Welcome to Scribd, the world's digital library. Read, publish, and share books and documents. See more
Download
Standard view
Full view
of .
Save to My Library
Look up keyword or section
Like this
4Activity

Table Of Contents

IS Auditing Standards
Risk-Based Approach
Know Your Business
Controls
Preventive Controls
Detective Controls
Corrective Controls
Types of Audit Engagements
SAS 70
The Audit Organization
Audit Planning
Materiality
Irregularities
Scheduling
Self-Assessment Audits
Audit Staffing
Planning the Individual Audit
IS Audit Types
Risk Assessment
CobiT
Audit Objectives and Scope
Using the Work of Other Auditors
Impact of Outsourcing on IS Audits
Independence of an Auditor
Audit Engagement
Creating and Maintaining Work Papers
Due Care
Cover Sheet
Key Documents
Background
Planning and Risk Assessment
Audit Program
Test Work and Evidence
Post-Audit Checklist
Fieldwork
Control Objectives and Audit Approach
Referencing
Obtaining Evidence to Achieve the Audit Objectives
Flowcharts
Documentation Reviews
Narratives
Interview
Observation
Inspection
Confirmation
Reperformance
Monitoring
Test Work
CAATs
Management Control Reports
Sampling
Preparing Exhibits
Identifying Conditions and Defining ReportableFindings
Conclusions
Identification of Control Weaknesses
Summarizing Identified Weaknesses into Findings
Root Cause Analysis
Value-Added Recommendations
Reasonable Assurance through a Review of Work
The AIC and the Next Level Review of the Work Performed
Peer Review
Communicating Audit Results and Facilitating Change
Report Layout
Findings
Responses
Follow-Up
Resources
Publication
Web Sites
Sample Questions
Systems Architecture
Evaluate the IS Organizational Structure
Roles and Responsibilities
Qualification and Training of the IS Staff
Evaluating IS Policies, Standards, and Procedures
Policy
Standards
Procedures
Evaluating Third-Party Services Selection and Management
Contract Management
Service Level Agreements
Evaluating Project Management
Evaluating Change Management
Evaluating Problem Management
Evaluating Quality Management
System Development Life Cycle (SDLC)
Quality Assurance Standards and Procedures
Evaluating Performance Management
Key Performance Indicators (KPIs)
Performance Measurement Techniques
Evaluating Capacity Management
Economic Performance Practices
Evaluating Information Security Management
Evaluating Business Continuity Management
Evaluating IS Management Practices and Policy Compliance
Technical Infrastructure and Operational Practices
Evaluating Systems Software
Operating Systems
Database Management Systems
Multi-Tier Client/Server Configuration Implications
Security Packages
Operations Management Consoles
Installation
Maintenance
Evaluating Network Infrastructure
Voice Networks
Data Networks
Evaluating IS Operational Practices
Computer Operations
Printer Operators
Media Library Management
Physical Access to Operations Areas
Help Desk and User Support
Job Scheduling
Configuration Management
Asset Management
Change Management
Evaluating System Performance
Monitoring Techniques, Processes, and Tools
Capacity Planning
Problem Management
Service Level Agreements (SLAs)
Security Risks and Review Objectives
The Security Officer’s Role
Privacy Risk
The Security Program
Policy and Standards
Periodic Security Assessments and Planning
Designing Security from the Start
Identification, Authentication, and Authorization
Need to Know
Security Controls Economics
Role-Based Access
Evaluating Account Administration
User Account Management
Single Sign-On Solutions
Application Design Security
Application and Data Access
Biometric Access Controls
Network User Access
Information Security Architecture
Security Plans and Compliance
Host-Based Security
Evaluating Network Infrastructure Security
Firewalls
Demilitarized Zones (DMZs)
Proxies
Evaluating Encryption Techniques
Virtual Private Networks (VPNs)
Web Access Controls
Email Security
Virus Protection
Logging and Monitoring
Network Intrusion Detection
Incident Response
Security Testing Tools
Third-Party Connections
Evaluating Security Awareness
Social Engineering
Evaluating Environmental Controls
Electrical Power
Temperature
Fire Suppression
Humidity
Evaluating Physical Access Controls and Procedures
Visitor and Vendor Access
The Physical Location, Security Measures, and Visibility Profile
Personnel Safety
Hard Copy Information Protection
Disaster Recovery and Business Continuity
The Business Case for Continuity Planning
Business Processing Alternatives
Training Evaluation
Reporting Evaluation
Evaluation Approach
Systems Development Approaches and Management
Project Management
Functional Requirements
Requirements Definitions
Feasibility Analysis
System Specifications
System Design
Quality Assurance Planning and Review Processes
System Development
Change Control Methodologies
Third-Party Participation
Documentation and Standards
Data Management, Security, and Audit Functionality
Testing and Code Promotion
Training
Concluding on the Development Process
Acquisition
Vendor Management and Escrow
Implementation
Conversion
Problem Management and Escalation
Emergency Change Management
Post-Implementation
Acceptance and Post-Implementation Review
Evaluating the Maintenance and Enhancement Processes
Versioning and Release Packaging
Corporate Governance
Best Practice Business Process Design
Management Controls
Evaluating Business Process Reengineering Projects
Assessing Performance and Customer Satisfaction
E-Business Applications in Support of Business
Evaluating the Design and Implementation of Risk Controls
Automated or Programmed Controls
Manual Controls
Cost-Benefit Analysis of Control Efforts
Risk Analysis
Control Identification
Gap Analysis and Reporting
Independent Assurance
Provisions for Independent Audits
Chapter 1—The IS Audit Process
Chapter 4—Protection of Information Assets
Chapter 5—Disaster Recovery and Business Continuity
Index
0 of .
Results for:
No results containing your search query
P. 1
Wiley & Sons - The Cisa Prep Guide. Mastering the Certified Information Systems Auditor Exam

Wiley & Sons - The Cisa Prep Guide. Mastering the Certified Information Systems Auditor Exam

Ratings: (0)|Views: 4,217|Likes:
Published by Yasmeen Adel

More info:

Published by: Yasmeen Adel on Apr 13, 2012
Copyright:Attribution Non-commercial

Availability:

Read on Scribd mobile: iPhone, iPad and Android.
download as PDF, TXT or read online from Scribd
See more
See less

06/10/2013

pdf

text

original

You're Reading a Free Preview
Pages 12 to 230 are not shown in this preview.
You're Reading a Free Preview
Pages 242 to 325 are not shown in this preview.
You're Reading a Free Preview
Pages 337 to 464 are not shown in this preview.
You're Reading a Free Preview
Pages 476 to 562 are not shown in this preview.
You're Reading a Free Preview
Pages 574 to 591 are not shown in this preview.

You're Reading a Free Preview

Download
/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->