ebook img

CISA Certified Information Systems Auditor All-in-One Exam Guide PDF

673 Pages·2009·6.52 MB·English
Save to my drive
Quick download
Download
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Preview CISA Certified Information Systems Auditor All-in-One Exam Guide

ALL IN ONE ® CISA Certified Information Systems Auditor E X A M G U I D E FM.indd i 9/15/2009 2:16:56 PM This page intentionally left blank ALL IN ONE ® CISA Certified Information Systems Auditor E X A M G U I D E Peter H. Gregory New York • Chicago • San Francisco • Lisbon London • Madrid • Mexico City • Milan • New Delhi San Juan • Seoul • Singapore • Sydney • Toronto FM.indd iii 9/15/2009 2:16:58 P Copyright © 2010 by The McGraw-Hill Companies. All rights reserved. Except as permitted under the United States Copyright Act of 1976, no part of this publication may be reproduced or distributed in any form or by any means, or stored in a database or retrieval system, without the prior written permission of the publisher. ISBN: 978-0-07-164371-9 MHID: 0-07-164371-0 The material in this eBook also appears in the print version of this title: ISBN: 978-0-07-148755-9, MHID: 0-07-148755-7. All trademarks are trademarks of their respective owners. Rather than put a trademark symbol after every occurrence of a trademarked name, we use names in an editorial fashion only, and to the benefit of the trademark owner, with no intention of infringement of the trademark. Where such designations appear in this book, they have been printed with initial caps. McGraw-Hill eBooks are available at special quantity discounts to use as premiums and sales promotions, or for use in corporate training programs. To contact a representative please e-mail us at To Rebekah and Shannon FM.indd v 9/15/2009 2:16:59 PM ABOUT THE AUTHOR Peter Gregory, CISA, CISSP, DRCE, is a 30-year career technologist and the manager of information security and risk management at Concur, a Redmond, WA based provider of on-demand employee spend management services. He has been deeply involved in the development of IT controls and internal IT audit since 2002, and has been building and testing secure IT infrastructures since 1990. Additionally, he has spent many years as a software engineer and architect, systems engineer, programmer, and systems opera- tor. Throughout his career, he has written many articles, whitepapers, user manuals, processes, and procedures, and he has conducted numerous training classes. Peter is the author of 20 books in information security and technology including Solaris Security, CISSP Guide to Security Essentials, Securing the Vista Environment, and IT Disaster Recovery Planning For Dummies. He is a columnist for Software Magazine and has spoken at numerous industry conferences including RSA, SecureWorld Expo, West Coast Security Forum, IP3, the Society for Information Management, the Washington Technology Industry Association, and InfraGard. Peter is an advisory board member at the University of Washington’s certificate program in information assurance, the lead instructor and advisory board member for the University of Washington certificate program in information security, a board mem- ber of the Washington state chapter of InfraGard, and a founding member of the Pa- cific CISO Forum. He is a 2008 graduate of the FBI Citizens’ Academy and a member of the FBI Citizens’ Academy Alumni Association. Peter and his family reside in the Seattle, Washington area and can be reached at www.peterhgregory.com. About the Technical Editor Bobby E. Rogers is a principal information security analyst with Dynetics, Inc., a na- tional technology firm specializing in the certification and accreditation process for the U.S. government. He also serves as a penetration testing team lead for various govern- ment and commercial engagements. Bobby recently retired from the U.S. Air Force after almost 21 years, where he served as a computer networking and security specialist and designed and managed networks all over the world. His IT security experience includes several years working as an information assurance manager and a regular consultant to U.S. Air Force military units on various cybersecurity/computer abuse cases. He has held several positions of responsibility for network security in both the Department of Defense and private company networks. His duties have included perimeter security, client-side security, security policy development, security training, and computer crime investigations. As a trainer, he has taught a wide variety of IT-related subjects in both makeshift classrooms in desert tents as well as formal training centers. Bobby is also an accomplished author, having written numerous IT articles in various publications and training materials for the U.S. Air Force. He has also authored numerous security train- ing videos. FM.indd vi 9/15/2009 2:16:59 PM He has a Bachelor of Science degree in computer information systems from Excel- sior College and two Associates in Applied Science degrees from the Community Col- lege of the Air Force. Bobby’s professional IT certifications include A+, Security+, ACP, CCNA, CCAI, CIW, CIWSA, MCP+I, MCSA (Windows 2000 & 2003), MCSE (Windows NT4, 2000, & 2003), MCSE: Security (Windows 2000 & 2003), CISSP, CIFI, CEH, CHFI, and CPTS, and he is also a certified trainer. FM.indd vii 9/15/2009 2:16:59 PM This page intentionally left blank CONTENTS AT A GLANCE Chapter 1 Becoming a CISA . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 Chapter 2 IT Governance and Risk Management . . . . . . . . . . . . . . . . . . . . . . . 17 Chapter 3 The Audit Process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79 Chapter 4 IT Life-Cycle Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 135 Chapter 5 IT Service Delivery and Infrastructure . . . . . . . . . . . . . . . . . . . . . . 221 Chapter 6 Information Asset Protection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 309 Chapter 7 Business Continuity and Disaster Recovery . . . . . . . . . . . . . . . . . . 421 Appendix A Conducting a Professional Audit . . . . . . . . . . . . . . . . . . . . . . . . . . . 485 Appendix B Popular Methodologies, Frameworks, and Guidance . . . . . . . . . . . 547 Appendix C About the CD . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 571 Glossary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 573 Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 619 ix FM.indd ix 9/15/2009 2:16:59 P

See more

The list of books you might like

Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.