College Physics (7th Edition)

CISA Review Manual, 27th Edition is a comprehensive reference guide designed to help individuals prepare for the CISA exam and understand the roles and responsibilities of an information systems (IS) auditor. The manual has been revised according to the 2019 CISA Job Practice and represents the most current, comprehensive, peer-reviewed IS audit, assurance, security and control resource available worldwide. The 27th Edition is organized to assist candidates in understanding essential concepts and studying the CISA 2019 Job Practice Areas. Also included are definitions of terms most commonly found on the exam. Table of Contents......Page 8 Format of This Manual......Page 36 Preparing for the CISA Exam......Page 37 Using the CISA Review Manual......Page 38 Using the CISA Review Manual and Other ISACA Resources......Page 39 Information System Auditing Process......Page 41 Learning Objectives/Task Statements......Page 43 Self-assessment Questions......Page 44 Answers to Self-assessment Questions......Page 47 1.0 Introduction......Page 55 1.1 IS Audit Standards, Guidelines and Codes of Ethics......Page 56 1.2 Business Processes......Page 59 1.3 Types of Controls......Page 97 1.4 Risk-based Audit Planning......Page 104 1.5 Types of Audits and Assessments......Page 113 1.6 Audit Project Management......Page 115 1.7 Sampling Methodology......Page 123 1.8 Audit Evidence Collection Techniques......Page 127 1.9 Data Analytics......Page 132 1.10 Reporting and Communication Techniques......Page 140 1.11 Quality Assurance and Improvement of the Audit Process......Page 147 Case Study......Page 153 Answers to Case Study Questions......Page 156 Governance and Management of IT......Page 160 Suggested Resources for Further Study......Page 162 Self-assessment Questions......Page 163 Answers to Self-assessment Questions......Page 167 2.1 IT Governance and IT Strategy......Page 173 2.2 IT-related Frameworks......Page 187 2.3 IT Standards, Policies and Procedures......Page 188 2.4 Organizational Structure......Page 194 2.5 Enterprise Architecture......Page 217 2.6 Enterprise Risk Management......Page 219 2.7 Maturity Models......Page 224 2.8 Laws, Regulations and Industry Standards Affecting the Organization......Page 227 2.9 IT Resource Management......Page 229 2.10 IT Service Provider Acquisition and Management......Page 237 2.11 IT Performance Monitoring and Reporting......Page 254 2.12 Quality Assurance and Quality Management of IT......Page 261 Case Study......Page 263 Answers to Case Study Questions......Page 265 Information Systems Acquisition, Development and Implementation......Page 269 Learning Objectives/Task Statements......Page 270 Suggested Resources for Further Study......Page 271 Self-assessment Questions......Page 272 Answers to Self-assessment Questions......Page 275 3.1 Project Governance and Management......Page 282 3.2 Business Case and Feasibility Analysis......Page 307 3.3 System Development Methodologies......Page 310 3.4 Control Identification and Design......Page 365 3.5 Testing Methodologies......Page 386 3.6 Configuration and Release Management......Page 395 3.7 System Migration, Infrastructure Deployment and Data Conversion......Page 397 3.8 Post-implementation Review......Page 411 Case Study......Page 415 Answers to Case Study Questions......Page 417 Information Systems Operations and Business Resilience......Page 420 Domain 4 Exam Content Outline......Page 422 Suggested Resources for Further Study......Page 423 Self-assessment Questions......Page 424 Answers to Self-assessment Questions......Page 427 4.1 Common Technology Components......Page 434 4.2 IT Asset Management......Page 445 4.3 Job Scheduling and Production Process Automation......Page 448 4.4 System Interfaces......Page 451 4.6 Data Governance......Page 454 4.7 Systems Performance Management......Page 458 4.8 Problem and Incident Management......Page 474 4.9 Change, Configuration, Release and Patch Management......Page 480 4.10 IT Service Level Management......Page 489 4.11 Database Management......Page 493 4.12 Business Impact Analysis......Page 505 4.13 System Resiliency......Page 509 4.14 Data Backup, Storage and Restoration......Page 512 4.15 Business Continuity Plan......Page 524 4.16 Disaster Recovery Plans......Page 551 Case Study......Page 568 Answers to Case Study Questions......Page 570 Protection of Information Assets......Page 573 Domain 5 Exam Content Outline......Page 575 Suggested Resources for Further Study......Page 576 Self-assessment Questions......Page 577 Answers to Self-Assessment Questions......Page 581 5.1 Information Asset Security Frameworks, Standards and Guidelines......Page 588 5.2 Privacy Principles......Page 599 5.3 Physical Access and Environmental Controls......Page 602 5.4 Identity and Access Management......Page 618 5.5 Network and End-point Security......Page 668 5.6 Data Classification......Page 717 5.7 Data Encryption and Encryption-related Techniques......Page 718 5.8 Public Key Infrastructure......Page 728 5.9 Web-based Communication Technologies......Page 730 5.10 Virtualized Environments......Page 772 5.11 Mobile, Wireless and Internet-of-things Devices......Page 779 5.12 Security Awareness Training and Programs......Page 795 5.13 Information System Attack Methods and Techniques......Page 797 5.14 Security Testing Tools and Techniques......Page 819 5.15 Security Monitoring Tools tand Techniques......Page 829 5.16 Incident Response Management......Page 834 5.17 Evidence Collection and Forensics......Page 836 Case Study......Page 841 Answer to Case Study Questions......Page 843 Appendix A: CISA Exam General Information......Page 849 Appendix B: CISA 2019 Job Practice......Page 854 Glossary......Page 862 Acronyms......Page 911 Index......Page 945 "The purpose of this manual is to provide Certified Information Systems Auditor (CISA) candidates with the technical information and reference material to assist in preparation for the Certified Information Systems Auditor exam."--Page iii