Mr. Bank

分类: 国际注册信息系统审计师(CISA)资格考试

  • CISA Review Questions, Answers & Explanations Manual 2009 Su

    CISA Review Questions, Answers & Explanations Manual 2009 Supplement English Edition.pdf影印版下载

  • 国际注册信息系统审计师CISA课程

    1978年以来由信息系统审计与控制协会(ISACA®)发起的注册信息系统审计师(CISA)认证计划已经成为涵盖信息系统审计、控制与安全等专业领域的全球公认的标准。CISA推广与评价的专业技术和实务是在该领域中取得成功的基石。拥有CISA 资格证书说明持证人具备的实践能力和专业程度。2008年6月官方香港分会统计中国大陆通过人员达666人,目前中国大陆地区约1200人左右。国内这些获得认证的审计师在信息安全与控制领域内发挥着重要的作用,信息系统审计也越来越被国内企业认可,许多大型国有企业及跨国公司在招聘信息安全与控制方面高级管理人员中,都明确了对CISA证书的要求。SPISEC根据官方标准大纲,结合自身五年以上的培训经验,专业制定以下培训课程:

    培训对象:

    企业内部传统审计人员

    企业内部负责IS审计从业人员

    IT经理、信息安全经理

    审计经理、CISA应试人员等

    企业内部负责信息系统安全管理从业人员

    其他从事IT审计相关人员

    培训内容:
    信息系统的审计流程 (14%)

    依据IT审计标准提供审计服务,帮助组织保护和控制信息系统;

    IT治理与管理(14%)

    为确保组织具有满足公司IT治理要求和符合战略发展的结构、政策、责任机制和监督实务提供保证;

    信息系统的购置、开发与实施(19%)

    为购置、开发、测试、实施信息系统的实践符合组织的战略和目标提供保证;

    信息系统的操作、维护与支持(23%)

    为信息系统操作、维护和支持的过程满足组织的战略和目标提供保证;

    信息资产的保护(30%)

    为组织的安全政策、标准、程序和控制确保信息资产的保密性、完整性和可用性提供保证;

    培训特色:
    课程以认证和实践为原则,通过培训可以使学员撑握CISA各章节内容顺利通过考试;

    结合学习内容切入案例,进行精细化授课为学员解决实践问题,切实做到学员工作和发展的好帮手

    专业的讲师团队和独立的后续服务团队,为学员的认证和实践提供持续服务;

    通过五天培训及网络在线交流指导,一方面帮助学员熟练撑握CISA专业知识通过考试;

    加入SPISEC售后学习群体,扩展学员的专业水平和行业交流;

    注:考前模考与问题梳理半天

    http://www.spisec.com/

  • CISA考试光盘习题六章(900道)

    CISA考试光盘习题六章(900道)

    第一章光盘习题(90道)、第二章光盘习题(126道)、第三章光盘习题(146道)、第四章光盘习题(128道)、第五章光盘习题(284道)、第六章光盘习题(126道)

    截取光盘屏幕影像编辑而成。

  • 国际注册信息系统审计师知识体系中文版2009(6章)

    国际注册信息系统审计师知识体系中文版2009(6章)

    国际注册信息系统审计师知识体系中文版2009(6章)下载,国际注册信息系统审计师知识体系中文版2009(6章),国际注册信息系统审计师知识体系中文版2009(6章),CISA2009中文版,2009中文版CISA知识体系

  • CISA Review Manual 2010英文原版书扫描

    CISA Review Manual 2010英文原版书扫描

    CISA Review Manual 2010英文原版书扫描件下载,CISA Review Manual 2010英文原版书扫描452页,CISA Review Manual 2010英文原版书扫描

    书籍介绍(英文)

    The CISA Review Manual 2010 is a comprehensive reference guide designed to assist individuals in preparing for the CISA exam and individuals who wish to understand the roles and responsibilities of an information systems auditor. The manual has evolved over the past editions and now represents the most current, comprehensive, globally peer-reviewed information security management resource available.

    The CISA Review Manual 2010 features a new format. Each of the six chapters has been divided into two sections for focused study. The first section of each chapter contains the definitions and objectives for the six areas, with the corresponding tasks performed by information systems (IS) auditors and knowledge statements (required to plan, manage and perform IS audits) that are tested on the exam.

    Section One is an overview that provides:
    Definitions for the six areas
    Objectives for each area
    Descriptions of the tasks
    A map of the relationship of each task to the knowledge statements
    A reference guide for the knowledge statements, including the relevant concepts and explanations
    References to specific content in Section Two for each knowledge statement
    Sample practice questions and explanations of the answers
    Suggested resources for further study
    Section Two consists of reference material and content that supports the knowledge statements. Material included is pertinent for CISA candidates knowledge and/or understanding when preparing for the CISA certification exam. In addition, the CISA Review Manual 2010,includes brief chapter summaries focused on the main topics and case studies to assist candidates in understanding current practices. Also included are definitions of terms most commonly found on the exam.

    This manual can be used as a stand-alone document for individual study or as a guide or reference for study groups and chapters conducting local review courses.

    The 2010 edition has been developed and is organized to assist candidates in understanding essential concepts and studying the following job practice areas:
    IS audit process
    IT governance
    Systems and infrastructure life cycle management
    IT service delivery and support
    Protection of information assets
    Business continuity and disaster recovery
    检讨手册回顾2010年的 CISA 手册是一个全面的参考指南旨在协助个人系统审计师在编制和个人的CISA考试谁希望了解信息的作用和责任的。该手册已演变在过去的版本和现在代表了最新,全面的,全球同行审查的信息安全管理的资源可用。

    回顾2010年的 CISA 手册采用了新的格式。六个章节都有被分为两部分进行集中学习。每一章的第一部分包含了六个领域的定义和目标,与信息系统(执行相应的任务IS)的审计师和知识的陈述(要求来规划,管理和执行的IS审计)是对考试进行测试。

    第一部分为概述,提供:
    定义为六个领域
    每个区域的目标
    说明的任务
    作者:每项任务的关系映射到知识的陈述
    该参考指南知识陈述,包括有关的概念和解释
    每个知识提及的第二部分具体内容的声明
    样本练习题及答案解释
    为进一步研究建议资源

  • 2010年8月6日、2010年8月17日CISA培训班讲课录音

    2010年8月6日、2010年8月17日CISA培训班讲课录音

    2010年8月6日当天CISA培训班讲课录音,9个MP3录音文件,65M

    2010年8月17日当天CISA培训班讲课录音,4个VY4录音文件,80M

  • CISA考前串讲讲义和录音

    CISA考前串讲讲义和录音

    CISA1.ppt、CISA2.ppt、CISA3.ppt

    上午对照1-3章PPT串讲:VOICE_0001.MP3、VOICE_0002.MP3、VOICE_0003.MP3

    下午打乱章节整体串讲:VOICE_0004.MP3、VOICE_0005.MP3、VOICE_0006.MP3

    下午打乱章节整体串讲的一些单词:

    Chain of custody
    CSMA/CD
    CA
    TDM
    ATDM
    FDM
    Ad hoc
    WLAN
    WEP
    802.11i
    802.11+EAP
    WAP

    CGI
    Sevelet
    Applet
    Cookie
    Latency
    Throughput
    Rounding Down
    Piggybacking
    Deadman door
    Phishing
    Circuit level
    Proxy
    Alternative routing
    Diverse routing

    Long-haul network
    Last-mile circuit protection

    Ad hoc access

    Tuple
    Entry
    Record
    Attribute
    Field
    Regression
    Sociability

    Batch control
    /balancing
    reconciling
    verification
    negotiable instruments, forms, signature

    Assurance
    ACK

    Source document retention
    Internal/external labeling
    Version usage
    Prerecorded input
    Parity
    Key verification

    Emergency action team

    Emergency management team

    Emergency operation team

    Transportation team
    Salvage team
    Relocation team

    Service downtime

    Recovery time

    RPO
    RTO

    Subscribers per site
    Subscribers per area

    Hot warm cold

    Duplicated IPF
    Mobile site
    Reciprocal agreement

    Paper test
    Desk-based evaluation
    Preparedness test
    Full operational test

    Location chosen
    Protection

    Due care/due diligence
    Professional skepticism
    Judgement
    Materiality
    Awareness
    E&E
    Accountability
    Traceability
    Auditability

    Alignment
    Compliance
    Light-out
    Unattended

    C.I.A
    Conformity

    CISA2.ppt:

    Chapter 2
    IT Governance
    Chapter Overview
    Corporate Governance
    Monitoring and Assurance Practices for Board and Executive Management
    Information Systems Strategy
    Policies and Procedures
    Risk Management
    IS Management Practices
    IS Organization Structure and Responsibilities
    Auditing IT Governance Structure and Implementation
    Chapter Objective
    Ensure that the CISA candidate-

    "Understands and can provide assurance that the organization has the structure, policies, accountability mechanisms and monitoring practices in place to achieve the requirements of corporate governance of IT. "
    Chapter Summary
    15% of the CISA examination
    Around 30 questions

    Corporate Governance
    Defined as ethical corporate behavior by directors or others charged with governance in the creation and presentation of wealth for all stakeholders.
    Contents
    Objectives
    Means
    Monitoring
    Outputs
    Reduce the frequency of inaccurate financial reporting
    Provide greater transparency and accountability
    Monitoring and Assurance Practices for Board and Executive Management
    IT governance is concerned with two issues: that IT delivers value to the business and that IT risks are mitigated. The first is driven by strategic alignment for IT with the business. The second is driven by embedding accountability into the enterprise.
    IT governance is the responsibility of the board of directors and executive management.
    IT governance is an integral part of enterprise governance, consists of the leadership and organizational structures and processes that ensure that the organization’s IT sustains and extends the organization’s strategy and objectives.
    A key element of IT governance is the alignment of business and IT
    The key IT governance practice are IT strategy committee, risk management and standard IT balanced scorecard
    Monitoring and Assurance Practices for Board and Executive Management
    Best Practices for IT Governance
    IT Strategy Committee
    Standard IT Balance Scorecard
    Information Security Governance
    Enterprise Architecture

    Monitoring and Assurance Practices for Board and Executive Management
    Best Practices for IT Governance
    Audit Role in IT governance
    Helps ensure compliance with IT governance initiatives implemented within an organization.
    The following aspects related to IT governance need to be assessed:
    Alignment (between IT and organization)
    Performance (Effectiveness and Efficiency)
    Compliance (Legal, environmental-)
    The control environment of the organization
    The inherent risk within the IS environment

    Monitoring and Assurance Practices for Board and Executive Management
    IT Strategy Committee
    IT Strategy Committee is different from IT Steering Committee
    IT Strategy Committee
    Provides insight and advice to the board.
    IT value, risk, performance
    Focus on current and future strategic IT issues
    IT Steering Committee
    Decides the overall level of IT spending and how costs will be allocated.
    Focus on implementation
    Monitoring and Assurance Practices for Board and Executive Management
    Standard IT Balance Scorecard
    Standard IT BSC covers the following aspects
    Traditional financial evaluation
    Customer satisfaction
    Internal (operational) processes
    Ability to innovate
    Optimum use of IT
    Three-layered structure is used in addressing the above perspectives:
    Mission
    Strategies
    Measures
    An effective means to aid the IT strategy committee and management in achieving IT and business alignment.
    Monitoring and Assurance Practices for Board and Executive Management
    Information Security Governance
    Information is more important than the IT systems that store and process it, or, data is more important than facilities
    Importance of information security governance
    Outcomes of security governance
    Strategic alignment
    Risk management
    Value delivery
    Resource management
    Performance measurement

  • CISA Review Questions, Answers & Explanations Manual 2008.pd

    CISA Review Questions, Answers & Explanations Manual 2008.pdf影印版下载

  • 2008CISA考试前整体串讲录音(半天讲课)mp3下载

    2008CISA考试前整体串讲录音(半天讲课)mp3下载

  • 2008CISA考试前串讲讲义+录音(1-3章串讲)

    2008CISA考试前串讲讲义+录音(1-3章串讲)

    The role of the IS internal audit should be established by and audit charter.
    The audit charter should be approved by the highest level of management and the audit committee.
    The internal audit function should report to an audit committee, or to the highest management level, such as the board of directors.
    The scope and objectives of external audit should be documented in a formal contract.
    Management of the IS Audit Function
    IS Audit Resource Management
    Competency of IS auditor
    Staff training plan
    Management of the IS Audit Function
    Audit Planning
    Annual Planning
    Short- and long-term planning
    Analysis of audit plan
    Reviewed by senior audit management
    Approved by the audit committee, or the board of directors
    Individual Audit Assignments
    Periodic risk assessments
    Changes in the application of technology
    Evolving privacy issues and regulatory requirements