing
Testing Approach
Testing Phases
Key Aspects for the CISA Exam
System Migration
Parallel Changeover
Phased Changeover
Abrupt Changeover
Key Aspects for the CISA Exam
Post-Implementation Review
Key Aspects for the CISA Exam
Configuration and Release Management
Release Management
Configuration Management
Baseline Control
Key Aspects for the CISA Exam
Summary
Exam Readiness Drill
HOW TO GET STARTED
Information Systems Operations
Understanding Common Technology Components
Types of Servers
Universal Serial Bus
USBs – Risks
USBs – Security Controls
Radio-Frequency Identification
RFID – Risks
RFID – Security Controls
IT Asset Management
Performance Reports
Availability Reports
Utilization Reports
Asset Management Reports
Hardware Error Reports
Job Scheduling
End-User Computing and Shadow IT
Key Aspects for the CISA Exam
System Performance Management
Nucleus (Kernel) Functions
Utility Programs
Parameter Setting for the Operating System
Registry
Activity Logging
Software Licensing Issues
Source Code Management
Capacity Management
Key Aspects for the CISA Exam
Problem and Incident Management
Network Management Tools
Key Aspects for the CISA Exam
Change Management, Configuration Management, and Patch Management
Change Management Process
Emergency Change Management
Backout Process
The Effectiveness of a Change Management Process
Patch Management
Configuration Management
Key Aspects for the CISA Exam
IT Service-Level Management
Database Management Process
Advantages of Database Management
Database Structures
Hierarchical Database Model
Network Database Model
Relational Database Model
Object-Oriented Database Model
Database Normalization
Database Checks and Controls
Segregation of Duties
Key Aspects for the CISA Exam
Operational Log Management
Importance of Log Management
Types of Logs
Log Management Life Cycle
Effective Data Collection
Protection of Log Data
Integration with SIEM Systems
Key Aspects for the CISA Exam
Summary
Exam Readiness Drill
HOW TO GET STARTED
Business Resilience
Business Impact Analysis
Key Aspects for the CISA Exam
Data Backup and Restoration
Types of Backup Strategy
Storage Capacity for Each Backup Scheme
Restoration Capability for Each Backup Strategy
Advantages and Disadvantages of Each Backup Methodology
Key Aspects for the CISA Exam
System Resiliency
Application Resiliency – Clustering
Telecommunication Network Resiliency
Alternative Routing
Diverse Routing
Business Continuity Plan
Steps of the BCP Life Cycle
Contents of the BCP
Responsibility for Declaring a Disaster
A Single Plan
Backup Procedure for Critical Operations
The Involvement of Process Owners in the BCP
BCP and Risk Assessments
Testing the BCP
Key Aspects for the CISA Exam
Disaster Recovery Plan
The BCP versus the DRP
The Relationship Between the DRP and the BIA
Costs Associated with Disaster Recovery
Data Backup
DRP of a Third-Party Service Provider
Resilient Information Assets
Service Delivery Objective
Key Aspects for the CISA Exam
DRP – Test Methods
Checklist Review
Structured Walk-Through
Tabletop Test
Simulation Test
Parallel Test
Full Interruption Test
Key Aspects for the CISA Exam
Recovery Time Objective (RTO) and Recovery Point Objective (RPO)
RTO
RPO
RTO and RPO for Critical Systems
RTO and RPO and Maintenance Costs
RTO, RPO, and Disaster Tolerance
Key Aspects for the CISA Exam
Alternate Recovery Sites
Mirrored Site
Hot Site
Warm Site
Cold Site
Mobile Site
Reciprocal Agreement
Summary
Exam Readiness Drill
HOW TO GET STARTED
Information Asset Security and Control
Information Asset Security Frameworks
Auditing the Information Security Management Framework
Key Aspects for the CISA Exam
Physical Access and Environmental Controls
Environmental Controls
Alarm Controls
Water and Smoke Detectors
Fire Suppression Systems
Water-Based Sprinkler (WBS)
Dry Pipe Sprinkler
Halon Systems
Carbon Dioxide Systems
Physical Access Control
Bolting Door Locks
Combination Door Locks (Cipher Locks)
Electronic Door Locks
Biometric Door Locks
Deadman Doors
Identification Badges
CCTV Cameras
Workstation Locks
No Sign Boards
Key Aspects for the CISA Exam
Industrial Control Systems
Identity and Access Management
Access Control Categories
Steps for Implementing Logical Access Controls
Control Effectiveness
Default Deny Policy – Allow-All Policy
Degaussing (Demagnetizing)
Naming Convention
Authentication Factors
Single Sign-On
Advantages of SSO
Disadvantages of SSO
Zero Trust
Privileged Access Management
Directory Services
Identity as a Service (IdaaS)
Benefits of IdaaS
Risks of IdaaS
Digital Rights Management (DRM)
Benefits of DRM
Federated Identity Management (FIM)
Benefits of FIM
Key Aspects for the CISA Exam
Biometrics
Biometrics Accuracy Measure
False Acceptance Rate (FAR)
False Rejection Rate (FRR)
Cross-Error Rate (CER) or Equal Error Rate (EER)
Control over the Biometric Process
Types of Biometric Attacks
Key Aspects for the CISA Exam
Summary
Exam Readiness Drill
HOW TO GET STARTED
Network Security and Control
Networking and Endpoint Devices
Open System Interconnection (OSI) Layers
Networking Devices
Repeaters
Hubs and Switches
Bridges
Routers
Gateway
Network Devices and the OSI Layer
Network Physical Media
Fiber-Optic Cables
Twisted Pair (Copper Circuit)
Infrared and Radio (Wireless)
Identifying the Risks of Physical Network Media
Attenuation
Electromagnetic Interference (EMI)
Crosstalk
Network Diagram
Network Protocols
Dynamic Host Configuration Protocol
Transport Layer Security and Secure Socket Layer
Transmission Control Protocol and User Data Protocol
Secure Shell and Telnet
Network Attached Storage (NAS)
Content Delivery Network (CDN)
Network Time Protocol (NTP)
How Does NTP Work?
Network Segmentation
How Does Network Segmentation Work?
Key Aspects for the CISA Exam
Firewall Types and Implementation
Types of Firewalls
Packet-Filtering Router
Stateful Inspection
Circuit-Level
Application-Level
What Is a Bastion Host?
What Is a Proxy?
Types of Firewall Implementation
Dual-Homed Firewall
Screened-Host Firewall
Screened-Subnet Firewall (Demilitarized Zone)
The Firewall and the Corresponding OSI layer
Next-Generation Firewall (NGFW)
How Does an NGFW Work?
Unified Threat Management (UTM)
How Does UTM Work?
Key Aspects for the CISA Exam
VPN
VPNs – Technical Aspects
Types of VPN
VPNs – Security Risks
Key Aspects for the CISA Exam
Voice over Internet Protocol (VoIP)
SBCs
Key Aspects for the CISA Exam
Wireless Networks
Enabling MAC Filtering
Enabling Encryption
Disabling a Service Set Identifier (SSID)
Disabling DHCP
Use of Dynamic Encryption Keys
Use of a Randomly Generated Pre-Shared Key (PSK)
Common Attack Methods and Techniques for a Wireless Network
Wardriving
War Walking
Warchalking
Key Aspects for the CISA Exam
Email Security
Key Aspects for the CISA Exam
Data Loss Prevention
Types of DLP
How DLP Software Operates
Benefits of DLP Software
Key Aspects for the CISA Exam
Summary
Exam Readiness Drill – Chapter Review Questions
HOW TO GET STARTED
Public Key Cryptography and Other Emerging Technologies
Public Key Cryptography
Symmetric Encryption versus Asymmetric Encryption
Encryption Keys
Confidentiality
Authentication
Non-Repudiation
Integrity
The Hash of the Message
Combining Symmetric and Asymmetric Methods
Quantum Cryptography
Benefits of Quantum Cryptography
Homomorphic Encryption
Benefits of Homomorphic Encryption
Domain Name System Security Extensions (DNSSEC)
Benefits of DNSSEC
Key Aspects from the CISA Exam Perspective
PKI
PKI Terminology
Processes Involved in PKI
Role of a CA
Role of a RA
CA versus RA
Key Aspects for the CISA Exam
Cloud Computing
Cloud Computing – Deployment Models
The Private Cloud
The Public Cloud
The Community Cloud
The Hybrid Cloud
Types of Cloud Services
IaaS
PaaS
SaaS
Cloud Computing – the IS Auditor’s Role
Virtualization
Virtual Circuits
How Do Virtual Circuits Work?
Virtual Local Area Network (VLAN)
How Do VLANs Work?
Virtual Storage Area Network (VSAN)
Containerization
Mobile Computing
Internet of Things
Summary
Exam Readiness Drill
HOW TO GET STARTED
Security Event Management
Security Awareness Training and Programs
Participants
Security Awareness Methods
Social Engineering Attacks
Evaluating the Effectiveness of Security Programs
Key Aspects for the CISA Exam
Information System Attack Methods and Techniques
Key Aspects for the CISA Exam
Security Testing Tools and Techniques
Terminal Controls
Login IDs and Passwords
Authorization Process
Automatic Logoff
Account Lockout
Controls on Bypassing Software and Utilities
Log Capturing and Monitoring
Time Synchronization
Network Penetration Tests
Aspects to Be Covered within the Scope of Penetration Testing
Types of Penetration Tests
Risks Associated with Penetration Testing
Threat Intelligence
Key Aspects for the CISA Exam
Security Monitoring Tools and Techniques
IDS
Components of an IDS
Network-Based and Host-Based IDSs
Limitations of the IDS
Types of IDS
Placement of IDSs
IPS
Honeypots and Honeynets
Key Aspects for the CISA Exam
Incident Response Management
Computer Security Incident Response Team
Key Aspects for the CISA Exam
Evidence Collection and Forensics
Chain of Custody
Identification
Preservation
Analysis
Presentation
Key Elements of Computer Forensics
Data Protection
Data Acquisition
Imaging
Extraction
Interrogation
Ingestion/Normalization
Reporting
Protection of Evidence
Summary
Exam Readiness Drill
HOW TO GET STARTED
Accessing the Online Practice Resources
How to Access These Materials
Purchased from Packt Store (packtpub.com)
Packt+ Subscription
Purchased from Amazon and Other Sources
STEP 1
STEP 2
STEP 3
STEP 4
STEP 5
Troubleshooting Tips
Share Feedback
Back to the Book
Why subscribe?
Other Books You May Enjoy
Share Your Thoughts
Download a Free PDF Copy of This Book
نظرات کاربران
کتاب های تصادفی
دانلود کتاب El hombre en busca de sentido
دانلود کتاب Assessing the Existence of Social Distance and Factors that Affect its Magnitude at a Southern University
دانلود کتاب The Art Of The Lie: How The Manipulation Of Language Affects Our Minds
