CISA Certified Information Systems Auditor Study Guide

Prepare for success on the 2024 CISA exam and further your career in security and audit with this effective study guide

The CISA Certified Information Systems Auditor Study Guide: Covers 2024-2029 Exam Objectives provides comprehensive and accessible test preparation material for the updated CISA exam, which now consists of 150 questions testing knowledge and ability on real-life job practices leveraged by expert professionals.

You'll efficiently and effectively prepare for the exam with online practice tests and flashcards as well as a digital glossary. The concise and easy-to-follow instruction contained in the 2024-2029 CISA Study Guide covers every aspect of the exam. This study guide helps readers prepare for questions across the five domains on the test: Information System Auditing Process; Governance and Management of IT; Information Systems Acquisition, Development, and Implementation; Information Systems Operation and Business Resilience; and Protection of Information Assets.

This study guide shows readers how to:

• Understand principles, best practices, and pitfalls of cybersecurity, which is now prevalent in virtually every information systems role
• Protect and control information systems and offer conclusions on the state of an organization's IS/IT security, risk, and control solutions
• Identify critical issues and recommend enterprise-specific practices to support and safeguard the governance of information and related technologies
• Prove not only competency in IT controls, but also an understanding of how IT relates to business
• Includes 1 year free access to the Sybex online learning center, with chapter review questions, full-length practice exams, hundreds of electronic flashcards, and a glossary of key terms, all supported by Wiley's support agents who are available 24x7 via email or live chat to assist with access and login questions

The CISA Certified Systems Auditor Study Guide: Covers 2024-2029 Exam Objectives is an essential learning resource for all students and professionals preparing for the 2024 version of the CISA exam from ISACA.

Introduction xxiii

Assessment Test xxxv

Chapter 1 IT Governance and Management 1

IT Governance Practices for Executives and Boards of Directors 3

IT Strategic Planning 10

Policies, Processes, Procedures, and Standards 12

Risk Management 23

IT Management Practices 39

Organization Structure and Responsibilities 62

Maintaining an Existing Program 72

Auditing IT Governance 75

Summary 80

Exam Essentials 81

Review Questions 83

Chapter 2 The Audit Process 87

Audit Management 89

ISACA Auditing Standards 99

Risk Analysis 108

Controls 115

Performing an Audit 121

Control Self-Assessment 144

Implementation of Audit Recommendations 147

Audit Quality Assurance 148

Summary 148

Exam Essentials 150

Review Questions 152

Chapter 3 IT Life Cycle Management 157

Benefits Realization 159

Project Management 165

Systems Development Methodologies 191

Infrastructure Development and Deployment 230

Maintaining Information Systems 234

Business Processes 237

Managing Third Parties 244

Application Controls 247

Auditing the Systems Development Life Cycle 253

Auditing Business Controls 258

Auditing Application Controls 258

Auditing Third-Party Risk Management 261

Summary 262

Exam Essentials 264

Review Questions 266

Chapter 4 IT Service Management 271

Information Systems Operations 273

Systems Performance Management 274

Problem and Incident Management 277

Change, Configuration, Release, and Patch Management 279

Operational Log Management 286

IT Service Level Management 288

Database Management Systems 290

Data Management and Governance 294

Other IT Service Management Topics 295

Auditing IT Service Management and Operations 297

Summary 301

Exam Essentials 302

Review Questions 304

Chapter 5 IT Infrastructure 309

Information Systems Hardware 310

Information Systems Architecture and Software 324

Network Infrastructure 330

Asset Inventory and Classification 386

Job Scheduling and Production Process Automation 390

System Interfaces 391

End-User Computing 392

Auditing IT Infrastructure 393

Summary 398

Exam Essentials 399

Review Questions 401

Chapter 6 Business Continuity and Disaster Recovery 405

Business Resilience 406

Incident Response Communications 473

Auditing Business Continuity Planning 475

Auditing Disaster Recovery Planning 479

Summary 484

Exam Essentials 485

Review Questions 487

Chapter 7 Information Security Management 491

Information Security 493

Role of the Information Security Manager 494

Information Security Risks 497

Building an Information Security Strategy 501

Implementing Security Controls 505

Endpoint Security 507

Network Security Controls 511

Cloud Computing Security 519

Cryptography 528

Exploring Cybersecurity Threats 539

Privacy 545

Security Awareness and Training 548

Security Incident Response 550

Auditing Information Security Controls 554

Summary 559

Exam Essentials 560

Review Questions 563

Chapter 8 Identity and Access Management 567

Logical Access Controls 568

Third-party Access Management 587

Environmental Controls 592

Physical Security Controls 599

Human Resources Security 602

Auditing Access Controls 606

Summary 616

Exam Essentials 617

Review Questions 619

Chapter 9 Conducting a Professional Audit 623

Understanding the Audit Cycle 624

How the IS Audit Cycle Is Discussed 625

Overview of the IS Audit Cycle 627

Summary 699

Appendix A Popular Methodologies, Frameworks, and Guidance 701

Common Terms and Concepts 702

Frameworks, Methodologies, and Guidance 710

Notes 738

References 738

Appendix B Answers to Review Questions 741

Chapter 1: IT Governance and Management 742

Chapter 2: The Audit Process 744

Chapter 3: IT Life Cycle Management 746

Chapter 4: IT Service Management 748

Chapter 5: IT Infrastructure 749

Chapter 6: Business Continuity and Disaster Recovery 750

Chapter 7: Information Security Management 752

Chapter 8: Identity and Access Management 754

Index 759

ABOUT THE AUTHORS

PETER H. GREGORY, CISA, CISSP, is a career technologist and cybersecurity leader. He is the Senior Director of GRC at GCI Communications, where he leads security policy, control frameworks, business continuity, third-party risk management, privacy, information and AI governance, and law enforcement wiretaps.

MIKE CHAPPLE, PhD, CISA, CISSP, is a teaching professor of IT, analytics, and operations at the University of Notre Dame. He is a cybersecurity professional and educator with over 25 years experience including as chief information officer of Brand Institute and an information security researcher with the National Security Agency and the U.S. Air Force. Mike is the author of more than 200 books and video courses and provides cybersecurity certification resources at CertMike.com.

Your all-new ultimate guide to preparing for the CISA^® exam

The CISA^® Certified Information Systems Auditor Study Guide: Covers 2024-2029 Exam Objectives delivers comprehensive and accessible test prep material for the newly updated CISA exam objectives effective from 2024. You’ll effectively prepare for this challenging test with easy-to-follow instruction and authoritative coverage of each of the five tested domains. You’ll also get access to the Sybex online learning center, complete with chapter review questions, practice exams, electronic flashcards, a key term glossary, and 24x7 tech support. Get certified the smart and efficient way with Sybex!

Coverage of 100% of all exam objectives in this Study Guide means you’ll be ready for:

• Information System Auditing Process
• Governance and Management of IT
• Information Systems Acquisition, Development, and Implementation
• Information Systems Operations and Business Resilience
• Protection of Information Assets
• All Supporting Tasks

About The Certified Information Systems Auditor Program

The Certified Information Systems Auditor (CISA) program demonstrates your proficiency in the vital areas of audit, security, and control. This continually updated credential is widely recognized in the IT industry as the gold standard in the field.

Interactive learning environment

Take your exam prep to the next level with Sybex’s superior interactive online study tools. To access our learning environment, simply visit www.wiley.com/go/­sybextestprep, follow the instructions to register your book, and instantly gain one year of FREE access after activation to:

• Interactive test bank with 2 practice exams to help you identify areas where further ­review is needed. Get more than 90% of the answers ­correct, and you’re ready to take the certification exam. With online versions of all ­chapter review questions, there are more than 400 online practice questions!
• 100 electronic flashcards to reinforce learning and last-minute prep before the exam.
• Comprehensive glossary in PDF format gives you instant access to more than 900 key terms so you are fully prepared.