分类： （三区）国际注册信息系统审计师（CISA）-IT审计师资格认

CISA Review Manual 2010英文原版书扫描

CISA Review Manual 2010英文原版书扫描件下载，CISA Review Manual 2010英文原版书扫描452页，CISA Review Manual 2010英文原版书扫描

书籍介绍(英文)

The CISA Review Manual 2010 is a comprehensive reference guide designed to assist individuals in preparing for the CISA exam and individuals who wish to understand the roles and responsibilities of an information systems auditor. The manual has evolved over the past editions and now represents the most current, comprehensive, globally peer-reviewed information security management resource available.

The CISA Review Manual 2010 features a new format. Each of the six chapters has been divided into two sections for focused study. The first section of each chapter contains the definitions and objectives for the six areas, with the corresponding tasks performed by information systems (IS) auditors and knowledge statements (required to plan, manage and perform IS audits) that are tested on the exam.

Section One is an overview that provides:
Definitions for the six areas
Objectives for each area
Descriptions of the tasks
A map of the relationship of each task to the knowledge statements
A reference guide for the knowledge statements, including the relevant concepts and explanations
References to specific content in Section Two for each knowledge statement
Sample practice questions and explanations of the answers
Suggested resources for further study
Section Two consists of reference material and content that supports the knowledge statements. Material included is pertinent for CISA candidates knowledge and/or understanding when preparing for the CISA certification exam. In addition, the CISA Review Manual 2010,includes brief chapter summaries focused on the main topics and case studies to assist candidates in understanding current practices. Also included are definitions of terms most commonly found on the exam.

This manual can be used as a stand-alone document for individual study or as a guide or reference for study groups and chapters conducting local review courses.

The 2010 edition has been developed and is organized to assist candidates in understanding essential concepts and studying the following job practice areas:
IS audit process
IT governance
Systems and infrastructure life cycle management
IT service delivery and support
Protection of information assets
Business continuity and disaster recovery
检讨手册回顾2010年的 CISA 手册是一个全面的参考指南旨在协助个人系统审计师在编制和个人的CISA考试谁希望了解信息的作用和责任的。该手册已演变在过去的版本和现在代表了最新，全面的，全球同行审查的信息安全管理的资源可用。

回顾2010年的 CISA 手册采用了新的格式。六个章节都有被分为两部分进行集中学习。每一章的第一部分包含了六个领域的定义和目标，与信息系统（执行相应的任务IS）的审计师和知识的陈述（要求来规划，管理和执行的IS审计）是对考试进行测试。

第一部分为概述，提供：
定义为六个领域
每个区域的目标
说明的任务
作者：每项任务的关系映射到知识的陈述
该参考指南知识陈述，包括有关的概念和解释
每个知识提及的第二部分具体内容的声明
样本练习题及答案解释
为进一步研究建议资源

2010年8月6日、2010年8月17日CISA培训班讲课录音

2010年8月6日当天CISA培训班讲课录音，9个MP3录音文件，65M

2010年8月17日当天CISA培训班讲课录音，4个VY4录音文件，80M

CISA考前串讲讲义和录音

CISA1.ppt、CISA2.ppt、CISA3.ppt

上午对照1－3章PPT串讲：VOICE_0001.MP3、VOICE_0002.MP3、VOICE_0003.MP3

下午打乱章节整体串讲：VOICE_0004.MP3、VOICE_0005.MP3、VOICE_0006.MP3

下午打乱章节整体串讲的一些单词：

Chain of custody
CSMA/CD
CA
TDM
ATDM
FDM
Ad hoc
WLAN
WEP
802.11i
802.11＋EAP
WAP

CGI
Sevelet
Applet
Cookie
Latency
Throughput
Rounding Down
Piggybacking
Deadman door
Phishing
Circuit level
Proxy
Alternative routing
Diverse routing

Long-haul network
Last-mile circuit protection

Ad hoc access

Tuple
Entry
Record
Attribute
Field
Regression
Sociability

Batch control
/balancing
reconciling
verification
negotiable instruments, forms, signature

Assurance
ACK

Source document retention
Internal/external labeling
Version usage
Prerecorded input
Parity
Key verification

Emergency action team

Emergency management team

Emergency operation team

Transportation team
Salvage team
Relocation team

Service downtime

Recovery time

RPO
RTO

Subscribers per site
Subscribers per area

Hot warm cold

Duplicated IPF
Mobile site
Reciprocal agreement

Paper test
Desk-based evaluation
Preparedness test
Full operational test

Location chosen
Protection

Due care/due diligence
Professional skepticism
Judgement
Materiality
Awareness
E&E
Accountability
Traceability
Auditability

Alignment
Compliance
Light-out
Unattended

C.I.A
Conformity

CISA2.ppt：

Chapter 2
IT Governance
Chapter Overview
Corporate Governance
Monitoring and Assurance Practices for Board and Executive Management
Information Systems Strategy
Policies and Procedures
Risk Management
IS Management Practices
IS Organization Structure and Responsibilities
Auditing IT Governance Structure and Implementation
Chapter Objective
Ensure that the CISA candidate…

"Understands and can provide assurance that the organization has the structure, policies, accountability mechanisms and monitoring practices in place to achieve the requirements of corporate governance of IT. "
Chapter Summary
15% of the CISA examination
Around 30 questions

Corporate Governance
Defined as ethical corporate behavior by directors or others charged with governance in the creation and presentation of wealth for all stakeholders.
Contents
Objectives
Means
Monitoring
Outputs
Reduce the frequency of inaccurate financial reporting
Provide greater transparency and accountability
Monitoring and Assurance Practices for Board and Executive Management
IT governance is concerned with two issues: that IT delivers value to the business and that IT risks are mitigated. The first is driven by strategic alignment for IT with the business. The second is driven by embedding accountability into the enterprise.
IT governance is the responsibility of the board of directors and executive management.
IT governance is an integral part of enterprise governance, consists of the leadership and organizational structures and processes that ensure that the organization’s IT sustains and extends the organization’s strategy and objectives.
A key element of IT governance is the alignment of business and IT
The key IT governance practice are IT strategy committee, risk management and standard IT balanced scorecard
Monitoring and Assurance Practices for Board and Executive Management
Best Practices for IT Governance
IT Strategy Committee
Standard IT Balance Scorecard
Information Security Governance
Enterprise Architecture

Monitoring and Assurance Practices for Board and Executive Management
Best Practices for IT Governance
Audit Role in IT governance
Helps ensure compliance with IT governance initiatives implemented within an organization.
The following aspects related to IT governance need to be assessed:
Alignment (between IT and organization)
Performance (Effectiveness and Efficiency)
Compliance (Legal, environmental…)
The control environment of the organization
The inherent risk within the IS environment

Monitoring and Assurance Practices for Board and Executive Management
IT Strategy Committee
IT Strategy Committee is different from IT Steering Committee
IT Strategy Committee
Provides insight and advice to the board.
IT value, risk, performance
Focus on current and future strategic IT issues
IT Steering Committee
Decides the overall level of IT spending and how costs will be allocated.
Focus on implementation
Monitoring and Assurance Practices for Board and Executive Management
Standard IT Balance Scorecard
Standard IT BSC covers the following aspects
Traditional financial evaluation
Customer satisfaction
Internal (operational) processes
Ability to innovate
Optimum use of IT
Three-layered structure is used in addressing the above perspectives:
Mission
Strategies
Measures
An effective means to aid the IT strategy committee and management in achieving IT and business alignment.
Monitoring and Assurance Practices for Board and Executive Management
Information Security Governance
Information is more important than the IT systems that store and process it, or, data is more important than facilities
Importance of information security governance
Outcomes of security governance
Strategic alignment
Risk management
Value delivery
Resource management
Performance measurement

CISA Review Questions, Answers & Explanations Manual 2008.pdf影印版下载

CISA Review Questions, Answers & Explanations Manual 2009 Supplement English Edition.pdf影印版下载

2008CISA考试前串讲讲义+录音（1-3章串讲）

The role of the IS internal audit should be established by and audit charter.
The audit charter should be approved by the highest level of management and the audit committee.
The internal audit function should report to an audit committee, or to the highest management level, such as the board of directors.
The scope and objectives of external audit should be documented in a formal contract.
Management of the IS Audit Function
IS Audit Resource Management
Competency of IS auditor
Staff training plan
Management of the IS Audit Function
Audit Planning
Annual Planning
Short- and long-term planning
Analysis of audit plan
Reviewed by senior audit management
Approved by the audit committee, or the board of directors
Individual Audit Assignments
Periodic risk assessments
Changes in the application of technology
Evolving privacy issues and regulatory requirements

2008CISA考试前整体串讲录音（半天讲课）mp3下载

2006CISA认证考试复习丛书-信息系统审计实务手册-影印版

2006CISA认证考试复习丛书-信息系统审计实务手册-影印版，分为六章。

CISA 2006-725题题库

1. An IS auditor is reviewing access to an application to determine whether the 10 most recent "new user" forms were correctly authorized. This is an example of:
A. variable sampling.
B. substantive testing.
C. compliance testing.
D. stop-or-go sampling.
The correct answer is:C.
Explanation:Compliance testing determines whether controls are being applied in compliance with policy. This includes tests to determine whether new accounts were appropriately authorized. Variable sampling is used to estimate numerical values, such as dollar values. Substantive testing substantiates the integrity of actual processing, such as balances on financial statements. The development of substantive tests is often dependent on the outcome of compliance tests. If compliance tests indicate that there are adequate internal controls, then substantive tests can be minimized. Stop-or-go sampling allows a test to be stopped as early as possible and is not appropriate for checking whether procedures have been followed.
2. The decisions and actions of an IS auditor are MOST likely to affect which of the following risks?
A. Inherent
B. Detection
C. Control
D. Business
The correct answer is:B. Explanation:Detection risks are directly affected by the auditor’s selection of audit procedures and techniques. Inherent risks usually are not affected by the IS auditor. Control risks are controlled by the actions of the company’s management. Business risks are not affected by the IS auditor.
3. Senior management has requested that an IS auditor assist the departmental management in the implementation of necessary controls. The IS auditor should:
A. refuse the assignment since it is not the role of the IS auditor.
B. inform management of his/her inability to conduct future audits.
C. perform the assignment and future audits with due professional care.
D. obtain the approval of user management to perform the implementation and follow-up.
The correct answer is:B.

CISA Questions And Answer 2005试题资料

大量题目试题资料，DOC文档289页。

试题统计表：

Section Total
Section 1
65
Section 2
69
Section 3
92
Section 4
160
Section 5
63
Section 6
106
Section 7
95
Summary 650

63. In a critical server, an IS auditor discovers a Trojan horse that was produced by a known virus that exploits a vulnerability of an operating system. Which of the following should an IS auditor do FIRST?
A. Investigate the virus author.
B. Analyze the operating system log.
C. Ensure that the malicious code is removed.
D. Install the patch that eliminates the vulnerability.

The correct answer is:
C. Ensure that the malicious code is removed.
Explanation:
The priority is safeguarding the system; therefore, the IS auditor should suggest corrective controls, i.e., remove the code. The IS auditor is not responsible for investigating the virus. The IS auditor may analyze the virus information and determine if it has affected the operating system, but this is an investigative task that would take place after ensuring that the malicious code has been removed. Installing the patch that eliminates the vulnerability should be done by technical support.

64. Senior management has requested that an IS auditor assist the departmental management in the implementation of necessary controls. The IS auditor should:
A. refuse the assignment since it is not the role of the IS auditor.
B. inform management of his/her inability to conduct future audits.
C. perform the assignment and future audits with due professional care.
D. obtain the approval of user management to perform the implementation and follow-up.

The correct answer is:
B. inform management of his/her inability to conduct future audits.
Explanation:
In this situation the IS auditor should inform management of the impairment of independence in conducting further audits in the auditee area. An IS auditor can perform non-audit assignments where the IS auditor’s expertise can be of use to the management; however, by performing the non-audit assignment, the IS auditor cannot conduct the future audits of the auditee as his/her independence may be compromised. However, the independence of the IS auditor will not be impaired when suggesting/recommending controls to the auditee after the audit.

65. Which of the following is the PRIMARY advantage of using computer forensic software for investigations?
A. The preservation of the chain of custody for electronic evidence
B. Time and cost savings
C. Efficiency and effectiveness
D. Ability to search for violations of intellectual property rights