LeanpubStore Readers Authors Services

CISA: The Last Mile

Your guide to the finish line

This book covers every topic in the latest CISA exam syllabus, approaching topics from the ISACA perspective. It's 400+ pages, organized in a format following the syllabus that makes it easy to drill down on specific exam domains and concepts at-a-glance, making it an essential exam resource for anyone who aims to prepare for the CISA exam without wasting time or money.

This book covers every topic in the latest CISA exam syllabus, approaching topics from the ISACA perspective. It's 400+ pages, organized in a format following the syllabus that makes it easy to drill down on specific exam domains and concepts at-a-glance, making it an essential exam resource for anyone who aims to prepare for the CISA exam without wasting time or money.

Minimum price

$9.99

$14.99

You pay

$14.99

Author earns

$11.99

PDF

EPUB

About

About

About the Book

This book covers every topic in the latest CISA exam syllabus, approaching topics from the ISACA perspective. It's 400+ pages, organized in a format following the syllabus that makes it easy to drill down on specific exam domains and concepts at-a-glance, making it an essential exam resource for anyone who aims to prepare for the CISA exam without wasting time or money.

Share this book

Categories

Computer Security

Feedback

Email the Author

Author

About the Author

Episode 305

An Interview with Pete Zerger

Contents

Table of Contents

- Preface
  - Legend
  - The CISA Mindset
    - Think the “ISACA Way“
- Chapter 1:Domain 1A: IS Auditing Process - Planning
  - 1A1. IS Audit Standards, Guidelines, and Codes of Ethics
    - ISACA IS Audit and Assurance Standards
    - ISACA IS Audit and Assurance Guidelines
    - ISACA Code of Professional Ethics
    - ITAF (IT Audit Framework)
    - IS Internal Audit Function
  - 1A2. Types of Audits, Assessments, and Reviews
    - Control Self-Assessment (CSA)
    - Integrated Auditing
  - 1A3. Risk-Based Audit Planning
    - Individual Audit Assignments
    - Effect of Laws and Regulations on IS Audit Planning
    - Audit Risk and Materiality
    - Risk Assessment
    - IS Audit Risk Assessment Techniques
    - Risk Analysis
  - 1A4. Types of Controls and Considerations
    - Internal Controls
    - Control Objectives and Control Measures
    - Control Classifications
    - Control Relationship to Risk
    - Prescriptive Controls and Frameworks
    - Evaluation of the Control Environment
- Chapter 2:Domain 1B: IS Auditing Process - Execution
  - 1B1. Audit Project Management
    - Audit Objectives
    - Audit Phases
    - Audit Programs
    - Audit Work Papers
    - Fraud, Irregularities, and Illegal Acts
    - Agile Auditing
  - 1B2. Audit Testing and Sampling Methodology
    - Compliance Versus Substantive Testing
    - Sampling
  - 1B3. Audit Evidence Collection Techniques
    - Interviewing and Observing Personnel in Performance of Their Duties
  - 1B4. Audit Data Analytics
    - Computer-Assisted Audit Techniques
    - Continuous Auditing and Monitoring
    - Continuous Auditing Techniques
    - Artificial Intelligence in IS Audit
  - 1B5. Reporting and Communication Techniques
    - Communicating Audit Results
    - Audit Report Objectives
    - Audit Report Structure and Contents
    - Audit Documentation
    - Follow-Up Activities
    - Types of IS Audit Reports
  - 1B6. Quality Assurance and Improvement of Audit Process
    - Audit Committee Oversight
    - Audit Quality Assurance
    - Audit Team Training and Development
    - Monitoring
- Chapter 3:Domain 2A: IT Governance
  - 2A1. Laws, Regulations, and Industry Standards
    - Impact of Laws, Regulations, and Industry Standards on IS Audit
    - Governance, Risk, and Compliance (GRC)
  - 2A2. Organizational Structure, IT Governance, and IT Strategy
    - Enterprise Governance of Information and Technology (EGIT)
    - Good Practices for EGIT
    - Audit’s Role in EGIT
    - Information Security Governance
    - Information Systems Strategy
    - Strategic Planning
    - Business Intelligence
    - Organizational Structure
    - Auditing IT Governance Structure and Implementation
  - 2A3. IT Policies, Standards, Procedures, and Guidelines
    - Policies
    - Standards
    - Procedures
    - Guidelines
  - 2A4. Enterprise Architecture and Considerations
    - IT Sourcing Practices
  - 2A5. Enterprise Risk Management (ERM)
    - Developing a Risk Management Program
    - Risk Management Life Cycle
    - Risk Analysis Methods
  - 2A6. Data Privacy Program and Principles
    - Privacy Documentation
    - Audit Process
  - 2A7. Data Governance and Classification
    - Data Classification
    - Legal Purpose, Consent, and Legitimate Interest
    - Data Subject Rights and Transborder Data Flow
- Chapter 4:Domain 2B: IT Management
  - 2B1. IT Resource Management
    - Value of IT
    - IT Portfolio Management
    - IT Management Practices
    - Human Resource Management
    - Enterprise Change Management
    - Financial Management Practices
    - Information Security Management
  - 2B2. IT Vendor Management
    - Sourcing Practices
    - Outsourcing Practices and Strategies
    - Cloud Governance
    - Governance in Outsourcing
    - Capacity and Growth Planning
    - Third-Party Service Delivery Management
  - 2B3. IT Performance Monitoring and Reporting
    - Key Performance Indicators (KPIs)
    - Key Risk Indicators (KRIs)
    - Key Control Indicators (KCIs)
    - Performance Optimization
    - Approaches and Techniques
  - 2B4. Quality Assurance and Quality Management of IT
    - Quality Assurance
    - Quality Management
    - Operational Excellence
- Chapter 5:Domain 3A: Information Systems Acquisition and Development
  - 3A1. Project Governance and Management
    - Project Management Practices
    - Project Management Organizational Structures
    - Project Management Roles and Responsibilities
    - Project Management Techniques
    - Portfolio and Program Management
    - Project Management Office (PMO)
    - Project Benefits Realization
    - Project Initiation
    - Project Objectives
    - Project Planning
    - Project Execution
    - Project Monitoring and Controlling
    - Project Closing
    - IS Auditor’s Role in Project Management
  - 3A2. Business Case and Feasibility Analysis
    - Components of Feasibility Analysis
    - IS Auditor’s Role in Business Case Development
  - 3A3. System Development Methodologies
    - Business Application Development
    - SDLC Models
    - SDLC Phases
    - IS Auditor’s Role in SDLC Project Management
    - Software Development Methods
    - System Development Tools and Productivity Aids
    - Infrastructure Development and Acquisition
    - Hardware and Software Acquisition
    - System Software Acquisition
  - 3A4. Control Identification and Design
    - Application Controls
    - Output Controls
- Chapter 6:Domain 3B: Information Systems Implementation
  - 3B1. System Readiness and Implementation Testing
    - Testing Classifications
    - Software Testing
    - Data Integrity Testing
    - Application System Testing
    - System Implementation
  - 3B2. Implementation Configuration and Release Management
    - Configuration Management Systems
  - 3B3. System Migration, Infrastructure Deployment, and Data Conversion
    - Data Migration
    - Changeover (Go-Live or Cutover) Techniques
    - System Change Procedures and the Program Maintenance Phase
    - System Software Implementation
    - Certification and Accreditation
  - 3B4. Post-Implementation Review
    - IS Auditor’s Role in Post-Implementation Review
- Chapter 7:Domain 4A: Information Systems Operations
  - 4A1. IT Components
    - Networking
    - Computer Hardware Components and Architectures
    - Common Enterprise Back-End Devices
    - USB Mass Storage Devices
    - Wireless Communication Technologies
    - Hardware Maintenance Program
    - Hardware Failures
  - 4A2. IT Asset Management
  - 4A3. Job Scheduling and Production Process Automation
    - Job Scheduling Software
    - Scheduling Reviews
  - 4A4. System Interfaces
    - Risks Associated With System Interfaces
    - Controls Associated With System Interfaces
  - 4A5. End-User Computing and Shadow IT
    - End-User Computing
    - Shadow IT
  - 4A6. Systems Availability and Capacity Management
    - IS Architecture and Software
    - Operating System Features and Integrity
    - Access Control Software
    - Data Communications Software
    - Utility Programs
    - Software Licensing
    - Source Code Management
    - Capacity Management
    - Resilience Metrics: RTO and RPO
  - 4A7. Problem and Incident Management
    - Problem Management
    - Incident Management
    - Detection, Documentation and Resolution of Abnormal Conditions
    - Help Desk
    - Network Management Tools
    - Problem Management Reporting Reviews
  - 4A8. IT Change, Configuration and Patch Management
    - Configuration Management
    - Change Management Process
    - Patch and Release Management
  - 4A9. Operational Log Management
    - Types of Logs
    - Log Management
  - 4A10. IT Service Level Management
    - Service Level Agreements
    - Monitoring of Service Levels
    - Service Levels and Enterprise Architecture
  - 4A11. Database Management
    - DBMS Architecture
    - Database Structure Models
    - Database Controls
    - Database Reviews
- Chapter 8:Domain 4B: Business Resilience
  - 4B1. Business Impact Analysis (BIA)
    - Classification of Operations and Criticality Analysis
  - 4B2. System and Operational Resilience
    - Application Resiliency and Disaster Recovery Methods
    - Telecommunication Network Resiliency and Disaster Recovery Methods
  - 4B3. Data Backup, Storage and Restoration
    - Data Storage Resiliency and Disaster Recovery Methods
    - Backup and Restoration
    - Backup Schemes
  - 4B4. Business Continuity Plan (BCP)
    - IT Business Continuity Planning
    - Disasters and Disruptive Events
    - Business Continuity Planning Process
    - Business Continuity Policy
    - Incident Management
    - Development of Business Continuity Plans
    - Plan Development Issues
    - Components of a Business Continuity Plan
    - Plan Testing
    - Business Continuity Maintenance
    - Auditing Business Continuity
  - 4B5. Disaster Recovery Plans (DRP)
    - Recovery Objectives and Metrics
    - Recovery Strategies
    - Recovery Site Alternatives
    - DRP Development
    - DRP Testing
- Chapter 9:Domain 5A: Protection of Information Assets
  - 5A1. Information Asset Security Policies, Frameworks, Standards and Guidelines
    - Information Asset Security Policies, Procedures and Guidelines
    - Information Security Frameworks and Standards
    - Information Security Baselines
  - 5A2. Physical and Environmental Controls
    - Environmental Exposures and Controls
    - IS Auditor Focus
    - Physical Access Exposures and Controls
    - Industrial Control Systems Security
  - 5A3. Identity and Access Management
    - Identity and Access Management
    - Authentication, Authorization and Accountability
    - Zero-Trust Architecture
    - Privileged Access Management
    - Directory Services
    - Identity Governance and Administration
    - Identity as a Service
    - System Access Permission
    - Types of Access Controls
    - Information Security and External Parties
    - Digital Rights Management
    - Logical Access
    - Access Control Software
    - Logon IDs and Passwords
    - Remote Access Security
    - Biometrics
    - Naming Conventions for Logical Access Controls
    - Federated Identity Management
    - Auditing Logical Access
  - 5A4. Network and Endpoint Security
    - IS Network Infrastructure
    - Enterprise Network Architectures
    - Types of Networks
    - Common Network Types
    - Network Services
    - Network Standards and Protocols
    - Virtual Private Networks
    - Network Attached Storage
    - Content Delivery Networks
    - Network Time Protocol
    - Applications in a Networked Environment
    - Network Infrastructure Security
    - Firewalls
    - Unified Threat Management
    - Network Segmentation
    - Endpoint Security
  - 5A5. Data Loss Prevention
    - Types of DLP
    - Data Loss Risk
    - DLP Solutions and Data States
    - DLP Controls
    - DLP Content Analysis Methods
    - DLP Deployment Best Practices
    - DLP Risk, Limitations and Considerations
  - 5A6. Data Encryption
    - Elements of Encryption Systems
    - Link Encryption and End-to-End Encryption
    - Symmetric Key Cryptographic Systems
    - Public (Asymmetric) Key Cryptographic Systems
    - Hash Functions
    - Elliptic Curve Cryptography
    - Quantum Cryptography
    - Homomorphic Encryption
    - Digital Signatures
    - Digital Envelope
    - Applications of Cryptographic Systems
    - Kerberos
    - Secure Shell
    - Domain Name System Security Extensions
    - Email Security
    - Encryption Audit Procedures
  - 5A7. Public Key Infrastructure
    - Digital Certificates
    - Key Management
    - Certificate Revocation
    - Certificate Revocation List
    - PKI Infrastructure Risk
    - Audit Procedures for PKI
  - 5A8. Cloud and Virtualized Environments
    - Virtualization
    - Virtual Circuits
    - Virtual Local Area Network
    - Virtual Storage Area Networks (VSANs)
    - Software-Defined Networking
    - Containerization
    - Secure Cloud Migration
    - The Shared Responsibility Model
    - Key Risk in Cloud Environments
    - DevSecOps
  - 5A9. Mobile, Wireless, and Internet of Things Devices
    - Mobile Computing
    - Mobile Device Threats
    - Mobile Device Controls
    - Mobile Device Management
    - Bring Your Own Device
    - Internet Access on Mobile Devices
    - Audit Procedures for Mobile Devices
    - Mobile Payment Systems
    - Wireless Networks
    - Internet of Things (IoT)
- Chapter 10:Domain 5B: Security Event Management
  - 5B1. Security Awareness Training and Programs
    - The Information Security Learning Continuum
    - Benefits of a Security Awareness, Training and Education Program
    - Approach to Security Awareness, Training and Education
    - Conditions for a Successful Security Awareness Training and Education Program
    - Conducting a Needs Assessment
    - Implementing an Awareness and Training Program
  - 5B2. Information System Attack Methods and Techniques
    - Fraud Risk Factors
    - Computer Crime Issues and Exposures
    - Internet Threats and Security
    - Malware
    - Ransomware
  - 5B3. Security Testing Tools and Techniques
    - Security Testing Objectives
    - Security Assessments vs Security Audits
    - Vulnerability Assessments
    - Penetration Testing
    - Threat Readiness (Information Security Teams)
    - Security Testing Techniques
    - Security Operations Center (SOC)
    - Full Network Assessment Reviews
    - Security Testing Audit Procedures
  - 5B4. Security Monitoring Tools and Techniques
    - Information Security Monitoring
    - Intrusion Detection Systems
    - Intrusion Prevention Systems
    - Audit Logging in Monitoring System Access
    - Protecting Log Data
    - Security Information and Event Management (SIEM)
  - 5B5. Security Incident Response Management
    - Incident Response Process
    - Computer Security Incident Response Team
    - Incident Response Plan
    - Security Orchestration, Automation and Response
    - Types of Investigations
    - Types of Computer Forensics
    - Phases of Computer Forensics
    - Audit Considerations
    - Computer Forensic Techniques
    - Computer Forensics Tools
    - Chain of Custody
    - Best Practices to Secure Digital Evidence

The Leanpub 60 Day 100% Happiness Guarantee

Within 60 days of purchase you can get a 100% refund on any Leanpub purchase, in two clicks.

Now, this is technically risky for us, since you'll have the book or course files either way. But we're so confident in our products and services, and in our authors and readers, that we're happy to offer a full money back guarantee for everything we sell.

You can only find out how good something is by trying it, and because of our 100% money back guarantee there's literally no risk to do so!

So, there's no reason not to click the Add to Cart button, is there?

See full terms...

Earn $8 on a $10 Purchase, and $16 on a $20 Purchase

We pay 80% royalties on purchases of $7.99 or more, and 80% royalties minus a 50 cent flat fee on purchases between $0.99 and $7.98. You earn $8 on a $10 sale, and $16 on a $20 sale. So, if we sell 5000 non-refunded copies of your book for $20, you'll earn $80,000.

(Yes, some authors have already earned much more than that on Leanpub.)

In fact, authors have earned over $14 million writing, publishing and selling on Leanpub.

Learn more about writing on Leanpub

Free Updates. DRM Free.

If you buy a Leanpub book, you get free updates for as long as the author updates the book! Many authors use Leanpub to publish their books in-progress, while they are writing them. All readers get free updates, regardless of when they bought the book or how much they paid (including free).

Most Leanpub books are available in PDF (for computers) and EPUB (for phones, tablets and Kindle). The formats that a book includes are shown at the top right corner of this page.

Finally, Leanpub books don't have any DRM copy-protection nonsense, so you can easily read them on any supported device.

Learn more about Leanpub's ebook formats and where to read them

Write and Publish on Leanpub

You can use Leanpub to easily write, publish and sell in-progress and completed ebooks and online courses!

Leanpub is a powerful platform for serious authors, combining a simple, elegant writing and publishing workflow with a store focused on selling in-progress ebooks.

Leanpub is a magical typewriter for authors: just write in plain text, and to publish your ebook, just click a button. (Or, if you are producing your ebook your own way, you can even upload your own PDF and/or EPUB files and then publish with one click!) It really is that easy.

Learn more about writing on Leanpub