| |||||
CISA: Certified Information Systems Auditor Study Guide
Books: Text Books: Information Systems: Item 3
|
CISA: Certified Information Systems Auditor Study Guideby David L. Cannon, Timothy S. Bergmann, and Brady Pamplin
|
3 of 4 people found the following review helpful: BOOK REVIEW , June 16, 2006 Reviewer:Sam Arthur, CPA, CISA, CISSP, CISM (Washington DC) - This team from CertTest Training really hit the bull's eye for the much needed comprehensive study guide for information systems auditors. This guide is very unique because it bridges the gap for two of our primary groups of entrants to the information systems auditing arena. For a traditional auditor, this book translates the risk/control disciplines, traditional to audits, to the information technology environment. A typical auditor can identify with the controls without being an average IT savvy person. For the nuts-and-bolts techie, the guide helps reengineer your thinking process to control awareness and identification. The guide has eight chapters. Chapters 2 through 8 cover the syllabus for the CISA exam. Below is a brief overview of my evaluation of each chapter. Chapter 1: Secrets of a Successful Auditor This chapter is a must read for all existing or wanna-be systems auditors. It provides an overview of the IS audit standards in simple terms for almost any audience, gives an overview of professional requirements, skill sets, the auditing environment and some project management. The tone is this chapter is very motivating and encouraging. For IS auditors like us, it tells our life story, for a wanna-be, this is a recruitment effort. This chapter characterizes the authors' combined years of experience. It is a good appetizer. Chapter 2: Audit Process Armed with the knowledge of the secrets of a successful auditor in chapter 1, I was ready to delve into the main course. Chapter 2 welcomes you with a flow diagram of the audit process and provides step by step explanation of risk-based audits and how to plan and conduct audits using applicable standards, guidelines and best practices. The authors provide precise definitions of terminology. Auditor independence could not have been over-emphasized in this chapter. For the exam candidate, most questions on independence are based on judgement. This chapter ensures the reader can grasp the concept and can apply it to exam questions and of course to real life situations. Chapter 3: IT Governance With respect to the IT Governance area, which has been characterized with ambiguity since it's inception, the authors tried to explain the overall concept successfully. The only glitch is that, with CISA being an internationally acclaimed qualification, I had expected more governance examples such as the ITIL (IT Infrastructure Library) to be included for the readers from Europe and other corners of the world relate to somehow. However, I enjoyed the illustrations on the performance measurement section, the scoring and the Capability Maturity Modeling. The authors' explanation for Business Process Engineering and Business Impact Analysis (my favorite area) was excellent. For the purpose of the exam, I believe this section was adequately written. Chapter 4: Networking Technology For the techie, the first few pages may either be boring or a good refresher. However, for the rest of the chapter, the authors' made a conscientious effort to bridge functionality with audit/security controls for the techie candidate. For the traditional auditor, the first few pages of this chapter provide a good foundation on information technology concepts, mush like an IT 101 course would; that is assuming you have some exposure to IT terminology and understand the difference between a "bite" from a hamburger and bytes in the computer. David's group even throws in some excellent mnemonics you can use for the exam. This section will not make you a professional hacker but will assist you in passing the exam. Chapter 5: System and Infrastructure Life Cycle Management I was impressed by the authors' experience in performing SDLC type reviews as portrayed in Chapter 5. Not only were the methodologies adequately explained, but the real life examples and tips provided brought life to this subject area. This is good exam material as well as good reference material. Chapter 6: IT Service Delivery and Support This was also an excellent section. This section is a good resource for understanding and reviewing IT operations and management. Excellent illustrations and explanations for scorecards, SLA, metrics and problem management. Chapter 7: Protection of Information Assets The beginning of this chapter seems more of a CISM study guide, however it lays the ground work for the CISA candidate to appreciate the thin, often fuzzy, demarcation of network security audits by CISA's and other security professionals. This is very relevant as a result of the plethora of new regulations pertaining to privacy, such as HIPAA and Gramm-Leach-Bliley Act that has passed in the USA and other laws passed in Europe and other parts of the world. This section is very rich in information and of definate benefit to the CISA candidate. Chapter 8: Business Continuity and Disaster Recovery In light of recent natural and contrived disasters (terrorist strikes, cyberwarfare and floods) around the nation and the rest of the world; the topics in this chapter have been gaining importance by the day. To be able to put this hot issue in only 30 pages without compromising on content and coverage, the authors had to perform a miracle. The authors did justice to this area and any IT audit professional can utilize the information within both as exam and/or reference material. Here again IT auditors are being called upon to review disaster recovery and business continuity initiatives to ensure corporate survival. After reviewing the book, I was ready to take the exam, but I realized I had already passed the exam ages ago. But this book was surely an excellent refresher and I vow to keep it in my arsenal of references. Sam Arthur, CPA, CISA, CISM, CISSP is a Director of Information Technology Assurance & Control with Thompson Cobb Bazilio and Associates, a national certified public accounting and consulting firm headquartered in Washington DC. Sam was formerly the Co-chair of Education and Research for the ISACA National Chapter and is now the Coordinator for the Chapter Coordinator CISM. He also co-chairs the Committee on CISA/CISM Review Courses. Sam reviews publications on Information Technology Audits and Security. He has also written several articles in this field.
Book Description
Demand for qualified and certified information systems (IS) auditors has increased dramatically since the adoption of the Sarbanes-Oxley Act in 2002. Now you can prepare for CISA certification, the one certification designed specifically for IS auditors, and improve your job skills with this valuable book. Not only will you get the valuable preparation you need for the CISA exam, youll also find practical information to prepare you for the real world. This invaluable guide contains:
Authoritative coverage of all CISA exam objectives, including:
- The IS Audit Process.
- IT Governance.
- Systems and Infrastructure Lifecycle Management.
- IT Service Delivery and Support.
- Protection of Information Assets.
- Disaster Recovery and business Continuity.
Practical information that will prepare you for the real world such as:
- Secrets of successful auditing.
- government regulations at a glance.
- Incident handling checklist.
- Scenarios providing insight into professional audit systems and controls.
Additional exam and career preparation tools such as:
- Challenging chapter Review questions.
- A glossary of terms.
- Tips on preparing for exam day.
- Information on related certifications.
A free CD-ROM with:
- Advanced testing software with challenging chapter Review questions plus bonus practice exams so you can test your knowledge.
- Flashcards that run on your PC, Pocket PC, or Palm handheld.
- The entire book in searchable and printable PDF.
Back Cover Copy
Take charge of your career with certification that can increase your marketability. Demand for information systems auditors has increased dramatically since the adoption of the Sarbanes-Oxley Act in 2002. Now you can prepare for CISA certification and improve your job skills with the targeted training you'll receive in this valuable book.
With clear instruction on CISA exam content areas, tasks, and knowledge skills, as well as challenging chapter Review questions, a full glossary of terms, and plenty of real-world scenarios, this essential guide offers the valuable preparation you need for the CISA exam—then goes beyond it with practical information to prepare you for the real world.
INSIDE YOU'LL FIND:
Authoritative coverage of all CISA exam objectives
- The IS Audit Process
- IT Governance
- Systems and Infrastructure Lifecycle management
- IT Service Delivery and Support
- Protection of Information Assets
- Disaster Recovery and business Continuity
Practical information to prepare you for the real world
- Secrets of successful auditing
- Government regulations at a glance
- Incident handling checklist
- Real-world scenarios for insight into professional audit systems and controls
Additional exam and career preparation tools
- Challenging chapter Review questions
- Glossary of terms
- Preparing for exam day
- Related certifications
Featured on the CD
SYBEX TEST ENGINE: Test your knowledge with advanced testing software. Includes challenging chapter Review questions plus bonus exams.
ELECTRONIC FLASHCARDS: Reinforce what you've learned with flashcards that can run on your PC, Pocket PC, or Palm handheld.
Also on the CD, you'll find the entire book in searchable and printable PDF.
Shop Bookstores:
Books
Resources
Most Watched Book Auctions
Information Systems at Sduf
News To Peruse
More Subjects
Book Review Directory
Reviewed Authors
Reviewed Titles
Review List
Site Map
