实例介绍
【实例简介】
CISA Review Manual, 26th Edition CISA 认证复习手册英文原版,第26版本,高清
CISA Sertified Information CISA REVIEW MANUAL 26TH EDITION ISACA is pleased to offer the 26th edition of the CISa@ Review Manual. The purpose of this manual is to provide CISa candidates with updated technical information and references to assist in preparation and study for the Certified Information Systcms Auditor exam The content in the manual has becn substantially updated. Most of the changes made were to recognize and map to the new task and knowledge statements that resulted from the new CISA job practice analysis. Further details regarding the new job practice can be foundinthesectiontitledNew-cIsaJobPracticeandcanbeviewedatwww.isaca.org/cisajobpracticeandintheIsAcaExam CAndidateINformationGuideatwww.isaca.orglexamguide.Theexamisbasedonthetaskandknowledgestatementsinthejob practice ' I'he development of the task and knowledge statements involved thousands of CISAs and other industry professionals worldwide who served as committee members, focus group participants, subject matter experts and survey respondents The Cisa Review Manual is updated to keep pace with rapid changes in the IS audit, control and security professions. As with previous manuals, the 26th edition is the result of contributions from many qualified authorities who have generously volunteered their time and expertise. We respect and appreciate their contributions and hope their efforts provide extensive educational valuc to CISA manual readers Your comments and suggestions regarding this manual are welcomed. After taking the exam, please take a moment to complete the onlinequestionnaire(www.isaca.org/studyaidsevaluation).Yourobservationswillbeinvaluableforthepreparationofthenextedition of the cisa Review manuc The sample questions contained in this manual are designed to depict the type of questions typically found on the CISA exam and to provide further clarity to the content presented in this manual. The CISa exarn is a practice-based exam. Simply reading the reference material in this manual will not properly prepare candidates for the exam. The sample questions are included for guidance only. Scoring results do not indicate future individual exam success Certification has resulted in a positive impact on many careers, and the Cisa designation is respected and acknowledged bt organizations around the world. We wish you success with the CISA exam. Your commitment to pursue the leading certification in IS audit, assurance, control and security is exemplary CISA Review Manual 26th Edition SACA. All Rights Reserved Acknowledgments ACKNOWLEDGMENTS The 26th edition of the CisA Review Manual is the result of thc collective efforts of many volunteers. ISACA members from throughout the global IS audit, control and security professions participated, generously offering their talent and expertise. This international team exhibited a spirit and selflessness that has become the hallmark of contributors to this manual. Their participation and insight arc truly appreciate Special thanks go to lan J. Cooke, CISA, CGEIT, CRISC, CFE, COBIT Foundation, CPTS, ITIL-F, Six Sigma Green Belt, An Post, Ireland, and Jeffrey L. Roth, CISA, CGEIT, CISSP-ISSEP, QSA, USA, who worked on the 26th edition of the CISA Review manual Expert reviewers Rajeev Andharia, CISA, CISSP, COBIT 5 Assessor Implementation, ITIL Expert, PMP, Business Technology Partner Pte Ltd, Singapore Sunil Bakshi, CISA CISM. CGEIT CRISC, National Institute of Bank Management, India Ishwar Chandra, CISA, FCA, I C Associates, India James T Enstrom, CISA, CRISC, CIA, Chicago Board Options Exchange, USA Mohamed Giohar, CISA, CISM, Egypt Florin-Mihai iliescu, CISA, Info-Logica Silverline srl, romania Binoy Koonammavu, CISA, CISM, CRISC, CISSP, ValueMentor Infosec Pvt Ltd, India Shruti Shrikant Kulkarni, CISA, CRISC, CISSP, CPISL CCSK, ITIL V3 Expert, Monitise Group Ltd, United Kingdom S Krishna Kumar CISA, CISM, CGEIT, India Juan Carlos Lopez, CISA, CGEIT, CRISC, COBIT Implementation, COBIT Certified Assessor, ITIL, PMP, Exacta Consulting, Ecuador Balakrishnan Natarajan, CISA, CISM, Pivotal Software, Inc, USA S. Peter Nota, CISA, CISM, CISSP, MBCS, PCI-ISA, Premier Farnell plc, United Kingdom Derek J. Oliver, Ph. D, CISA, CISM, CRISC, DBA, Ravenswood Consultants Ltd, United Kingdom Opeyemi Onifadc, CISA, CISM, CGEIl, Afenoid Enterprise Limited, Nigeria Manuel( Manolo) Palao, CISA, CISM, CGEIT, Accredited COBIT 5 Trainer, COBIT 5 Certified Assessor, P&T: S, SLU Innovation Technology Trends Institute(iTTi), Spain Robert D. Prince CISA CISSP USA Beth Pumo. CISA CISM. Kaiser Permanente, USA Srcc Krishna Rao, CISA, Ernst Young LLP, United Kingdom Markus Schiemer CISA. CGEIT, CRISC. Microsoft Osterreich GmbH, Austria Hilary Shreter, CISA, PMP, USA Katalin Szenes. Ph. D. CISA CISM. CGEIT. CISSP, Obuda University, Hungary Hui Zhu, CISA, CISM, CGEIT, Bluelmpact Ltd, Canada Tichaona Zororo, CISA, CISM, CRISC, CGEIT, Certified COBIT 5 Assessor, CIA, CRMA, EGIT Enterprise Governance ofIT(Pty) Ltd. South africa ISACA has begum planning the next edition of the CISA Review Manual. Volunteer participation drives the success of the manual. If you are interested in becoming a member of the select group of professionals imvolved in this global project, we want to hear from you. Please email us at studymaterials(@isaca. org CISA Review Manual 26th Edition ISACA. All Rights Reserved Certified information CISA Systems Auditor New-CISA Job Practice NEW--CISA JOB PRACTICE BEGINNING IN 2016, THE CISA EXAM WILL TEST THE NEW CISA JOB PRACTICE An international job practice analysis is conducted at least every five years or sooner to maintain the validity of the CISA certification program. A new job practice forms the basis of the CIs a exam beginning in Junc 2016 The primary focus of the job practice is the current tasks performed and the knowledge used by CISAs By gathering evidence of the current work practice of CISAS, ISACa is able to ensure that the Cis a program continues to meet the high standards for the certification of professionals throughout the world The findings of the Cisa job practice analysis are carcfully considered and directly influence the development of new test specifications to ensure that thc CISA cxam reflects the most current best practices The new 201 6 job practice reflects the areas of study to be tested and is compared below to the previous job practice. The complete Cisajobpracticecanbefoundatwww.isaca.org/cisajobpractice Previous CISA Job Practice New 2016 CISA Job Practice Domain 1: The Process of Auditing Information Systems (14%) Domain 1: The Process of Auditing Information Systems(21%) Domain 2: Governance and Management of IT (14% Domain 2: Governance and Management of IT ( 16%) Domain 3: Information Systems Acquisition, Development and Domain 3: Information Systems Acquisition, Development and Implementation(19%) Implementation (18%) Domain 4: Intormation Systems Operations, Maintenance and Domain 4: Information Systems Operations, Maintenance and Service Support(23%) Management (20%) Domain 5: Protection of Information Assets(30%) Domain 5: Protection of Information Assets(25%) CISA Review Manual 26th Edition ISACA. All Rights Reserved CISA Certified Information Systems Aud itor All SACA.certrscafon Page Intentionally left blank CISA Review Manual 26th Edition ISACA. All Rights Reserved Certified Information CIsA Systems Auditor Table of Contents Table of contents About This Manual 7 Overvie Format of This manual 17 Evaluation of This manual 18 About the CISA Review Questions, Answers and Explanations Manual .,护,,甲,中4甲 CISA Online Rcvicw Course 18 Chapter 1 The Process of Auditing Information Systems Section one overview Definition 20 Objectives 20 Task and Knowledge statements 20 Knowledge statements .20 Suggested Resources for Further Study …28 Self-assessment Questions ,, Answers to Self-assessment Questions 30 Section Two: Content 32 1.1 Quick Reference 1. 2 Management of the Is Audit Function. 1. 2. 1 Organization of the IS Audit Function 32 2.2 IS Audit Resource Management. 33 1. 2. 3 Audit plannir 33 Annual Planning..... Individual Audit Assignments 1. 2.4 Effect of Laws and Rcgulations on IS Audit Planning 34 1.3 ISACA IS Audit and Assurance Standards and Guidelines 35 1.3.1 ISACA Code of professional ethics 1.3.2 ISACA IS Audit and Assurance Standards 35 36 Performance 36 Reporting….... 3.3 ISACA IS Audit and Assurance Guidelines 37 Performance ng∴ 40 3.4 ISACA IS Audit and Assurance Tools and Techniques 40 3.5 Relationship Among Standards, Guidelines, and Tools and Techniques 1.3.6 ITAFTM 40 1. 4 IS Controls 41 1. 4. I Risk Analysis 41 1.4.2 Intcrnal Controls 1.4.3 IS Control Objectives 43 1. 4. 4 COBIt 5 1. 4.5 General control 45 1. 4.6 IS Specific Controls 45 15 Performing An IS Audit……………………………… 45 1.5. 1 Audit Objectives..... 1.5.2 TYpes of Audits 1.5.3 Audit methodology CISA Review Manual 26th Edition SACA. All Rights Reserved Table of contents Certified Information CIsA Systems audi 1.5.4 Risk-based Auditing ……148 1. 5. 5 Audit risk and materiality 48 1.5.6 Risk assessment and Treatment 49 Assessing risk 49 Treating Ri 49 1.5.7 IS Audit Risk Assessment Tcchniqucs 50 1.58 Audit programs……… 1.5.9 Fraud Detection 50 1.5.10 Compliance versus Substantive Testing…………… 1.5.11 Evidence 1.5.12 Interviewing and Observing Personnel in Performance of Their Duties 1.5. 13 Sampling 1.5. 14 Using the Services of Other Auditors and Experts 55 1.5.15 Computcr- assisted Audit Techniques…… 56 CAATS as a Continuous Online Audit approach 57 1.5.16 Evaluation of the Control enviornment Judging the Materiality of Findings……. 1.6 Communicating Audit Results 1.6. 1 Audit Report structure and Contents 58 1. 6.2 Audit Documentation 1.6.3 Closing Findings 59 1.7 Control Self-assessment 1.7. 1 Objectives of CSA 61 1.7.2 Benefits of CSa 61 1.7.3 Disadvantages of CSA 61 1.7. 4 Auditor role in csa 1.7.5 Technology Drivers for CSA………… 61 1.7.6 Traditional Versus CSA Approach 1. 8 The evolving is audit Process........... 1.8. 1 Integrated Auditing 1.8.2 Continuous auditing 62 1.9 Case studies… 1.9.1 Case Study A 64 9.2 Case study B 65 1.9.3 Case Study c 65 1. 10 Answers to Case Study Case study a questi Answers to Case Study B Questions Case Study C Qr Chapter 2 Governance and Management of IT .67 Section One: Overview 68 Definition 68 Objectives…… …68 Task and Knowledge statements 68 Tasks Knowledge Statements Suggested Resources for Further Stud 80 self- assessment Questions…… 81 Answers to Self-- assessment Questions……… .82 CISA Review Manual 26th Edition ISACA. All Rights Reserved. CISA Certified Information Systems Auditor Table of Contents Section two: Content 2.1 Quick Reference.… ,普布 .84 2.2 Corporate Governance 2.3 Governance of Enterprise IT 85 2.3. 1 Good Practices for Governance of Enterpise IT Governance of Enterprise IT and Management Frameworks 86 86 ∧ udit Role in Governance of Enterprise…… .87 2.3.2 IT Governing Committees 88 2.3.3 I'l Balanced Scorecard 2.3. 4 Information Security Governance 89 Effective Information Security governance 90 Roles and Responsibilities of Senior Management and Boards of Directors Matrix of Outcomes and Responsibilities 2.3.5 Enteprise Architecture 0? 2.4 Information Systems Strategy 2.4.1 Strategic Planning 242 IT Steering Committee……… 94 2.5 Maturity and Process Improvement models 2.6 IT Investment and Allocation practices 2.6.1 Value of it 95 2.6.2 Implementing IT Portfolio Management 95 2.6.3 IT Portfolio Management Versus Balanced Scorecard 2.7 Policies and Procedures testa 95 2.7.1 Policies 96 Information Security Policy 2.7.2 Proccdurcs 98 28 Risk Management… 98 2.8. 1 Developing a Risk Management Program 2.8.2 Risk Management Process Step 1: Asset Identification .98 Step 2: Evaluation of Threats and Vulncrabilitics to Asscts Step 3: Evaluation of the Impact Step 4: Calculation of Risk ··· Step 5: Evaluation of and Response to risk 2.8.3 Risk Analysis Methods 100 Qualitative Analysis Methods ,100 Semiquantitative Analysis Methods Quantitative Analysis Methods 2.9 Information Technology Management Practices 100 2.9. 1 Human Resource Management .100 Hiring… Employee Handbook Promotion policies 10l Training... ,来.垂号中,+·鲁··自由自由“指 101 Scheduling and Time Reporting 101 Employee Performance Evaluations 01 RequiredⅤ acations 101 Termination policies 101 2.9.2 Sourcing practices 102 Outsourcing Practices and Strategies Industry Standards/Benchmarking 104 Globalization Practices and Strategies Cloud Computing……… Outsourcing and Third-party Audit Reports 104 Governance in Out ng… 106 CISA Review Manual 26th Edition 3 ISACA. All Rights Reserved Table of Contents CISA Setiied Information Capacity and growth Planning Third-party Service Delivery Management 107 Sorvicc Improvement and User Satisfaction…… .d命 108 2.9.3 Organizational Change Management 2.9. 4 Financial Management Practices 109 IS Budgets Software Development..... 2.9.5 Quality Management .109 2.9.6 Information Security Management 110 2.9.7 Performance Optimization 110 Critical success Factors Methodologies and Tools..................... …10 Tools and Techniques... 111 2.10 IT Organizational Structure and responsibilities 2.10.1it Roles and responsibilities Vendor and Outsourcer Management 112 Infrastructure Operations and maintenance.…,…… 113 Media Management 113 Data entr 113 Supervisory Control and Data Acquisition…………………… Systems administration 113 Sccurity administration. 113 Quality Ass 114 Database administration 114 na 114 ecurity Architect …114 System Security Engineer……… 114 Applications Development and Maintenance * Infrastructure Development and maintenance 115 Network management 2.10.2 Segregation of Duties Within IT…… 115 2. 10.3 Segregation of Duties Controls 116 Transaction authorization 16 Custody of assets 116 Access to data 116 Compensating Controls for Lack of Segregation of Duties 117 2.11 Auditing IT Governance structure and Implementation.... 117 2.11.1 Reviewing Documentation.…… 117 2.11.2 Reviewing Contractual Commitments...... 118 2.12 Business Continuity Planning ..l18 2. 12. 1 IT Business Continuity Planning 119 2. 12.2 Disasters and Other Disruptive events 120 Pandemic Planning… 120 Dealing With Damage to Image, Reputation or brand 120 U nanticipated/Unforeseeable Events....................,..... 121 2. 12.3 Business Continuity Planning Process l21 2. 12. 4 Business Continuity Policy..... 12 2. 12.5 Business Continuity Planning Incident Management. 122 2126 Busincss Impact Analysis…… Classification of Operations and Criticality Analysis …………………125 2. 12.7 Development of Business Continuity Plans 125 2.12.8 Other Issues in Plan Dcvclopmcnt……… …126 2. 12.9 Components of a Business Continuity Plan 120 Key Decision-making Personnel 127 Backup of Required Supplies 127 Insurance ···· 127 CISA Review Manual 26th Edition ISACA. All Rights Reserved. 【实例截图】
【核心代码】
CISA Review Manual, 26th Edition CISA 认证复习手册英文原版,第26版本,高清
CISA Sertified Information CISA REVIEW MANUAL 26TH EDITION ISACA is pleased to offer the 26th edition of the CISa@ Review Manual. The purpose of this manual is to provide CISa candidates with updated technical information and references to assist in preparation and study for the Certified Information Systcms Auditor exam The content in the manual has becn substantially updated. Most of the changes made were to recognize and map to the new task and knowledge statements that resulted from the new CISA job practice analysis. Further details regarding the new job practice can be foundinthesectiontitledNew-cIsaJobPracticeandcanbeviewedatwww.isaca.org/cisajobpracticeandintheIsAcaExam CAndidateINformationGuideatwww.isaca.orglexamguide.Theexamisbasedonthetaskandknowledgestatementsinthejob practice ' I'he development of the task and knowledge statements involved thousands of CISAs and other industry professionals worldwide who served as committee members, focus group participants, subject matter experts and survey respondents The Cisa Review Manual is updated to keep pace with rapid changes in the IS audit, control and security professions. As with previous manuals, the 26th edition is the result of contributions from many qualified authorities who have generously volunteered their time and expertise. We respect and appreciate their contributions and hope their efforts provide extensive educational valuc to CISA manual readers Your comments and suggestions regarding this manual are welcomed. After taking the exam, please take a moment to complete the onlinequestionnaire(www.isaca.org/studyaidsevaluation).Yourobservationswillbeinvaluableforthepreparationofthenextedition of the cisa Review manuc The sample questions contained in this manual are designed to depict the type of questions typically found on the CISA exam and to provide further clarity to the content presented in this manual. The CISa exarn is a practice-based exam. Simply reading the reference material in this manual will not properly prepare candidates for the exam. The sample questions are included for guidance only. Scoring results do not indicate future individual exam success Certification has resulted in a positive impact on many careers, and the Cisa designation is respected and acknowledged bt organizations around the world. We wish you success with the CISA exam. Your commitment to pursue the leading certification in IS audit, assurance, control and security is exemplary CISA Review Manual 26th Edition SACA. All Rights Reserved Acknowledgments ACKNOWLEDGMENTS The 26th edition of the CisA Review Manual is the result of thc collective efforts of many volunteers. ISACA members from throughout the global IS audit, control and security professions participated, generously offering their talent and expertise. This international team exhibited a spirit and selflessness that has become the hallmark of contributors to this manual. Their participation and insight arc truly appreciate Special thanks go to lan J. Cooke, CISA, CGEIT, CRISC, CFE, COBIT Foundation, CPTS, ITIL-F, Six Sigma Green Belt, An Post, Ireland, and Jeffrey L. Roth, CISA, CGEIT, CISSP-ISSEP, QSA, USA, who worked on the 26th edition of the CISA Review manual Expert reviewers Rajeev Andharia, CISA, CISSP, COBIT 5 Assessor Implementation, ITIL Expert, PMP, Business Technology Partner Pte Ltd, Singapore Sunil Bakshi, CISA CISM. CGEIT CRISC, National Institute of Bank Management, India Ishwar Chandra, CISA, FCA, I C Associates, India James T Enstrom, CISA, CRISC, CIA, Chicago Board Options Exchange, USA Mohamed Giohar, CISA, CISM, Egypt Florin-Mihai iliescu, CISA, Info-Logica Silverline srl, romania Binoy Koonammavu, CISA, CISM, CRISC, CISSP, ValueMentor Infosec Pvt Ltd, India Shruti Shrikant Kulkarni, CISA, CRISC, CISSP, CPISL CCSK, ITIL V3 Expert, Monitise Group Ltd, United Kingdom S Krishna Kumar CISA, CISM, CGEIT, India Juan Carlos Lopez, CISA, CGEIT, CRISC, COBIT Implementation, COBIT Certified Assessor, ITIL, PMP, Exacta Consulting, Ecuador Balakrishnan Natarajan, CISA, CISM, Pivotal Software, Inc, USA S. Peter Nota, CISA, CISM, CISSP, MBCS, PCI-ISA, Premier Farnell plc, United Kingdom Derek J. Oliver, Ph. D, CISA, CISM, CRISC, DBA, Ravenswood Consultants Ltd, United Kingdom Opeyemi Onifadc, CISA, CISM, CGEIl, Afenoid Enterprise Limited, Nigeria Manuel( Manolo) Palao, CISA, CISM, CGEIT, Accredited COBIT 5 Trainer, COBIT 5 Certified Assessor, P&T: S, SLU Innovation Technology Trends Institute(iTTi), Spain Robert D. Prince CISA CISSP USA Beth Pumo. CISA CISM. Kaiser Permanente, USA Srcc Krishna Rao, CISA, Ernst Young LLP, United Kingdom Markus Schiemer CISA. CGEIT, CRISC. Microsoft Osterreich GmbH, Austria Hilary Shreter, CISA, PMP, USA Katalin Szenes. Ph. D. CISA CISM. CGEIT. CISSP, Obuda University, Hungary Hui Zhu, CISA, CISM, CGEIT, Bluelmpact Ltd, Canada Tichaona Zororo, CISA, CISM, CRISC, CGEIT, Certified COBIT 5 Assessor, CIA, CRMA, EGIT Enterprise Governance ofIT(Pty) Ltd. South africa ISACA has begum planning the next edition of the CISA Review Manual. Volunteer participation drives the success of the manual. If you are interested in becoming a member of the select group of professionals imvolved in this global project, we want to hear from you. Please email us at studymaterials(@isaca. org CISA Review Manual 26th Edition ISACA. All Rights Reserved Certified information CISA Systems Auditor New-CISA Job Practice NEW--CISA JOB PRACTICE BEGINNING IN 2016, THE CISA EXAM WILL TEST THE NEW CISA JOB PRACTICE An international job practice analysis is conducted at least every five years or sooner to maintain the validity of the CISA certification program. A new job practice forms the basis of the CIs a exam beginning in Junc 2016 The primary focus of the job practice is the current tasks performed and the knowledge used by CISAs By gathering evidence of the current work practice of CISAS, ISACa is able to ensure that the Cis a program continues to meet the high standards for the certification of professionals throughout the world The findings of the Cisa job practice analysis are carcfully considered and directly influence the development of new test specifications to ensure that thc CISA cxam reflects the most current best practices The new 201 6 job practice reflects the areas of study to be tested and is compared below to the previous job practice. The complete Cisajobpracticecanbefoundatwww.isaca.org/cisajobpractice Previous CISA Job Practice New 2016 CISA Job Practice Domain 1: The Process of Auditing Information Systems (14%) Domain 1: The Process of Auditing Information Systems(21%) Domain 2: Governance and Management of IT (14% Domain 2: Governance and Management of IT ( 16%) Domain 3: Information Systems Acquisition, Development and Domain 3: Information Systems Acquisition, Development and Implementation(19%) Implementation (18%) Domain 4: Intormation Systems Operations, Maintenance and Domain 4: Information Systems Operations, Maintenance and Service Support(23%) Management (20%) Domain 5: Protection of Information Assets(30%) Domain 5: Protection of Information Assets(25%) CISA Review Manual 26th Edition ISACA. All Rights Reserved CISA Certified Information Systems Aud itor All SACA.certrscafon Page Intentionally left blank CISA Review Manual 26th Edition ISACA. All Rights Reserved Certified Information CIsA Systems Auditor Table of Contents Table of contents About This Manual 7 Overvie Format of This manual 17 Evaluation of This manual 18 About the CISA Review Questions, Answers and Explanations Manual .,护,,甲,中4甲 CISA Online Rcvicw Course 18 Chapter 1 The Process of Auditing Information Systems Section one overview Definition 20 Objectives 20 Task and Knowledge statements 20 Knowledge statements .20 Suggested Resources for Further Study …28 Self-assessment Questions ,, Answers to Self-assessment Questions 30 Section Two: Content 32 1.1 Quick Reference 1. 2 Management of the Is Audit Function. 1. 2. 1 Organization of the IS Audit Function 32 2.2 IS Audit Resource Management. 33 1. 2. 3 Audit plannir 33 Annual Planning..... Individual Audit Assignments 1. 2.4 Effect of Laws and Rcgulations on IS Audit Planning 34 1.3 ISACA IS Audit and Assurance Standards and Guidelines 35 1.3.1 ISACA Code of professional ethics 1.3.2 ISACA IS Audit and Assurance Standards 35 36 Performance 36 Reporting….... 3.3 ISACA IS Audit and Assurance Guidelines 37 Performance ng∴ 40 3.4 ISACA IS Audit and Assurance Tools and Techniques 40 3.5 Relationship Among Standards, Guidelines, and Tools and Techniques 1.3.6 ITAFTM 40 1. 4 IS Controls 41 1. 4. I Risk Analysis 41 1.4.2 Intcrnal Controls 1.4.3 IS Control Objectives 43 1. 4. 4 COBIt 5 1. 4.5 General control 45 1. 4.6 IS Specific Controls 45 15 Performing An IS Audit……………………………… 45 1.5. 1 Audit Objectives..... 1.5.2 TYpes of Audits 1.5.3 Audit methodology CISA Review Manual 26th Edition SACA. All Rights Reserved Table of contents Certified Information CIsA Systems audi 1.5.4 Risk-based Auditing ……148 1. 5. 5 Audit risk and materiality 48 1.5.6 Risk assessment and Treatment 49 Assessing risk 49 Treating Ri 49 1.5.7 IS Audit Risk Assessment Tcchniqucs 50 1.58 Audit programs……… 1.5.9 Fraud Detection 50 1.5.10 Compliance versus Substantive Testing…………… 1.5.11 Evidence 1.5.12 Interviewing and Observing Personnel in Performance of Their Duties 1.5. 13 Sampling 1.5. 14 Using the Services of Other Auditors and Experts 55 1.5.15 Computcr- assisted Audit Techniques…… 56 CAATS as a Continuous Online Audit approach 57 1.5.16 Evaluation of the Control enviornment Judging the Materiality of Findings……. 1.6 Communicating Audit Results 1.6. 1 Audit Report structure and Contents 58 1. 6.2 Audit Documentation 1.6.3 Closing Findings 59 1.7 Control Self-assessment 1.7. 1 Objectives of CSA 61 1.7.2 Benefits of CSa 61 1.7.3 Disadvantages of CSA 61 1.7. 4 Auditor role in csa 1.7.5 Technology Drivers for CSA………… 61 1.7.6 Traditional Versus CSA Approach 1. 8 The evolving is audit Process........... 1.8. 1 Integrated Auditing 1.8.2 Continuous auditing 62 1.9 Case studies… 1.9.1 Case Study A 64 9.2 Case study B 65 1.9.3 Case Study c 65 1. 10 Answers to Case Study Case study a questi Answers to Case Study B Questions Case Study C Qr Chapter 2 Governance and Management of IT .67 Section One: Overview 68 Definition 68 Objectives…… …68 Task and Knowledge statements 68 Tasks Knowledge Statements Suggested Resources for Further Stud 80 self- assessment Questions…… 81 Answers to Self-- assessment Questions……… .82 CISA Review Manual 26th Edition ISACA. All Rights Reserved. CISA Certified Information Systems Auditor Table of Contents Section two: Content 2.1 Quick Reference.… ,普布 .84 2.2 Corporate Governance 2.3 Governance of Enterprise IT 85 2.3. 1 Good Practices for Governance of Enterpise IT Governance of Enterprise IT and Management Frameworks 86 86 ∧ udit Role in Governance of Enterprise…… .87 2.3.2 IT Governing Committees 88 2.3.3 I'l Balanced Scorecard 2.3. 4 Information Security Governance 89 Effective Information Security governance 90 Roles and Responsibilities of Senior Management and Boards of Directors Matrix of Outcomes and Responsibilities 2.3.5 Enteprise Architecture 0? 2.4 Information Systems Strategy 2.4.1 Strategic Planning 242 IT Steering Committee……… 94 2.5 Maturity and Process Improvement models 2.6 IT Investment and Allocation practices 2.6.1 Value of it 95 2.6.2 Implementing IT Portfolio Management 95 2.6.3 IT Portfolio Management Versus Balanced Scorecard 2.7 Policies and Procedures testa 95 2.7.1 Policies 96 Information Security Policy 2.7.2 Proccdurcs 98 28 Risk Management… 98 2.8. 1 Developing a Risk Management Program 2.8.2 Risk Management Process Step 1: Asset Identification .98 Step 2: Evaluation of Threats and Vulncrabilitics to Asscts Step 3: Evaluation of the Impact Step 4: Calculation of Risk ··· Step 5: Evaluation of and Response to risk 2.8.3 Risk Analysis Methods 100 Qualitative Analysis Methods ,100 Semiquantitative Analysis Methods Quantitative Analysis Methods 2.9 Information Technology Management Practices 100 2.9. 1 Human Resource Management .100 Hiring… Employee Handbook Promotion policies 10l Training... ,来.垂号中,+·鲁··自由自由“指 101 Scheduling and Time Reporting 101 Employee Performance Evaluations 01 RequiredⅤ acations 101 Termination policies 101 2.9.2 Sourcing practices 102 Outsourcing Practices and Strategies Industry Standards/Benchmarking 104 Globalization Practices and Strategies Cloud Computing……… Outsourcing and Third-party Audit Reports 104 Governance in Out ng… 106 CISA Review Manual 26th Edition 3 ISACA. All Rights Reserved Table of Contents CISA Setiied Information Capacity and growth Planning Third-party Service Delivery Management 107 Sorvicc Improvement and User Satisfaction…… .d命 108 2.9.3 Organizational Change Management 2.9. 4 Financial Management Practices 109 IS Budgets Software Development..... 2.9.5 Quality Management .109 2.9.6 Information Security Management 110 2.9.7 Performance Optimization 110 Critical success Factors Methodologies and Tools..................... …10 Tools and Techniques... 111 2.10 IT Organizational Structure and responsibilities 2.10.1it Roles and responsibilities Vendor and Outsourcer Management 112 Infrastructure Operations and maintenance.…,…… 113 Media Management 113 Data entr 113 Supervisory Control and Data Acquisition…………………… Systems administration 113 Sccurity administration. 113 Quality Ass 114 Database administration 114 na 114 ecurity Architect …114 System Security Engineer……… 114 Applications Development and Maintenance * Infrastructure Development and maintenance 115 Network management 2.10.2 Segregation of Duties Within IT…… 115 2. 10.3 Segregation of Duties Controls 116 Transaction authorization 16 Custody of assets 116 Access to data 116 Compensating Controls for Lack of Segregation of Duties 117 2.11 Auditing IT Governance structure and Implementation.... 117 2.11.1 Reviewing Documentation.…… 117 2.11.2 Reviewing Contractual Commitments...... 118 2.12 Business Continuity Planning ..l18 2. 12. 1 IT Business Continuity Planning 119 2. 12.2 Disasters and Other Disruptive events 120 Pandemic Planning… 120 Dealing With Damage to Image, Reputation or brand 120 U nanticipated/Unforeseeable Events....................,..... 121 2. 12.3 Business Continuity Planning Process l21 2. 12. 4 Business Continuity Policy..... 12 2. 12.5 Business Continuity Planning Incident Management. 122 2126 Busincss Impact Analysis…… Classification of Operations and Criticality Analysis …………………125 2. 12.7 Development of Business Continuity Plans 125 2.12.8 Other Issues in Plan Dcvclopmcnt……… …126 2. 12.9 Components of a Business Continuity Plan 120 Key Decision-making Personnel 127 Backup of Required Supplies 127 Insurance ···· 127 CISA Review Manual 26th Edition ISACA. All Rights Reserved. 【实例截图】
【核心代码】
标签:
好例子网口号:伸出你的我的手 — 分享!
小贴士
感谢您为本站写下的评论,您的评论对其它用户来说具有重要的参考价值,所以请认真填写。
- 类似“顶”、“沙发”之类没有营养的文字,对勤劳贡献的楼主来说是令人沮丧的反馈信息。
- 相信您也不想看到一排文字/表情墙,所以请不要反馈意义不大的重复字符,也请尽量不要纯表情的回复。
- 提问之前请再仔细看一遍楼主的说明,或许是您遗漏了。
- 请勿到处挖坑绊人、招贴广告。既占空间让人厌烦,又没人会搭理,于人于己都无利。
关于好例子网
本站旨在为广大IT学习爱好者提供一个非营利性互相学习交流分享平台。本站所有资源都可以被免费获取学习研究。本站资源来自网友分享,对搜索内容的合法性不具有预见性、识别性、控制性,仅供学习研究,请务必在下载后24小时内给予删除,不得用于其他任何用途,否则后果自负。基于互联网的特殊性,平台无法对用户传输的作品、信息、内容的权属或合法性、安全性、合规性、真实性、科学性、完整权、有效性等进行实质审查;无论平台是否已进行审查,用户均应自行承担因其传输的作品、信息、内容而可能或已经产生的侵权或权属纠纷等法律责任。本站所有资源不代表本站的观点或立场,基于网友分享,根据中国法律《信息网络传播权保护条例》第二十二与二十三条之规定,若资源存在侵权或相关问题请联系本站客服人员,点此联系我们。关于更多版权及免责申明参见 版权及免责申明
网友评论
我要评论