Introduction

The ISACA CISA exam has become the leading ethical hacking certification available today. CISA is recognized by both employers and the industry as providing candidates with a solid foundation of auditing and technical network assessment review. The CISA exam covers a broad range of IT auditing concepts to prepare candidates for roles in both audit and non-audit capacities, including IT risk management, IT compliance, and IT controls analysis.

This book offers you a one-stop shop for what you need to know to pass the CISA exam. To pass the exam, you do not have to take a class in addition to reading this book. However, depending on your personal study habits or learning style, you might benefit from buying this book and taking a class.

Cert Guides are meticulously crafted to give you the best possible learning experience for the particular characteristics of the technology covered and the certification exam. The instructional design implemented in the Cert Guides reflects the nature of the CISA certification exam. The Cert Guides provide you with the factual knowledge base you need for the exams and then take it to the next level with exercises and exam questions that require you to engage in the analytic thinking needed to pass the CISA exam.

ISACA recommends that a candidate for this exam have a minimum of 5 years of experience in audit and IT security. In addition, ISACA requires that candidates have that experience within the 10-year period preceding the application date for certification or within 5 years.

This book’s goal is to prepare you for the CISA exam, and it reflects the vital and evolving responsibilities of IT auditors. It provides basics to get you started in the world of IT audit and prepare you for the exam. Those wanting to become experts in this field should be prepared for additional reading, training, and practical experience.

One key methodology used in this book is to help you discover the exam topics and tools that you need to review in more depth. The CISA exam will expect you to understand not only IT auditing concepts but common frameworks such as COBIT. This book does not try to help you pass the exam by memorization alone but helps you truly learn and understand the topics and know when specific approaches should be used. This book will help you pass the CISA exam by using the following methods:

Helping you discover which test topics you still need to master

Providing explanations and information to fill in your knowledge gaps

Supplying exercises and scenarios that enhance your ability to recall and deduce the answers to test questions

Providing practice exercises on the topics and the testing process via test questions online

So, why should you want to pass the CISA exam? Because it’s one of the leading IT audit certifications. It is also featured as part of DoDD 8140, and having the certification might mean a raise, a promotion, or other recognition. It’s also a chance to enhance your resume and to demonstrate that you are serious about continuing the learning process and are not content to rest on your laurels.

When taking the actual certification exam, make sure that you answer all the questions before your time limit expires. Do not spend too much time on any one question. If you are unsure about the answer to a question, answer it as best you can and then mark it for review.

Remember that the primary objective is not to pass the exam but to understand the material. When you understand the material, passing the exam should be simple. Knowledge is similar to a pyramid in that to build upward, you need a solid foundation. This book and the CISA certification are designed to ensure that you have that solid foundation.

Regardless of the strategy you use or the background you have, the book is designed to help you get to the point where you can pass the exam in the least amount of time possible. Several book features will help you gain the confidence you need to be convinced that you know some material already and to help you know what topics you need to study more.

The core chapters, Chapters 2 through 9, cover the following topics:

Chapter 2, “The Information Systems Audit”: This chapter discusses basic audit techniques and the skills that are required of an auditor. This chapter reviews guidance documents and auditing standards.

Chapter 3, “The Role of IT Governance”: This chapter discusses the basic ideas behind governance and steering committees. The chapter reviews management and control frameworks and process optimization.

Chapter 4, “Maintain Critical Services”: This chapter covers issues related to business continuity and disaster recovery. Maintaining critical services requires an understanding of criticality and maximum tolerable downtime.

Chapter 5, “Information Systems Acquisition and Development”: This chapter examines IT acquisition and the decision to build or buy. Project management and application development methodologies are discussed. Emerging technologies such as cloud computing are also covered.

Chapter 6, “Auditing and Understanding System Controls”: This chapter covers auditing and business controls.

Chapter 7, “System Maintenance and Service Management”: This chapter covers the basics of system maintenance and service management, including service management frameworks and networking infrastructure.

Chapter 8, “Protection of Assets”: This chapter examines the controls used to protect assets. These controls can be administrative, physical, or technical. The concept is to layer controls to provide reasonable assurance.

Chapter 9, “Asset Threats, Response, and Management”: This chapter discusses incident management and the response to threats from both insiders and outsiders.

The book includes many features that provide different ways to study so you can be ready for the exam. If you understand a topic when you read it but do not study it any further, you probably will not be ready to pass the exam with confidence. The following features in this book give you tools that help you determine what you know, review what you know, better learn what you don’t know, and be well prepared for the exam:

“Do I Know This Already?” quizzes: Each chapter begins with a quiz that helps you determine the amount of time you need to spend studying that chapter.

Foundation Topics: This section provides the core content of each chapter. In it you learn about the protocols, concepts, and configuration for the topics in the chapter.

Exam Preparation Tasks: This section lists a series of study activities that should be done after reading the Foundation Topics section. Each chapter includes the activities that make the most sense for studying the topics in that chapter. This section includes the following activities:

Key Topics Review: The Key Topic icon appears next to the most important items in the Foundation Topics section of the chapter. The Key Topics Review activity lists the key topics from the chapter and their page numbers. Although the contents of the entire chapter could be on the exam, you should definitely know the information listed in each key topic. Review these topics carefully.

Definition of Key Terms: Although certification exams might be unlikely to ask you to define terms, the CISA exam requires you to learn and know a lot of terminology. This section lists some of the most important terms from the chapter and asks you to write a short definition and compare your answer to the Glossary.

Memory Tables: Like most other certification guides from Pearson IT Certification, this book purposefully organizes information into tables and lists for easier study and review. Rereading these tables can be very useful before the exam. However, it is easy to skim over the tables without paying attention to every detail, especially when you remember having seen the table’s contents when reading the chapter.

Instead of simply reading the tables in the various chapters, you can use Appendix B, “Memory Tables,” and Appendix C, “Memory Tables Answer Key,” as another review tool. Appendix B lists partially completed versions of many of the tables from the book. You can open Appendix B (a PDF on the companion website page that comes with this book) and print the appendix. For review, attempt to complete the tables.

Appendix C, also a PDF located on the companion website page, lists the completed tables so you can check yourself. You can also just refer to the tables as printed in the book.

Exercises: At the end of each chapter are sample exercises that list a series of tasks for you to practice to apply the lessons from the chapter in a real-world setting.

Review Questions: These questions help you confirm that you understand the content just covered.

Answers and Explanations: We provide the answer to each of the Review Questions, as well as explanations about why each possible answer is correct or incorrect.

Suggested Readings and Resources: Each chapter provides a list of links to further information on topics related to the chapter you’ve just read.

1. Register your book by going to PearsonITCertification.com/register and entering the ISBN 9780789758446.

2. Respond to the challenge questions.

3. Go to your account page and select the Registered Products tab.

4. Click on the Access Bonus Content link under the product listing.

Step 1. Go to www.PearsonTestPrep.com.

Step 2. Select Pearson IT Certification as your product group.

Step 3. Enter your email/password for your account. If you don’t have an account on PearsonITCertification.com or CiscoPress.com, you need to establish one by going to PearsonITCertification.com/join.

Step 4. In the My Products tab, click the Activate New Product button.

Step 5. Enter the access code printed on the insert card in the back of your book to activate your product.

Step 6. The product will now be listed in your My Products page. Click the Exams button to launch the exam settings screen and start your exam.

To access the book’s companion website and the software, simply follow these steps:

Step 1. Register your book by going to PearsonITCertification.com/register and entering the ISBN 9780789758446.

Step 2. Correctly answer the challenge questions.

Step 3. Go to your account page and select the Registered Products tab.

Step 4. Click the Access Bonus Content link under the product listing.

Step 5. Click the Install Pearson Test Prep Desktop Version link under the Practice Exams section of the page to download the software.

Step 6. When the software finishes downloading, unzip all the files on your computer.

Step 7. Double-click the application file to start the installation and follow the onscreen instructions to complete the registration.

Step 8. When the installation is complete, launch the application and click the Activate Exam button on the My Products tab.

Step 9. Click the Activate a Product button in the Activate Product Wizard.

Step 10. Enter the unique access code found on the card in in the back of your book and click the Activate button.

Step 11. Click Next and then click Finish to download the exam data to your application.

Step 12. You can now start using the practice exams by selecting the product and clicking the Open Exam button to open the exam settings screen.

Study Mode: Study Mode allows you to fully customize your exams and review answers as you are taking the exam. This is typically the mode you use first, to assess your knowledge and identify information gaps.

Practice Exam Mode: Practice Exam Mode locks certain customization options and presents a realistic exam experience. Use this mode when you are preparing to test your exam readiness.

Flash Card Mode: Flash Card Mode strips out the answers and presents you with only the question stem. This mode is great for late-stage preparation, when you really want to challenge yourself to provide answers without the benefit of seeing multiple choice options. This mode will not provide the detailed score reports that the other two modes will, so it should not be used if you are trying to identify knowledge gaps.

In addition to using these three modes, you can select the source of your questions. You can choose to take exams that cover all the chapters, or you can narrow your selection to just a single chapter or the chapters in specific parts of the book. All chapters are selected by default. If you want to narrow your focus to individual chapters, simply deselect all the chapters then select only those on which you wish to focus in the Objectives area.

You can also select the exam banks on which to focus. Each exam bank comes complete with a full exam of questions that cover topics in every chapter. The two exams printed in the book are available to you, along with two additional exams of unique questions. You can have the test engine serve up exams from all four banks or just from one individual bank by selecting the desired banks in the exam bank area.

There are several other customizations you can make to your exam from the exam settings screen, such as the time allowed for the exam, the number of questions served up, whether to randomize questions and answers, whether to show the number of correct answers for multiple-answer questions, or whether to serve up only specific types of questions. You can also create custom test banks by selecting only questions that you have marked or questions for which you have added notes.

Sometimes, due to many factors, the exam data may not fully download when you activate your exam. If you find that figures or exhibits are missing, you may need to manually update your exams.

To update a particular exam you have already activated and downloaded, simply select the Tools tab and click the Update Products button. Again, this is only an issue with the desktop Windows application.

If you wish to check for updates to the Pearson Test Prep exam engine software, Windows desktop version, simply select the Tools tab and click the Update Application button to ensure that you are running the latest version of the software engine.