The Complete Guide for CISA Examination Preparation

Contents

·      Introduction

Chapter 1 Introduction to the CISA examination

·      The structure of the CISA exam

·      Becoming Certified

·      Experience requirements

·      Passing the Exam

·      CISA Job Practice Domains and task and knowledge statements

·      ISACA’s Code of Professional Ethics

·      The ISACA Standards

·      Continuous Professional Education

Chapter 2: Domain 1—The Process of Auditing Information Systems

·      Knowledge Statements

·      Understanding the Fundamental Business Processes

·      Control principles related to controls in information systems

·      Risk-based audit planning and audit project management techniques

·      Quality of the internal control framework

·      Auditor understanding of the applicable laws

·      Evidence collection techniques

·      Domain One – exam tips

·      Domain One  - Practice questions

·      Domain One – Review Questions and Hands on Exercise

·      Domain One - Answers to practice questions

·      Exercise 1 sample answer

Chapter 3: Domain 2—Governance and Management of IT

·      Governance in General

·      Resource Management

·      Project Management Tools

·      Auditor’s Role in the Project Management Process

·      Audit Risk Assessment

·      Audit Planning

·      Domain Two  - practice questions
Domain Two – Review Questions and Hands on Exercise

·      Exercise 2 sample answer

·      Domain 2 Answers to practice questions

Chapter 4: Domain 3— Information Systems Acquisition, Development and Implementation

·      Systems Acquisition

·      Systems Development

·      Systems Implementation

·      Systems Maintenance Review

·      Domain Three  - practice questions
Domain Three – Review Questions and Hands on Exercise

·      Exercise 3 sample answer

·      Domain 3 Answers to practice questions

Chapter 5: Domain 4— Information Systems Operations, Maintenance and Service Management

·      Hardware

·      Auditing Operating Systems

·      People

·      System interfaces

·      Change Management

·      Auditing Change Control

·      Disaster Recovery Planning

·      Auditing Service Delivery

·      Domain Four  - practice questions

·      Domain Four – Review Questions and Hands on Exercise

·      Exercise 4 sample answer

·      Domain 4 Answers to practice questions

Chapter 6: Domain 5— Protection of Information Assets

·      Protection of information assets

·      Privacy principles

·      Design, implementation, maintenance, monitoring and reporting of security controls

·      Physical access controls for the identification, authentication and restriction of users

·      Logical access controls for the identification, authentication and restriction of users

·      Risk and controls associated with virtualization of systems

·      Risks and controls associated with the use of mobile and wireless devices

·      Encryption-related techniques and their uses

·      Public key infrastructure (PKI) components and digital signature techniques

·      Peer-to-peer computing, instant messaging, and web-based technologies

·      Data classification standards related to the protection of information assets

·      Risks in end-user computing

·      Implementing a security awareness program

·      Information system attack methods and techniques

·      Prevention and detection tools and control techniques

·      Security testing techniques

·      Penetration testing and Vulnerability scanning

·      Forensic investigation and procedures in collection and preservation of the data and evidence

·      Domain Five  - practice questions

·      Domain Five – Review Questions and Hands on Exercise

·      Exercise 5 sample answer

·      Domain 5 Answers to practice questions

Chapter 7— Preparing for the Exam

Appendices

Appendix A: Glossary of Terms

Appendix B: CISA Sample Exam – Choose any 150 questions

Appendix C: Sample Exam Answers

Biography

Richard E. Cascarino, MBA, CIA, CISM, CFE, CRMA, is well-known in international auditing. Richard is a principal of Richard Cascarino & Associates. He has more than 31 years’ experience in audit training and consulting. He is a regular speaker to National and International conferences and has presented courses throughout Africa, Europe, the Middle East and the USA. Richard is a Past President of the Institute of Internal Auditors in South Africa, was the founding Regional Director of the Southern African Region of the IIA-Inc. and is a member of ISACA, and the Association of Certified Fraud Examiners, where he is a member of the Board of Regents for Higher Education. Richard was Chairman of the Audit Committee of Gauteng cluster 2 (Premier's office, Shared Services and Health) in Johannesburg and is currently the Chairman of the Audit and Risk Committee of the Department of Public Enterprises in South Africa. He is also a visiting Lecturer at the University of the Witwatersrand, author of the book Internal Auditing: An Integrated Approach, now in its third edition. This book is extensively used as a university textbook worldwide. In addition, he is the author of the Auditor's Guide to IT Auditing, Second Edition and the book Corporate Fraud and Internal Control: A Framework for Prevention. He is also a contributor to all four editions of QFINANCE, the Ultimate Resource.