Certified Information System Auditor (CISA) is one of the most sought-after courses in the field of auditing, control, and information security. CISA is a globally recognized certification that validates your expertise and gives you the leverage you need to advance in your career. CISA certification is key to a successful career in IT.

A CISA certification can showcase your expertise and assert your ability to apply a risk-based approach to planning, executing, and reporting on projects and engagements. It helps you gain instant credibility in your interactions with internal stakeholders, regulators, external auditors, and customers.

As per ISACA’s official website (www.isaca.org), the average salary of a CISA holder is US$149,000.

With this book, you will unlock unlimited access to our online exam-prep platform (Figure 0.1). This is your place to practice everything you’ve learned in the book.

Figure 0.1: Online exam-prep platform

Sharpen your concepts with multiple sets of practice questions and interactive flashcards, accessible from all modern web browsers. If you get stuck, you can raise your concerns with the author directly through the website. Before doing that, make sure to go through the list of resolved doubts as well. These are based on questions asked by other users. Finally, go through the exam tips on the website to make sure you are well prepared.

If you are a passionate auditor, risk practitioner, IT professional, or security professional, and are planning to enhance your career by obtaining a CISA certificate, this book is for you.

Chapter 1, Audit Planning, deals with the audit processes, standards, guidelines, practices, and techniques that an Information Systems (IS) auditor is expected to use during audit assignments. An IS auditor must have a detailed knowledge of IS processes, business processes, and risk management processes in order to protect an organization’s assets.

Chapter 2, Audit Execution, covers project management techniques, sampling methodology, and audit evidence collection techniques. It provides details regarding data analysis techniques, reporting and communication techniques, and quality assurance processes.

Chapter 3, IT Governance, provides an introduction to IT governance and aspects related to IT enterprise governance. Enterprise governance includes the active involvement of management in IT. Effective IT governance and management involves an organization’s structure as well as IT standards, policies, and procedures.

Chapter 4, IT Management, walks you through various aspects of designing and approving an IT management policy and effective information security governance. It will also teach you how to audit and evaluate IT resource management, along with services provided by third-party service providers, while also covering IT performance monitoring and reporting.

Chapter 5, Information Systems Acquisition and Development, provides information about project governance and management techniques. This chapter discusses how an organization evaluates, develops, implements, maintains, and disposes of its information systems and related components.

Chapter 6, Information Systems Implementation, covers various aspects of IS implementation. The implementation process comprises a variety of stages, including system migration, infrastructure deployment, data conversion or migration, user training, post-implementation review, and user acceptance testing.

Chapter 7, Information Systems Operations, explains how to identify risks related to technology components and how to audit and evaluate IT service management practices; systems performance management; problem and incident management policies and practices; change, configuration, release, and patch management processes; and database management processes.

Chapter 8, Business Resilience, covers all aspects of business impact analysis, system resiliency, data backup, storage and restoration, the business continuity plan, and disaster recovery plans.

Chapter 9, Information Asset Security and Control, discusses the information security management framework, privacy principles, physical access and environmental controls, and identity and access management.

Chapter 10, Network Security and Control, provides an introduction to various components of networks, network-related risks and controls, types of firewalls, and wireless security.

Chapter 11, Public Key Cryptography and Other Emerging Technologies, details various aspects of public key cryptography, cloud computing, virtualization, mobile computing, and the Internet of Things.

Chapter 12, Security Event Management, takes you through the process of evaluating an organization’s information security and privacy policies and practices in depth. It also discusses various types of IS attack methods and techniques and covers different security monitoring tools and techniques, as well as evidence collection and forensics methodology.

This book is directly aligned with ISACA’s CISA Review Manual (27th Edition) and covers all the topics that a CISA aspirant needs to grasp in order to pass the exam. The key aspect of this book is its use of simple language, which makes it ideal for candidates with non-technical backgrounds. At the end of each topic, key pointers from the CISA exam perspective are presented in a tabular format. This is the unique feature of this book. It also contains more than 850 exam-oriented practice questions that are designed in consideration of the language and testing methodology used in an actual CISA exam.

It is advisable to stick to the following steps when preparing for the CISA exam:

Step 1: Read the complete book.

Step 2: Attempt the end-of-chapter practice questions in each chapter before moving on to the next one.

Step 3: Go through ISACA’s QAE book or database.

Step 4: Refer to ISACA’s CISA Review Manual.

Step 5: Memorize key concepts using the flashcards on the website.

Step 6: Attempt the online practice question sets. Make a note of the concepts you are weak in, revisit those in the book, and re-attempt the practice questions.

Step 7: Keep repeating the practice question sets till you are able to answer all the questions in each practice set correctly within the time limit.

Step 8: Review exam tips on the website.

CISA aspirants will gain a lot of confidence if they approach their preparation as per the mentioned steps.

This book is also available in video lecture format along with 200+ exam-oriented practice questions on Udemy. Buyers of this book are entitled to 30% off of Hemang Doshi’s recorded lectures. For a discount coupon, please write to training@hemangdoshiacademy.in.

The online content includes interactive elements like practice questions, flashcards, and exam tips. For optimal experience, it is recommended that you use the latest version of a modern, desktop (or mobile) web browser such as Edge, Chrome, Safari, or Firefox.

To unlock the online content, you will need to create an account on our exam-prep website using the unique sign-up code provided in this book.

Where to find the sign-up code

You can find your unique sign-up code at the start of Chapter 7, Information Systems Operations

1. Visit the section mentioned above. There, you'll find your unique sign-up link and code. Open the link, make a note of the sign-up code, and return to this section.
2. Open the sign-up link. Once the page loads, enter your name and email address (1).

Figure 0.2: Enter your name and email address in the sign-up form

3. Create a strong alphanumeric password (2) (minimum 6 characters in length):

Figure 0.3: Create a strong password in the sign-up form

4. Enter the unique sign-up code (3). As mentioned in Step 1, the sign-up code can be found at the start of Chapter 7, Information Systems Operations. Once you have entered the code, click the Sign Up button.

Figure 0.4: Enter the unique sign-up code

Important

You only need to input the sign-up code once. After your account is created, you will be able to access the website using just your email address and password from any device.

5. You can select the checkbox (4) if you wish to be notified whenever we add new practice resources or features to the platform.

Figure 0.5: Select the checkbox to receive notifications about new features or practice resources

6. Upon a successful sign-up, you will be redirected to the dashboard (see Figure 0.6). Going forward, you will simply need to login using your email address and password to access the dashboard.

Figure 0.6: Online exam-prep platform dashboard

Note

If you are facing issues signing up, reach out to customercare@packt.com.

If you have successfully signed up, it is recommended that you bookmark this link for quick access to the website: https://packt.link/cisastudyguidewebsite. Click the Login link on the top-right corner of the page to open the login page. Use the credentials you created in Steps 2 and 3 of the Instructions for Unlocking the Online Content section above.

Alternatively, you can scan the following QR code to open the website:

Figure 0.7: QR Code for the CISA online exam-prep platform

New terms and important words are shown like this: “An Information Systems (IS) audit examines the management controls in IT infrastructure and business applications.”

Tips or important notes

Appear like this.

Feedback from our readers is always welcome.

General feedback: If you have any questions about this book, please mention the book title in the subject of your message and email us at customercare@packtpub.com.

Errata: Although we have taken every care to ensure the accuracy of our content, mistakes do happen. If you have found a mistake in this book, we would be grateful if you could report this to us. Please visit www.packtpub.com/support/errata and complete the form.

Piracy: If you come across any illegal copies of our works in any form on the Internet, we would be grateful if you could provide us with the location address or website name. Please contact us at copyright@packt.com with a link to the material.

If you are interested in becoming an author: If there is a topic that you have expertise in and you are interested in either writing or contributing to a book, please visit authors.packtpub.com.