Your Unique Sign-Up Code

Your unique sign-up code to unlock the online content is 8a9y8as. The sign-up link is https://packt.link/cisasignup.

Open the link, enter the code, and complete the sign-up process by following the instructions detailed in the Instructions for Unlocking the Online Content section of the Preface.

The objective of a well-managed Information Systems (IS) is to ensure the effectiveness and efficiency of IT processes and procedures through the optimal use of IS assets.

You will cover the following topics in detail in this chapter:

• Common technology components
• IT asset management
• Job scheduling
• End user computing
• System performance management
• Problem and incident management
• Change management, configuration management, and patch management
• IT service-level agreements
• Database management

The following are some of the important technologies of which a CISA aspirant should be aware:

• The types of servers
• Universal Serial Bus (USB)
• Radio Frequency Identification (RFID)

The Types of Servers

From the CISA exam perspective, it is important that you understand the basic workings of the following servers:

• Print server: For multiple users, a network printer is configured. Printing materials are captured in the print server and sent to the printer in a queue.
• File server: A file server helps in centralizing document repositories. It should be controlled with access restrictions. The file server makes group collaboration and document management easy.
• Application or program server: An application server hosts software programs. It also includes application business logic and communication with the application’s database.
• Web server: A web server provides information and services through...

IT assets include systems, data, networking components, and IT-related processes and procedures. An IS auditor should be able to determine and evaluate how effectively and efficiently IT assets are managed and controlled. The following are some of the important concepts of IT asset management:

• IT assets include people, information, infrastructure, and reputation.
• The first step in IT asset management is to identify and create an inventory of IT assets.
• The inventory of an IT asset should include details such as the following:
  • Owner
  • Custodian
  • Asset identification
  • Location
  • Security classification
• ZIT asset management is a very important element in designing and developing an effective security strategy.
• IT asset management includes both hardware and software.
• The IT department should have a list of approved software that can be installed and used. The installation of unapproved software is a serious violation that carries major legal, financial...

A job schedule is a program used to run various processes automatically. Apart from scheduling batch jobs, it is also used to automate tape backups and other maintenance. While scheduling jobs, it is important to give optimum resource availability to high-priority jobs. As far as possible, maintenance functions should be performed during non-peak times.

The following are some of the advantages of using job scheduling software:

• It reduces the probability of error as manual intervention is eliminated.
• It increases the availability of records for job executions, thereby making it easier to take subsequent action on failure reports effectively.
• It provides a more secure environment compared to manual processes.

An IS auditor should consider the following aspects while reviewing the job scheduling process:

• Whether procedures for collecting and reporting key performance indicators are defined and implemented
• Whether the priority of each...

In this section, you will look at some of the important aspects of End User Computing (EUC).

EUC refers to a system wherein a non-programmer can create their own application. Various products are available to aid end users in designing and implementing systems according to their requirements without the help of IT. From a user’s perspective, EUC is a quick way to build and deploy applications without having to rely on an IT department. These applications are generally flexible and can quickly address any new requirements or modifications.

This also reduces pressure on the IT department, which can then concentrate on more critical and complex applications.

The following are some of the inherent risks of EUC:

• Applications developed with EUC may not be subject to various tests and therefore may carry a risk to information security in terms of data integrity, confidentiality, and availability.
• Users may not adhere to change management and...

It is important to understand the system architecture and features of each function that supports and manages a system’s performance. In this section, you will go through some of the prominent functions.

Nucleus (Kernel) Functions

The nucleus is responsible for basic processes associated with the operating system. It manages process creation, interrupt handling support for input and output processes, allocation, the release of memory, and so on. The nucleus is a highly sensitive area where access is restricted to only authorized users. Above the nucleus are other operating system processes to support users. These processes are known as system software. System software ensures the integrity of a system and controls the system interfaces. Examples of system software include access control software, tape and disk management software, and job scheduling software.

Utility Programs

Utility programs help to manage and control computer resources...

As a CISA aspirant, you must be aware of the ways in which you can manage problems and incidents. Here are some of the most important concepts regarding this:

• The objective of problem management is to prevent the recurrence of an incident by identifying its root cause and taking appropriate preventive action.
• The elements of problem management are investigation, in-depth analysis, root cause analysis, and addressing the issues identified during the root cause analysis.
• Some widely accepted methodologies include fishbone analysis, Ishikawa cause and effect diagrams, 5 whys, and brainstorming. To prevent the recurrence of an incident, it is important to conduct a root cause analysis and address the issues.
• It is important to note the difference between problem management and incident management. The objective of problem management is reducing the number of incidents, whereas the objective of incident management is returning to a normal...

CISA aspirants should be aware of the following aspects of change, configuration, and patch management processes for the exam.

Change Management Process

A change management process is used to change hardware, install software, and configure various network devices. It includes approval, testing, scheduling, and rollback arrangements.

When implementing a change, all relevant personnel should be informed and specific approval should be obtained from the relevant information asset owners.

To carry out changes, it is always advisable to use individual IDs rather than generic or shared IDs. Individual IDs help to establish accountability for any transaction.

For every change, transaction logs should be maintained. A transaction log is used as an audit trail for further investigation. A log should contain details such as date, time, user ID, terminal, and other relevant details of the transaction.

One of...

In this section, you will first look at IT service management practices, followed by some assessment questions.

The following are some of the important aspects of service-level management:

• A Service-Level Agreement (SLA) defines the nature, expectations, escalations, and other relevant information for the services being offered.
• The SLA should be documented in non-technical terms and serve as the basis for measuring and monitoring services.
• Service-level management is the process of defining, documenting, and managing service requirements.
• The following characteristics should be considered to define an SLA:
  • Accuracy
  • Completeness
  • Timeliness
  • Security
• It is very important to monitor service levels at regular intervals to ensure that the objective of the service is achieved.
• It must be noted that when service delivery is outsourced, the accountability of the service still rests with the service receiver.
• It is the organization...

A Database Management System (DBMS) helps in organizing, controlling, and managing data. It aims to reduce data redundancy and improve access time. It also aims to provide appropriate security for sensitive data.

Advantages of Database Management

The following are some of the advantages of using a DBMS:

• Centralized data management reduces the cost, time, and effort it takes to manage data.
• It helps to improve database performance by reducing data redundancy.
• It helps to improve the efficiency of transaction processing.
• It ensures data consistency.
• It provides security for sensitive data.
• Various checks and controls in DBMSes ensure data integrity.
• It provides a structured way to manage user access.

Database Structures

It is important to understand various database structures to evaluate database risks. CISA aspirants should understand the following database models.

Hierarchical Database Model...

IS operations are the core of the IS cycle, and depending on the size of the enterprise and its business context, the nature of IS operations can vary.

In this chapter, you learned about various technology components and how to identify risks related to IT assets. You also explored IT operations and IT management practices. IT asset management is a very important element in designing and developing an effective security strategy.

The following were the important topics covered in this chapter:

• RFID is used to identify and locate assets within a limited radius. It uses radio waves to identify tagged objects. A tag includes a microchip and an antenna. The microchip in a tag is used to store the information and the antenna is used to transmit information to an RFID reader.
• Date-and-time stamping for both the source code and the object code will help to ensure that the code is in sync.
• Referential integrity refers to the integrity and correctness of data within...

Before you proceed to Chapter 8, Business Resilience, it is recommended that you solve the practice questions from this chapter first. These chapter review questions have been carefully crafted to reinforce the knowledge you have gained throughout this chapter. By engaging with these questions, you will solidify your understanding of key topics, identify areas that require further study, and build your confidence before moving on to new concepts in the next chapter.

Note

A few of the questions may not be directly related to the topics in the chapter. They aim to test your general understanding of information systems concepts instead.

The following image shows an example of the practice questions interface.

Figure 7.4: CISA practice questions interface

To access the end-of-chapter questions from this chapter, follow these steps:

1. Open your web browser and go to https://packt.link/KEiVE. You will see the following screen...