CISA: Certified Information Systems Auditor Study Guide

Book Description

Demand for qualified and certified information systems (IS) auditors has increased dramatically since the adoption of the Sarbanes-Oxley Act in 2002. Now you can prepare for CISA certification, the one certification designed specifically for IS auditors, and improve your job skills with this valuable book. Not only will you get the valuable preparation you need for the CISA exam, youll also find practical information to prepare you for the real world. This invaluable guide contains:

Authoritative coverage of all CISA exam objectives, including:

The IS Audit Process.
IT Governance.
Systems and Infrastructure Lifecycle Management.
IT Service Delivery and Support.
Protection of Information Assets.
Disaster Recovery and Business Continuity.

Practical information that will prepare you for the real world such as:

Secrets of successful auditing.
Government regulations at a glance.
Incident handling checklist.
Scenarios providing insight into professional audit systems and controls.

Additional exam and career preparation tools such as:

Challenging chapter review questions.
A glossary of terms.
Tips on preparing for exam day.
Information on related certifications.

A free CD-ROM with:

Advanced testing software with challenging chapter review questions plus bonus practice exams so you can test your knowledge.
Flashcards that run on your PC, Pocket PC, or Palm handheld.
The entire book in searchable and printable PDF.

Customer Reviews:

Great Book for Targeted Learning.......2007-10-03

The CISA exam is written in a way to reflect the choices an auditor faces. What's best, what's the most preferred, etc., tend to be the types of questions one faces. (The CISA exam is not going to ask the test sitter, what is the best in a given environment, as that would be too ridiculous to measure.) As such, people often find the test confusing, because they want to read too much into the questions.

I picked this book up the week before the CISA exam and targeted my reading toward those areas in which I had the least experience (e.g. SDLC, etc) and I passed. That was it! Although not perfect, the book is readable and focused. There are some decent example questions at the back of the book that will prepare one for the types of questions on the test.

Good CISA study guide.......2007-09-11

This book is easy to read and it helps to study for the exam especially if you have CISA exam question CD.
I highly recomend it (and exam question CD too).

Good book, used it and passed Dec 2006 Exam. I am a CISA thanks to this book.......2007-08-15

Good book, used it and passed Dec 2006 Exam on my first attempt. I am a CISA, thanks to this book.The details are just what you need, the authors a did a good job, i recommend it to my brother and friends for Dec 07 Exams, and i talk about it to whoever care to listen.
A book does not need to be a hard core to be good, simple easy and straight forward that is why i like it. it gives you the details,it is a good manual.

Used it to pass the June 2007 exam.......2007-08-10

I just found out that I passed the June 2007 exam. I used 2 items to study.
This book and the question and answer database from ISACA.
First, do not try to use this book alone.
Second, dont even waste your time with the practice questions at the end of the chapter. You will never see questions like those on the exam.
Third, I would recommend the question and answer database. You will see questions like those on the exam.
After using this book and the Q&A database, the test was not that hard. I was not surprised by any questions.

Good study guide, but not enough for the exam.......2007-06-23

I took the exam two weeks ago and did really good. I would recommend studying ISACA's CISA review questions in addition to this book. Reading this book alone will not help you pass the exam. The concepts are well explained but the questions in the book are nothing like the ones in the exam.

Good luck

Automated Software Testing: Introduction, Management, and Performance

Average customer rating:

Best Automation Testing Book Ever
Cut out the bull
Excellent Book for implementing Automation
You'll Need This Guide to Implement Automated Testing
A Compilation of Generalizations

Automated Software Testing: Introduction, Management, and Performance
Elfriede Dustin , Jeff Rashka , and John Paul
Manufacturer: Addison-Wesley Professional
ProductGroup: Book
Binding: Paperback

General | Computers & Internet | Subjects | Books

General | Software | Computers & Internet | Subjects | Books

Look Inside Computer Books | Trip | Specialty Stores | Books

All Titles | Qualifying Textbooks - Fall 2007 | Stores | Books

Computers & Internet | Qualifying Textbooks - Fall 2007 | Stores | Books
Similar Items:

ASIN: 0201432870

Amazon.com

Written for those with some background in software engineering, Automated Software Testing: Introduction, Management, and Performance delivers a rigorous guide to the state of the art in managing automated testing in a text that will benefit anyone who tests software for a living.

First and foremost, Automated Software Testing presents a methodology for test managers called Automated Testing Lifecycle Management (ATLM). This soup-to-nuts tour of testing takes you from initial planning, budgeting, and staffing to building a test plan and choosing test tools to executing tests and even improving your testing process the next time around. Though somewhat thickly written--with plenty of software engineering terminology--this book can also be useful to more practically minded readers because of its many sample test documents. (Besides numerous lists and charts outlining the steps in the ATLM process, the book presents a sample test plan, budget estimates, and staffing guides.)

A truly standout feature is the book's survey of currently available automated tools that can be used throughout the testing cycle, as well as how to choose the right ones for your next project. For many software testers and managers, this section alone is probably worth the price of the book.

As this book points out, test engineering is a growth field. While schools and businesses work hard to meet the demand for qualified testing professionals, this title can provide a solid guide to the best thinking on automated testing solutions that will save time and money as well as improve software quality. --Richard Dragan

Topics covered: Theory and practice of automated software testing, the Automated Testing Lifecycle Management (ATLM) process, test analysis, planning, design and execution, white-box and black-box testing, metrics, and choosing testing tools.

Customer Reviews:

Best Automation Testing Book Ever.......2006-09-01

This book as far as I am concerned is best automation software testing book written ever.

Cut out the bull.......2002-12-03

Unfortunately this book (like nearly all other books on software testing) does not teach you how to test software. Instead it only gives you information needed to manage software testing. And, like many other books of management, it is highly repetitive and redundant. For somebody needing compressed information this is the wrong book. I think it would be no big deal to reduce the number of pages to 50% and still deliver the same message. The exmamples given in the text read like from a psychology book, not like from a technical book. Despite my critique I have to admit that the annexes in the book can be highly valuable. Personally I liked best the review of the big number of test tools.

Excellent Book for implementing Automation.......2001-09-28

This is one of THE books if you plan on implementing automated testing in your software shop. Covers everything from Lifecycle to tool evaluations to best practices. This one that is definitely on my "bookshelf on the go" that follows me to all projects. I especially appreciated the Appendix with real world stuff and references to tool manufacturers. Great work!

You'll Need This Guide to Implement Automated Testing.......2001-04-26

I recently joined a firm that simply wanted to purchase an automated test tool within two weeks; "it made little difference which tool". Using this book, they became convinced we should install at least three tools, on evaluation. Good thing we did: we found that only one could deal with "customized" Java applets used in their applications.

Little did our test team know beforehand that new automated tools require evaluation: what technologies are your applications using? what levels of test planning and scripting skills will be required for each tool? what other tools may be necessary sooner or later? and, does your test tool vendor of choice market such complementary tools? And much, much more.

"Automated Software Testing" guides readers through each step in the planning, selection, and implementation process to assure that automated software testing will be developed in a systematic manner.

See the table of contents. You will find that for less than the cost of a testers time for two hours, your business will be investing in knowledge that will save perhaps hundreds of thousands of dollars over the life of your applications.

A Compilation of Generalizations.......2001-03-15

As an engineer involved with software QA for a number of years, I found the book to be so generalized as to be essentially worthless. The authors devote page after page to explain methods and procedures with diagrams that depict the intuitively obvious. Their ATLM (Automated Test Life-Cycle Methodology) is as complicated as diagramming the Earth's water cycle. I don't need to spend Forty odd dollars and peruse 600 pages to learn that I might be able to use some nonspecific automated testing tool somewhere along the software development process.

The CISA Prep Guide: Mastering the Certified Information Systems Auditor Exam

Average customer rating:

Overpriced, misaligned, bloated + boring = 2 stars
Obtuse and perhaps worthless
Don't waste your money
CISA Prep Guide, not entirely useless
Fire the Editor!

The CISA Prep Guide: Mastering the Certified Information Systems Auditor Exam
John Kramer , and John B. Kramer
Manufacturer: Wiley
ProductGroup: Book
Binding: Paperback

Study Skills | Education | Nonfiction | Subjects | Books

General | Certification Central | Computers & Internet | Subjects | Books

General | Computers & Internet | Subjects | Books

Study Guides | Reference | Subjects | Books

Look Inside Business Books | Trip | Specialty Stores | Books

Look Inside Computer Books | Trip | Specialty Stores | Books

Look Inside Nonfiction Books | Trip | Specialty Stores | Books

Look Inside Reference Books | Trip | Specialty Stores | Books

All Amazon Upgrade | Amazon Upgrade | Stores | Books

Business & Investing | Amazon Upgrade | Stores | Books

Computers & Internet | Amazon Upgrade | Stores | Books

Nonfiction | Amazon Upgrade | Stores | Books

Professional & Technical | Amazon Upgrade | Stores | Books

Reference | Amazon Upgrade | Stores | Books

All Titles | Qualifying Textbooks - Fall 2007 | Stores | Books

Business & Investing | Qualifying Textbooks - Fall 2007 | Stores | Books

Computers & Internet | Qualifying Textbooks - Fall 2007 | Stores | Books

Nonfiction | Qualifying Textbooks - Fall 2007 | Stores | Books

Professional | Qualifying Textbooks - Fall 2007 | Stores | Books

Reference | Qualifying Textbooks - Fall 2007 | Stores | Books
Similar Items:

ASIN: 0471250325

Book Description

This is the first commercially available book to offer CISA study materials
The consulting editor, Ronald Krutz, is the co-author of The CISSP Prep Guide (0-471-26802-X)
Provides definitions and background on the seven content areas of CISA
Includes many sample test questions and explanations of answers
More than 10,000 people registered for the CISA exam in 2002
CD-ROM contains annual updates to the exam so the book remains current for a number of years

Customer Reviews:

Overpriced, misaligned, bloated + boring = 2 stars.......2006-07-13

I gave this book 2 stars because it's overpriced, misaligned, bloated and quite boring. Lots of time, Kramer used 200 words to explain something when 50 would have been enough. There's alot of minor errors + many cases where the author is completely wrong. The content covers CISA's material but it simply does not match with CISA's domains. If I had to throw a stone to someone, that would be to the editor cos that guy simply did not do his job. There's way too many content errors, spelling mistakes and ambiguous sentences.

To wrap thing up, it's a subpar book with an hefty price tag. I would NOT recommand it to anyone taking an ISACA exam. Your $$$ would be better spent buying the official CRM 2006.

Obtuse and perhaps worthless.......2005-05-13

Why use 1 word when 12 will bewilder the reader and make the book that much thicker. I can not believe that a qualified editor reviewed this book.

The wheat to chaff ratio is horrendous. You can go whole paragraphs without coming upon anything worth knowing.

I can only hope that the actual CISA exam questions are not written as poorly as the sample questions within this book.

If you value your time, do not buy this book.

Don't waste your money.......2005-03-05

I purchased this book -- unfortunately before I read the reviews here -- to prepare for the CISA. Despite the optimistic title, the book fails to deliver in just about every area. The book is not connected to the exam in any logical form or structure. One of the biggest draws for a book like this is the practice test software. Sadly, this book fails yet again. The software works, but the questions in some cases are just plain wrong! I wrote to the editor and they offered me an errata sheet that I could use to spot mistakes in their data???? What good is that? My advice is that you skip this book, avoid this author, and not patronize this publisher since they are not willing to make good on their promises.

CISA Prep Guide, not entirely useless.......2005-02-18

I purchased this guide, after 13 years of practical experience, mainly for the test materials. However, I did attempt to read the book, and must say that it is a chore. The author's style and usage leave much to be desired.
Most troublesome were the obvious inconsistencies within the test materials. The test results showed that answers correctly chosen were often scored as wrong, and some wrongly chosen were often scored as correct. It's as if they updated the software to "mix it up" between revisions, but failed to update the actual answers to correspond with the changes.
I did complain to the publisher and ask for an updated software version, but only received back that they would check with the author. I have since heard nothing. Of course, when you are preparing for a test, the main thing you are looking for in a review system is accuracy ... on this account the book and software fail.
I don't recommend this book if you are seriously considering taking the exam and want to review.

Fire the Editor!.......2004-06-09

I am an IS professional with 25 years of experience but it's been 6 years since I took a certification test. I needed the book to codify what I already knew from experience. I found the actual subject matter of the book to be adequate, but the author often took 500 words to say what could have been said in 50. And then he often said it wrong! And with bad grammer and incomplete sentences. I was as angry at the book editor as I was with the author. I kept thinking that English must not be the author's native language, but even so, the editor didn't do his job. That's probably why an updated version has not been issued. Get a new author! Get a new editor!

The software also was bad. I have used Boson software and tests before and found them very good. The test engine may work great, but if the data is wrong, it doesn't matter how great the engine is.

Book Description

Protect Your Systems with Proven IT Auditing Strategies

"A must-have for auditors and IT professionals." -Doug Dexter, CISSP-ISSMP, CISA, Audit Team Lead, Cisco Systems, Inc.

Plan for and manage an effective IT audit program using the in-depth information contained in this comprehensive resource. Written by experienced IT audit and security professionals, IT Auditing: Using Controls to Protect Information Assets covers the latest auditing tools alongside real-world examples, ready-to-use checklists, and valuable templates. Inside, you'll learn how to analyze Windows, UNIX, and Linux systems; secure databases; examine wireless networks and devices; and audit applications. Plus, you'll get up-to-date information on legal standards and practices, privacy and ethical issues, and the CobiT standard.

Build and maintain an IT audit function with maximum effectiveness and value

Implement best practice IT audit processes and controls
Analyze UNIX-, Linux-, and Windows-based operating systems
Audit network routers, switches, firewalls, WLANs, and mobile devices
Evaluate entity-level controls, data centers, and disaster recovery plans
Examine Web servers, platforms, and applications for vulnerabilities
Review databases for critical controls
Use the COSO, CobiT, ITIL, ISO, and NSA INFOSEC methodologies
Implement sound risk analysis and risk management practices
Drill down into applications to find potential control weaknesses

Customer Reviews:

Excellent practical coverage of IT Auditing.......2007-06-07

This is by far the most useful book I've seen covering the subject matter of IT Audits in more than 20 years of IT Auditing. I noticed that ISACA picked up this book as part of their bookstore. The narrative is easy to read throughout the book and the book is laid out and formatted thoughtfully.

I now manage the IT Audit function for a large US-based bank and found the first three chapters (Building an Effective IT Audit Function; The Audit Process; and Auditing Entity Level Controls) particularly well done for understanding how to build the IT Audit team into your environment technically and politically.

The next section of the book, Chapters 4-12 (Data Centers/DR; Switches, Routers, Firewalls; Windows; UNIX and Linux; Web Servers; Databases; Applications; WLAN/Mobile; Company Projects) is solid, very well done, and consistent with other checklists we've used. The checklists are written from an auditor's perspective and contain an excellent level of detail covering what you should do, why, and how. Any more detail and a real world audit would never get completed before it was time to move on to the next audit. IT Audits provided my team members excellent guidance on two recent audits. My team liked the book's layout and level of detail. It's written at an appropriate and realistic level that an auditor can work his or her way through a checklist without getting overwhelmed.

Finally, the last section of the book (Frameworks and Standards; Regulations; and Risk Management) provides a good overview of the several standards and regulations we deal with every day. The chapter on Risk Management is one of the best reviews on that topic in a while.

Overall I think this is an exceptional book and I wouldn't hesitate to recommend this to someone in the IT Audit field.

Good if you focus on the auditing profession but ignore some tech details.......2007-05-06

I have no experience with auditing in the formal sense described by IT Auditing. I am familiar with the technical aspects of host and network security, but I wanted to know more about the goals and views of those who audit enterprises from a security standpoint. IT Auditing succeeds when it discusses the profession of auditing but I found some of the technical details lacking. Therefore, I recommend focusing on chapters 1-3 and 12-15, while using the technical chapters as indicators for outside research.

Chapter 1 makes clear that IT Auditing is written for internal audit teams. The author argues that involvement is better than "independence," since adhering to the later business approach is a recipe for outsourcing the audit function. I liked the beginning and end of IT Auditing because they emphasized how internal audit teams should work with business IT functions. These chapters answered questions on whether or not audit should review and comment upon projects before completion (yes) and related "soft" topics.

The middle of IT Auditing concentrates on how to audit data centers, infrastructure, operating systems, Web servers, databases, applications, and wireless/mobile devices. I found these chapters less appealing. When I read "it's much more common to find SNMP Version 2 in most corporate environment" (sic, p 121) or see mention of "Universal Data Ports (UDPs)" (sic, p 172) I question the validity of the technical recommendations. Other examples include equating NAT with proxies (p 117) and the statement that "network vulnerability scanning... is probably the most important type of security discovery or monitoring in most environments" I begin to understand the horror stories I hear from some who are audited.

When it came to understanding the audit mindset, I think IT Auditing really helped me. It seems auditors are far more likely to be interested in reviewing paperwork than really assessing effectiveness of security controls. Repeatedly I read statements like "evaluate the effectiveness of the security personnel function" by looking at documentation. In a few areas auditors seem to understand the value of real tests, e.g., trying to restore a backup rather than reviewing logs saying backups were completed. This focus on validating paperwork over operational activity is the single biggest problem with audits. It's clear a "system" could pass all its audit checks with flying colors while still being completely compromised. (Yes, p 201-2 mentions Chkrootkit, but that program is only effective in limited scenarios.) Audit is configuration and paperwork validation, not system integrity assessment.

I recommend reading IT Auditing if you want to get a better idea of how your auditors think and what they want to inspect. If you're an auditor who wants authoritative technical guidance you will probably learn more from dedicated system and network hardening books designed for administrators. IT Auditing's checklists can at least put you in the ballpark, however.

Core Concepts of Information Technology Auditing

Average customer rating:

Use on SOX reviews
It mainly about Security Risk issues
Apt title - excellent intro
Up to date, encompassing textbook on IT auditing

Core Concepts of Information Technology Auditing
James E. Hunton , Stephanie M. Bryant , and Nancy A., DBA Bagranoff
Manufacturer: Wiley
ProductGroup: Book
Binding: Paperback

General | Business & Investing | Subjects | Books

MIS | Industries & Professions | Business & Investing | Subjects | Books

Leadership | Management & Leadership | Business & Investing | Subjects | Books

Systems Analysis & Design | Computer Science | Computers & Internet | Subjects | Books

General | Computers & Internet | Subjects | Books

All Titles | Qualifying Textbooks - Fall 2007 | Stores | Books

Business & Investing | Qualifying Textbooks - Fall 2007 | Stores | Books

Computers & Internet | Qualifying Textbooks - Fall 2007 | Stores | Books

Professional | Qualifying Textbooks - Fall 2007 | Stores | Books
Similar Items:

ASIN: 0471222933

Book Description

Offering concise, readable coverage of information technology auditing, this new book helps readers understand the impact of information and communication technologies on organizations and accountants, and shows how to apply IT-auditing techniques using computer-assisted auditing tools. The book also explores security issues, legal and ethical issues, and more.
* Describes the use of computer assisted audit techniques and computer fraud auditing
* Explains IT audit in the context of the CobiT(r) framework.
* Accompanied by a CD with ACL software, and an appendix contains an audit case requiring its usage. There is also and appendix of IT audit terminology and definitions.

Customer Reviews:

Use on SOX reviews.......2004-11-21

Affordable book compared to other IT books, it is well written that provides a comprehensive framework for IT auditing. I especially liked the many Figures/Exhibits that listed Key Risks for the many subjects covered. Working in the SOX compliance area, these risks were a useful summary/checklist to understand what risks should be assessed and managed for SOX compliance. It would not be a detailed book for implementation for an CIO and staff to follow, but for an audit assessment of an IT department, I found useful.

Also, solid instructional material on use of ACL, and of course, the software itself.

It mainly about Security Risk issues.......2004-09-17

As an example, in the chapter on IT Risks and Controls, the only discussion of data integrity is buried in a few lines in a section entitled Security Risk. The examples in the book are mainly about Security issues. Take the subject of data integrity on file transfers. I believe the only mention of the subject outside of Security concerns is a Figure on the OSI Model (Transport layer alone won't detect if a mixture of old and new files are erroneously transfered to downstreams). There is no mention of detection/recovery of skipping/double-posting transactions, error thresholds, data base consistency on no-posts, restart/retry logic, checking for count and amount mismatches, balancing using checkpoints, etc. An auditor I believe should be aware of these types of issues concerning data integrity even in a core concept book.

Apt title - excellent intro.......2004-07-13

Although this is a college-level text, it can be effectively used by newly minted IT auditors to quickly learn the key knowledge and skill factors needed to function within their roles.

I like and highly recommend this book because of the emphasis on CObIT (Control Objectives for IT), which is the basis for auditing per the IT Governance Institute, which is, in turn under the aegis of Information Systems Audit and Control Association.

As stated by a previous reviewer, this book is wide in scope. The first three chapters cover the basics in clear prose and sufficient detail to give both students and on-the-job new practitioners all of the information needed to orient themselves in the role of an IT auditor. The emphasis on risk management in different domains is another strong point. The chapters covering risks associated with network and telecommunications, e-business systems, and system deployments are both technically accurate and portray realistic scenarios. Chapters 9 (Conducting the IT Audit), and 10 (Fraud and Forensic Auditing) round out the topic areas, leaving no gaps in the knowledge required to be an IT auditor.

The accompanying CD ROM has a software application to be used in conjunction with Appendix B case study. I did not work the case study, nor did I thoroughly exercise the application, so will refrain from making judgments about the usability or value of the application. The case study, though, was well put together and realistic, making it an ideal adjunct for class exercises, as well as working practicing auditors through real world scenarios.

For those new to IT Auditing in general and CObIT in particular I recommend visiting the following two sites: IT Governance Institute, ASIN B0001F8V14, and Information Systems Audit and Control Association, ASIN B00006BW74. You can paste the ASIN numbers in the Search box, select All Products and click the GO button to reach these sites. Once there you can explore additional material that will augment this book, as well as copies of CObIT, and an 84-page document titled 'IT Control Objectives for Sarbanes-Oxley', which is one of the hottest contemporary topics in IT auditing.

Up to date, encompassing textbook on IT auditing.......2004-05-04

This is an up to date and good textbook on IT auditing. It begins with an overview of IT audit, legal and ethical issues, risks and controls and ends with a chapter on fraud and forensic accounting. What makes this book especially suited for classroom or self-study is the inclusion of discussion questions, exercises, notes and recommended reading lists at the end of every chapter.

The authors cover a wide field but on the same time manage to touch upon all important topics. COBIT, ISACA standards and guidelines are heavily used and referenced throughout the book, providing a good link between study and practice and perhaps making the book one of the preparation resources for the Certified Information Systems Auditor (CISA) examination. The book also includes a CD with ACL software and a sample auditing engagement, which may be useful in some cases, although it does cover only a fraction of knowledge presented in the book.

Overall, this book indeed teaches the core concepts of IT/IS auditing. This book exists in two identical versions: one is for the North American market, another is for all other countries, although the coverage is mostly limited to US and Canadian regulations and practices.

OMB Circular A-123 and Sarbanes-Oxley: Management's Responsibility for Internal Control in Federal Agencies

Average customer rating:

OMB Circular A-123 and Sarbanes-Oxley: Management's Responsibility for Internal Control in Federal Agencies
Cornelius E. Tierney , Edward F. Kearney , Roldan Fernandez , Jeffrey W. Green , Michael J. Ramos , and Kearney & Company
Manufacturer: Wiley
ProductGroup: Book
Binding: Hardcover

General | Business & Investing | Subjects | Books

MIS | Industries & Professions | Business & Investing | Subjects | Books

All Amazon Upgrade | Amazon Upgrade | Stores | Books

Business & Investing | Amazon Upgrade | Stores | Books

Computers & Internet | Amazon Upgrade | Stores | Books

Professional & Technical | Amazon Upgrade | Stores | Books

All Titles | Qualifying Textbooks - Fall 2007 | Stores | Books
Similar Items:

ASIN: 0471768138

Book Description

How is A-123 different from Section 404 of the SOX Act?

What is required of federal agencies with the revision of A-123?

The definitive guide for federal compliance with OMB Circular A-123 and SOX Section 404, OMB Circular A-123 and Sarbanes-Oxley: Management's Responsibility for Internal Control in Federal Agencies leads readers through every step of the planning, evaluation, testing, and reporting/collecting of processes associated with OMB Circular A-123 and SOX Section 404 compliance, including:

Internal control criteria
Internal control assessment: project planning
Identifying significant control objectives
Documentation of significant controls
Testing and evaluating entity-level controls and activity-level controls

Book Description

Praise for Auditor's Guide to Information Systems Auditing

"Auditor's Guide to Information Systems Auditing is the most comprehensive book about auditing that I have ever seen. There is something in this book for everyone. New auditors will find this book to be their bible-reading it will enable them to learn what the role of auditors really is and will convey to them what they must know, understand, and look for when performing audits. For experiencedauditors, this book will serve as a reality check to determine whether they are examining the right issues and whether they are being sufficiently comprehensive in their focus. Richard Cascarino has done a superb job."
—E. Eugene Schultz, PhD, CISSP, CISM Chief Technology Officer and Chief Information Security Officer, High Tower Software

A step-by-step guide tosuccessful implementation and control of information systems

More and more, auditors are being called upon to assess the risks and evaluate the controls over computer information systems in all types of organizations. However, many auditors are unfamiliar with the techniques they need to know to efficiently and effectively determine whether information systems are adequately protected. Auditor's Guide to Information Systems Auditing presents an easy, practical guide for auditors that can be applied to all computing environments.

As networks and enterprise resource planning systems bring resources together, and as increasing privacy violations threaten more organization, information systems integrity becomes more important than ever. With a complimentary student'sversion of the IDEA Data Analysis Software CD, Auditor's Guide to Information Systems Auditing empowers auditors to effectively gauge the adequacy and effectiveness of information systems controls.

Customer Reviews:

Max.......2007-05-04

I think this book is waste of money. It's full of water and just a collections of facts about IS audit. Some author's statements are pretty strange - p.304-305 of the book (encryption weaknesses) the author says:
"Availability of algorithms makes secure encryption difficult. Most of commonly used algorithms are published and available...".
Everyone knows that strength of encryption is not in secrecy of encryption algorithms.
August Kerckhoff wrote (Kerckhoff's law) that "a cryptosystem should be secure even if everything about the system, except the key, is public knowledge"....
In my opinion, if you want to read something about IS audit better to choose CISA study guide.

Average customer rating:

Good introduction and overview of IS audit

Auditing Information Systems
Jack J. Champlain
Manufacturer: Wiley
ProductGroup: Book
Binding: Hardcover

General | Business & Investing | Subjects | Books

MIS | Industries & Professions | Business & Investing | Subjects | Books

Management | Management & Leadership | Business & Investing | Subjects | Books

Entrepreneurship | Small Business & Entrepreneurship | Business & Investing | Subjects | Books

Manager's Guides to Computing | Business & Culture | Computers & Internet | Subjects | Books

General | Computers & Internet | Subjects | Books

General | Operating Systems | Computers & Internet | Subjects | Books

Look Inside Business Books | Trip | Specialty Stores | Books

Look Inside Computer Books | Trip | Specialty Stores | Books

All Amazon Upgrade | Amazon Upgrade | Stores | Books

Business & Investing | Amazon Upgrade | Stores | Books

Computers & Internet | Amazon Upgrade | Stores | Books

Professional & Technical | Amazon Upgrade | Stores | Books

All Titles | Qualifying Textbooks - Fall 2007 | Stores | Books

Business & Investing | Qualifying Textbooks - Fall 2007 | Stores | Books

Computers & Internet | Qualifying Textbooks - Fall 2007 | Stores | Books

Professional | Qualifying Textbooks - Fall 2007 | Stores | Books
Similar Items:

ASIN: 0471281174

Book Description

Have you been asked to perform an information systems audit and don't know where to start? Examine a company's hardware, software, and data organization and processing methods to ensure quality control and security with this easy, practical guide to auditing computer systems--the tools necessary to implement an effective IS audit. In nontechnical language and following the format of an IS audit program, you'll gain insight into new types of security certifications (e.g., TruSecure, CAP SysTrust, CPA WebTrust) as well as the importance of physical security controls, adequate insurance, and digital surveillance systems.

Order your copy today!

Customer Reviews:

Good introduction and overview of IS audit.......2004-04-05

This is a readable and current introduction to information systems auditing from a qualified and experienced IS auditor.

The book consists of three parts. Part One introduces core information systems concepts and is aimed at readers without much background in IS; Part Two introduces IS audit itself, and Part Three discusses some additional concepts and issues, such as control self-assessment and the human factor. Case studies are extensively used throughout the book to illustrate concepts, approaches and procedures discussed in the text.

While the author is writing from a US perspective and has US work experience, references to British, Canadian, and Australian standards, qualifications and practices are included. One of the good characteristics of this book is its readability and easy flow of information, unlike many other works in this field.

I haven't given this book five stars because in my opinion its coverage of "information systems" is somewhat limited compared with the coverage of "auditing". So if you are looking for a detailed technical volume on information systems auditing, look elsewhere; this book gives a well-rounded non-technical introduction to information systems auditing and does it well.

Information Technology Auditing and Assurance (with ACL Software)

Average customer rating:

The worst written book award!
Poorly Written - One of the Worst
Audit and Control

Information Technology Auditing and Assurance (with ACL Software)
James A. Hall , and Tommie Singleton
Manufacturer: South-Western College Pub
ProductGroup: Book
Binding: Paperback

General | Popular Economics | Business & Investing | Subjects | Books

General | Business & Investing | Subjects | Books

MIS | Industries & Professions | Business & Investing | Subjects | Books

Case Studies | Reference | Business & Investing | Subjects | Books

Manager's Guides to Computing | Business & Culture | Computers & Internet | Subjects | Books

Look Inside Business Books | Trip | Specialty Stores | Books

Look Inside Computer Books | Trip | Specialty Stores | Books

All Titles | Qualifying Textbooks - Fall 2007 | Stores | Books

Business & Investing | Qualifying Textbooks - Fall 2007 | Stores | Books

Computers & Internet | Qualifying Textbooks - Fall 2007 | Stores | Books

Professional | Qualifying Textbooks - Fall 2007 | Stores | Books
Similar Items:

ASIN: 0324191987

Book Description

IT AUDITING is an innovative and cutting edge product, which provides students an understanding of how to audit accounting information systems, including such new and expanded coverage of enterprise systems, fraud and fraud detection topics as continuous online auditing. Its organization and its integration of ACL software within the package ensure a solid background in traditional auditing as well as in the auditing of accounting information systems. The combination of text and software create a double learning environment in which students will gain a true understanding of how these audits take place in the real world.

Customer Reviews:

The worst written book award!.......2007-05-11

This is one of the worst written and ill-conceived book. Author knows very little about current trends in information systems. An average well-informed reader would know more about information systems than the author without reading a single page of this book. Author's style is old school, orthodox and boring. Maybe his military background is making him approach everything in a disciplined way without curiously questioning how and why. No examples, no case studies discussed. Way too generic, confusing and useless work. I wasted my money as this was a textbook for the course I took in IT auditing. My suggestion to readers is to explore other references in IT auditing on amazon.

Amazon is not allowing me to go lower than one star. I will give it a one star since it is 568 stupid pages bound between two paperboards! IT auditing is relatively a new field and this book is a bogus opportunistic attempt to cash on the new buzz word "IT auditing".

Poorly Written - One of the Worst.......2006-07-27

Frankly, I'm surprised that this book made it to publication. It has too many shortcomings. I'll cover one.

Among other shortcomings, the authors could improve on their writing by including topic sentences in paragraphs. To illustrate, consider the following first sentence in a paragraph:

"The result of natural disasters, such as fires, floods, wind, and earthquakes, are usually catastrophic to the computer center and information systems, even though the probability of such an occurrence is remote."

Based on this topic sentence you would think the subsequent sentences would expound on natural disasters and touch on the frequency of occurrence. Although the paragraph started on topic it quickly faded to discussions on human-made disasters and system failures. These should have been topics for separate paragraphs.

If this is the best available on the topic then I believe an opportunity exists for others to make some money on a better book. The "bar is low" with this book.

I would be interested to hear other comments. My comments are from the eyes of a student who is currently using this disappointing textbook. It is one of the worst textbooks I've encountered in my student career.

Audit and Control.......2001-09-29

I use this book as the basic text in my university course on computer auditing for CA's (CPA's to you south of the 49th) because it is the best text out of a bad lot. At times, Hall is concise and to the point. On occasion, for example in ch's 8 and 9 when he describes the audit of a receivables and a payables systems, his advice is detailed and valuable. Most of the time, though, he wanders into side issues in too much depth, ignores the concepts of risk and control, provides superficial advice and examples on CAAT's (despite the inclusion of the ACL disk, which, although stripped down, is worth the price of admission) and is just too thin on practical discussions of auditing in an EDP environment.

CISA Exam Prep: Certified Information Systems Auditor (ACM Press)

Average customer rating:

A Great Additional CISA Resource
Doesn't map well to exam
easy exam?! (Too easy?)

CISA Exam Prep: Certified Information Systems Auditor (ACM Press)
Michael Gregg
Manufacturer: Que
ProductGroup: Book
Binding: Paperback

General | Certification Central | Computers & Internet | Subjects | Books

General | Computers & Internet | Subjects | Books

Look Inside Computer Books | Trip | Specialty Stores | Books

All Titles | Qualifying Textbooks - Fall 2007 | Stores | Books
Similar Items:

ASIN: 0789735733

Book Description

CISA Exam Prep

Certified Information Systems Auditor

Michael Gregg

Your Complete Certification Solution!

The Smart Way to Study™

In This Book You’ll Learn How To:

Approach the IS audit process from ISACA’s view of IS auditing best practices
Relate and apply information security and systems audit best practices to the six CISA job practice areas
Understand the IS audit process and learn how to apply best practices to secure an organization’s assets
Evaluate IT governance to ensure that the organization has the structure, policies, and mechanisms in place to provide sufficient IS controls
Minimize risk within an IT/IS environment by using sound security techniques and practices
Assess systems and infrastructure lifecycle practices to determine their effectiveness in meeting security requirements and meeting organizational objectives
Gain a deeper understanding of the business continuity and disaster recovery process to help minimize risk
Protect key informational assets by examining the security architecture and evaluating controls designed for the protection of confidentiality, availability, and integrity
Streamline your exam preparations with our exam insights, tips, and study strategies

WRITTEN BY A LEADING CISA EXAM EXPERT!

Michael Gregg, founder and president of Superior Solutions, Inc., a Houston-based IT security consulting and auditing firm, has more than 20 years experience in information security and risk. He holds two associate degrees, a bachelor’s degree, and a master’s degree. He presently maintains more than a dozen certifications and is a nine-time winner of Global Knowledge’s Perfect Instructor Award. Michael not only has experience in performing security audits and assessments, but also is the author of Que Publishing’s Certified Ethical Hacker Exam Prep, CISSP Exam Cram, and is the co-author of Inside Network Security Assessment: Guarding Your IT Infrastructure by Sams Publishing.

Introduction

Study and Exam Prep Tips

Part I: IT Governance and the Audit Process

Chapter 1: The Audit Process

Chapter 2: IT Governance

Part II: System and Infrastructure Lifecycle Management

Chapter 3: Lifecycle Management

Chapter 4: System Infrastructure Control

Part III: IT Service Delivery and Support

Chapter 5: Information Systems Hardware and Architecture

Chapter 6: Information Systems Used for IT Delivery and Support

Part IV: Protection of Information Assets

Chapter 7: Protection of Logical Assets

Chapter 8: Physical Security

Part V: Business Continuity and Disaster Recovery

Chapter 9: Business Continuity and Disaster Recovery

Part VI: Final Preparation

Fast Facts

Practice Exam

Answers to Practice Exam Questions

Glossary

Index

www.examcram.com

ISBN-13: 978-0-7897-3573-7

ISBN-10: 0-7897-3573-3

U.S. $59.99

CAN. $74.99

U.K. £42.99

Customer Reviews:

A Great Additional CISA Resource.......2007-07-12

I would recommend this book as it does a good job of covering the topics addressed in the areas required for the exam. The front of the book describes each objective and lists where that information is in the book. It covers the practice areas as laid out for the 2007 exam. I liked the way that several of the larger domains were broken into two chapters. This made it easier to read and retain the information.

ISACA expects candidates to have 5 years of experience. You need to read more than one book on the CISA examination areas to round out your understanding. Don't underestimate the difficulty of this exam.

In many areas ISACA gives review classes that can help supplement the needed knowledge to pass the CISA exam. In the end I attended the review classes, browsed the official text and read this book. In that role this book fit my needs as its much easer to read than the official text. CISA candidates should map out a preparation plan months before the exam and then stick to it. Read this book but also use other materials such as the official questions and answers book and other third party practice exams.

Doesn't map well to exam.......2007-06-11

I am not going to write a detailed review, but hopefully this will be helpful to others. Also note that I haven't read cover-to-cover, but have read a couple hundred pages and have skimmed the entire book.

I sat for the CISA yesterday. I signed up to take the exam and planned to basically take it cold because most of the subject matter I am well versed in. Though, as with any good exam and certification, you had better know what the "BEST" answer is for the scenario presented so I did plan on buying something to read in preparation.

I had forgotten about the exam until 4-days prior so I looked for some type of prep book on Amazon. Not a lot of selection and nothing rated that high. I settled on this and had it overnighted. Due to other factors, I basically had one night to go through this so I concentrated on the areas I needed the most refreshing.

This book did not map at all to the version of the CISA exam I received. Since the exam is a "Choose the BEST answer" type of exam where the possible answers are all correct, I left wondering how I should have answered a few questions. I came home and tried to find answers in this book. None of them were even touched on. Then I spent a couple hours skimming through the book to see how much it mapped to the exam I just took. Some of the content was relevant, but most (90%) of it not. I don't think it would have been very helpful in general.

However, the book is a decent book with some good content. I don't care for the writing style that much or how the book is put together (too many sidebars, notes, etc). It's not a bad reference for auditors in general though.

Bottom line: the CISA exams change frequently and there are different versions for a given cycle as it should be with any good exam. You probably won't find a book that maps well to the exam because of this. There is a reason you need a minimum of 5-years experience to qualify to sit for the exam. There is also a reason as I was standing in line for registration I was listening to people who were on their second, third and fourth tries.

easy exam?! (Too easy?).......2007-05-17

The topics covered by Gregg are a mixture of high level policy management issues and some low level computing material. The latter should be straightforward to anyone starting out as any type of IT professional. As in using ping to measure the latency (or effective network temporal distance) to another internet node. Then we have the groupings of internet subnets into Class A, B or C. And the 5 layers of the internet. I'm glad to see that the text only gives brief mention of the 7 layer OSI model, describing how in practice it is the 5 layers of the internet that is by far the dominant occurrence.

On the most basic material, there is a bare 2 pages that takes the reader from machine language to 5th generation software languages. Admirably concise. But do CISA students really have such a brief background in this?

On other topics, there's some recent material about e-commerce. Good, given the rapid buildout in the last 10 years. So we see various categories, like b2b, b2c, b2g [business to government] and b2e [business to employee - i.e. think portal].

The exercises and questions at the end of each chapter do seem rudimentary. Given that each chapter is rather brief to begin with. A casual parsing of a chapter should suffice in letting many readers get most questions correct without too much sweat. Presumably, Gregg's assessment of the level of difficulty of an actual CISA exam is accurate, and he has thus pitched his questions at a correspondingly suitable level for you. But if this is so, I'm underwhelmed by what it means to be a CISA. A credential that's way too easy to get.

Books:

Books Index

Books Home

Recommended Books