Book review of CISA – Certified Information Systems Auditor Study Guide

by Hemang Doshi (Author)

Updated at: 15/01/2025

Ace the CISA exam with Hemang Doshi's updated CISA – Certified Information Systems Auditor Study Guide. Aligned with the 28th edition of the official review manual, this comprehensive guide provides the knowledge and practical skills needed to succeed. Doshi's clear explanations cover key IT auditing areas, including governance, development, and security, using a three-step approach: fundamentals, key exam points, and self-assessment questions. Over 1000 practice questions, flashcards, and online resources further enhance preparation. Whether you're a seasoned IT professional or a newcomer, this guide empowers you to confidently navigate the exam and launch a thriving career in information systems auditing.

CISA – Certified Information Systems Auditor Study Guide: Aligned with the CISA Review Manual 2024 with over 1000 practice questions to ace the exam

4.4 / 6 ratings

Review CISA – Certified Information Systems Auditor Study Guide

This CISA study guide by Hemang Doshi is a comprehensive and well-structured resource that I found incredibly helpful in my CISA exam preparation. While I'm still working my way through it, I've already been impressed by its clarity and the depth of its coverage. The author clearly possesses a strong understanding of the material and a knack for explaining complex concepts in a way that's easily digestible, even for someone like myself who might not have a purely technical background.

The book's three-step approach—fundamentals, key exam points, and self-assessment questions—is exceptionally effective. It allows you to build a solid foundation, then focus your efforts on the most critical areas for the exam, and finally, test your knowledge with questions that accurately reflect the exam format. This structured approach keeps you engaged and prevents information overload. I especially appreciate the inclusion of numerous practice questions; over 1,000 is a significant advantage, offering ample opportunity to reinforce learning and identify areas needing further attention.

The online resources accompanying the book are a fantastic bonus. The access to practice tests, flashcards, and exam tips significantly enhances the learning experience. Having these readily available online adds a layer of flexibility and convenience that many study guides lack. I find the flashcards particularly useful for memorizing key terms and concepts. The online platform's organization is also intuitive and easy to navigate, a significant plus when you're already juggling a busy schedule.

The book's alignment with the 28th edition of the official CISA review manual is a crucial aspect, ensuring its content is completely up-to-date and relevant. This eliminates the worry of studying outdated material and gives you confidence that you're preparing with the most current information. I've found the coverage of topics like IT governance, systems development, and asset protection to be particularly thorough and insightful, providing practical, actionable advice that goes beyond mere theoretical explanations. The sections on data analytics tools and forensic techniques were also particularly relevant and well-explained, given their increasing importance in the field.

One initial concern I had was the sheer length of the book. However, the well-organized structure and clear writing style mitigate this. It's a substantial resource, no doubt, but the information is presented efficiently and logically, making it manageable to work through in a structured manner. In fact, I find the depth of coverage preferable to having to consult multiple resources. Whether or not you choose to use the official review manual alongside this guide will depend on your personal learning style and preference.

In short, Hemang Doshi's CISA study guide is an outstanding resource for anyone preparing for the CISA exam. The combination of its comprehensive content, well-structured approach, and valuable online resources makes it a truly effective tool for exam success. I highly recommend it to anyone aiming to achieve their CISA certification.

Information

Dimensions: 0.74 x 7.5 x 9.25 inches
Language: English
Print length: 356
Publication date: 2024
Publisher: Packt Publishing

Book table of contents

Preface
Audit Planning
Audit Process
F-Commerce
Electronic Data Interchange (EDI)
Point of Sale (POS)
Electronic Banking
Electronic Funds Transfer (EFT)
Image Processing
Artificial Intelligence and Expert Systems
Types of Controls
Preventive Controls
Detective Controls
Management
Audit Resources

Appointment Procedures and Best Practices
Audit Execution
Audit Project Management
Audit Objectives
Audit Phases
Key Aspects for the CISA Fxam
Audit testing and Sampling
methodology
Sampling Types
Sampling Risk
Other Sampling Terms
Compliance versus Substantive Testing
Key Aspects for the CISA Exam
Audit Evidence
Collection Techniqucs
Reliability of Evidence
Evidence-Gathering Techniques
Fraud, Irregularities, and Acls
Data Analytics
CAATs
Precautions While CAAT
Continuous Auditing = Monitoring
Reporling and Communicalion
Use of Al in the Audit Process
How Does AI Work in Auditing?
Benefits ot Using AI in Audit Processes
Risks of Using AIin Audit Processes
IT Governance
EGIT
EGIT Processes
The Differences Betwveen Governance and Management
EGIT Good Practices
Effective Information Security Governance
IS Auditor' Role
Key Aspects for the CISA Exam
IT-Related Frameworks
IT Standards; Policies, and Procedures
Policies
Standards
Proceares
Guidelines
Inlormation Security Policy
Dowvnana Bottom-Ur Approaches
Policy Development
Aspects for the CISA Exam
Organizational Structure
Relalionship the IT Strategy
Committce and the IT Stcering Committee
Ditferences Between the 1T Strategy Committee and the IT Steering Committee
Enterprise Archilecture
Management
IT Resource Management
Human Resource Management
IT Management
Financial Management
IT Scrvice Provider Acquisition
Evaluation Criteria for Outsourcing
Steps for Outsourcing
Outsourcing
Risk Reduction Options
Provisions for Outsourcing Contracts
Role of IS Auditors in Monitoring
Outsourced Activities
Globalization of IT Functions
Outsourcing and Third-Party Audit Reports
Monitoring and Review of
Ihird-Party Services
Information Systems Acquisition and Development
Project Management Structure
System Development Methodologies
Project Roles and Responsibilities
Project Cost Fstimation Methods
Software Size Estimation Methods
Software Development Methods
Project Fvaluation Methods
Pruject Objeclives, OBS, and WBS
Key Aspects lor the CISA Exam
Business Case and
Feasibility Analysis
Business Cases
Feasibility Analysis
The IS Auditor's Role
in Business Case
Development
Data Integrity Principles
Decision Support Systems
Decision Trees
Information Systems Implementation
Testing Methodology
Unit Testing
Integration Testing
System Testing
Final Acceptance Testing
Regression Testing
Sociability Test
Pilot Testing
Parallel Testing
White-Box Testing
Black-Box Testing
Alpha Testing
Beta Testing
Testing Approach
Testing Phases
Information Systems Operations
Understanding Common Technology Components
Types of Servers
Universal Serial Bus
Radio-Frequency Identification
IT Asset Management
Performance Reports
Job Scheduling
Software Licensing Issues
Code Management
IT Service-Level Management
Capacity Management
Database Management Process
Key Aspects for the CISA Exam
Advanlages of Dalabase Management
Problem and Incident Management
Dalabase Struclures
Network Management Tools
Key Aspects for the CISA Exam
Operational Management
Change Management,
Importance of Log Management
Contiguration Management,
Types of Management Lite Cycle
Change Management Process
Eftective Data Collection
Emergency Change Management
Protection of Log Data
Backout Process
Integration with SIFM Systems
Ihe Effectiveness of a Change Management
Key Aspects for the CISA Exam
Process
Patch Management
Summary
Configuration Management
Exam Readiness Drill
Business Resilience
Business Impact Analysis
BCP and Risk Assessments
Key Aspects for the CISA Exam
Testing the BCP
Key Aspects for the CISA Exam
Data Backup and Restoration
Types of Backup Strategy
Disaster Recovery Plan
Storage Capacity for Each Backup Scheme
The BCP versus the DRP
Key Aspects for the CISA Exam
The Relationship Between the DRP
and the BIA
System Resiliency
Costs Associated with Disaster Recovery
Application Resiliency
Clustering
Data Backup
Telecommunication Network Resiliency
DRP of a Third-Party Service Provider
Business Conlinuity Plan
Resilient Information Assets
Service Delivery Objective
of the BCP Lile Cycle
Aspects for the CISA Exam
Contents of Ihe BCP
Backup Procedure for Critical Operations
DRP
Test Methods
Ihe Involvement ol Process Owners
Checklist Review
in the BCP
Structured Walk-Ihrough
Information Asset Security and Control
Information Asset Security
Frameworks
Auditing the Information Security
Management
Physical Access
Environmental Controls
Alarm Controls
Water and Smoke Detectors
Fire Suppression Systems
Physical Access Control
Industrial Control Systems
Identity and Access Management
Access Control
Default Deny Policy
Allow-All Policy
Degaussing (Demagnelizing)
Network Security and Control
Networking and Endpoint Devices
Open System Interconnection (OSI) Layers
Networking Devices
Network Devices and the OSI Layer
Network Physical Media
Identifying the Risks of Physical
Network Media
Network Diagram
Network Protocols
Network Attached Storage (NAS)
Content Delivery Network (CDN)
Network Time Protocol (NTP)
Network Segmentation
Firewall Types and Implementation
Types of Firewalls
Packet-Filtering Router
Statelul Inspection
Circuit-Level
Application-Level
Types of Firewall Implementation
The Firewall and the Corresponding OSI layer
Next-Generation Firewall (NGFI)
Unified Threat Management (UTM)
VPN
VPNs
Technical Aspects
Public Cryptography and Other Emerging Technologies
Security Event Management
Security Awareness Training and Programs
Evidence Collection
Forensics
Chain of Custody
Elements of Computer Forensics
Accessing the Online Practice Resources
Index
Other Books You May Enjoy
Index
Index
audit recommendation
implementation rate
audit universe
authorization
automated system
automation
availability
avoidance
B
confidentiality
board of directors
back engineering
backup
balanced scorecard
baseline
bcp
diligent and careful
bia
binary
biometric attacks
biometric replay attack
blackout
blp
botnets
bottom-up approach
bottom-up estimate
bpr
brownout
brute-force attack
Copyrighted Material
Index
data controller
data classification
digital certificate
digital personal data protection act
dala
digital rights management
data generation
disaster recovery plan
data governance
discretionary access control
data integrity
distributed computing environment
data integrity and confidentiality
dlp
dmz
data integrity issues
dns
data identification
dnssec
dala interface
document review
data loss Prevention
dss
data minimization
due diligence
data owners
dumpster diving
data privacy
durability
data privacy and security risks
dynamic encryption
dynamic host configuration protocol
data processor
data protection laws
data privacy concerns
data protection
banking
enterprise architecture
data storage
ea
data subject
earned value analysis
data tier
eavesdropping
database server
edit checks
dbas
egit
dbms
eject
dce
electromagnetic interference
design and development
electronic banking
decision trees
email bombing
email spamming
demilitarized zone
email spoofing
denial-of-service
encapsulation
detection risk
encryption
determine the cost
dhcp
differential backup
enterprise risk management
enterprise security architecture
equal error rate
hash value
health insurance portability and accountability act
hipaa
homomorphic encryption
host
false acceptance rate
false rejection rate
hybrid cloud
hypervisor
federated identity management
file server
fim
firewalls
iaas
iamn
flexibility
ics s
flooding
idaas
identity and access management
forward error control
identity as service
full backup
incremental backup
full operational test
indicators of compromise
function point analysis
industrial control systems
function points
industry standards
future-proof
information security
information security governance
governance and compliance
information security policy
information system
gdpr
general data protection regulation
grc
Index
Copyrighted Material
Copyrighted Material
Index
Index
risk acceptance
risk analysis method
risk avoidance
risk coverage
risk factors
risk management
risk mitigation
risk reduction
risk transfer
rollback strategy
rpo
rto
saas
salami attack
saml
san
sarbanes-oxley act
sbcs
scalability
scarf
sd
sdlc
secure shell
secure socket layer
security logs
segregation of duties
semantic nets
semi-quantitative method
sequence checks
service-level agreements
service delivery objectives
service organization control
Copyrighted Material
Index
unified threat management
uninterruptible power supply
table link table relerence check
unshielded twisted pair
tcp
ups
testing
usb
user acceptance test
user data protocol
utmn
utp
third-party auditors
three-tier architecture
V-shaped model
time-of-check to time-of-use
van
timeliness of audit reports
vcs
version control
tocltou
virtual machines
down approach
virtual circuits
and tagging
virtual localarea network
traffic analysis
virtual private network
training and awareness
and developmnent
virus
transaction authorization
vlan
transmission control protocol
vms
transport layer securily
voice over internet protocol
trapdoor
voip
trojan horse
vpn
two-tier architecture
vsan
U
W
uat
war dialing
wardriving
unauthorized access
wbs
web server
wep
wi-fi protected access
unbreakable sccurity
tOP tracing

Show more

Book review of CISA – Certified Information Systems Auditor Study Guide

Review CISA – Certified Information Systems Auditor Study Guide

Information

Book table of contents

Preview Book