CISA All in one 2010 Guide

Primary Focus Best UseMatMod Proc ContObj Cont Gov To get an overview of X X what internal controls are. X X Foundational. Can use Evaluation ToolsX XX X X volume to assist with risk, Appendix B: Popular Methodologies, Frameworks, and Guidance controls, and objectives. XX X 569 X X Details on processes, RACI, X CO, and audit foundation. Links X all other frameworks to it; most comprehensive/detailed.X Audit and implementation. X X Determine/assess risk and scope and IT general controls.XX Assist with SOX 404 planning Foundational: provides overviews of IT controls in business terminology Implementing information security controls. Overview, details on IS CO/act. Use for audit and implementation of information security controls Overview of the five main components of IT governance. Overview. Use for guidance in improving service delivery processes. Provide thorough guidance on managing projects: what to do. Guidance on managing projects: how to do it.gh membership > $75US

CISA Certified Information Systems Auditor All-in-One Exam Guide570 Summary • Goals and objectives define what the organization is trying to achieve. • Governance is what organizations put in place to identify and ensure achievement of goals, objectives, and strategies. • A process is a set of activities that is put in place to maximize effectiveness and efficiency of operations. Organizations can manage operations through processes. • Maturity models are often used to measure the maturity of process capabilities. • The Deming Cycle focuses on continuous improvement through the implementation of a range of processes that address planning, execution, monitoring, and taking corrective actions. • Control objectives are developed to ensure that business objectives are achieved. • Control activities support control objectives and can be implemented within processes. • Projects are temporary, unique, and have specific objectives and controls implemented. In this appendix, we focused on processes and internal controls, and learned about the various frameworks, methodologies, and guides available as resources. Now that we have examined the available resources, it’s time to put all of this to use. For an overview of conducting professional audits, see Appendix A.

APPENDIX CAbout the CDThe CD-ROM included with this book comes complete with MasterExam and the elec-tronic version of the book. The software is easy to install on any Windows 2000/XP/Vista computer and must be installed to access the MasterExam feature. You may, how-ever, browse the electronic book directly from the CD without installation. To registerfor the bonus MasterExam, simply click the Bonus MasterExam link on the main launchpage and follow the directions to the free online registration.System RequirementsSoftware requires Windows 2000 or higher and Internet Explorer 6.0 or above and 20 MBof hard disk space for full installation. The electronic book requires Adobe AcrobatReader.Installing and Running MasterExamIf your computer CD-ROM drive is configured to auto run, the CD-ROM will auto-matically start up upon inserting the disk. From the opening screen you may installMasterExam by clicking the MasterExam link. This will begin the installation processand create a program group named LearnKey. To run MasterExam use Start | All Pro-grams | LearnKey | MasterExam. If the auto run feature did not launch your CD, browseto the CD and click on the LaunchTraining.exe icon.MasterExamMasterExam provides you with a simulation of the actual exam. The number of ques-tions, the type of questions, and the time allowed are intended to be an accurate repre-sentation of the exam environment. You have the option to take an open book exam,including hints, references, and answers, a closed book exam, or the timed MasterExamsimulation. When you launch MasterExam, a digital clock display will appear in the bottomright-hand corner of your screen. The clock will continue to count down to zero unlessyou choose to end the exam before the time expires. 571

CISA Certified Information Systems Auditor All-in-One Exam Guide572 Electronic Book The entire contents of the Study Guide are provided in PDF. Adobe’s Acrobat Reader for Windows has been included on the CD. Mac and Linux users will find the book in the Adobe folder. Help A help file is provided through the help button on the main page in the lower left-hand corner. An individual help feature is also available through MasterExam. Removing Installation(s) MasterExam is installed to your hard drive. For best results removing programs, use the Start | All Programs | LearnKey| Uninstall option to remove MasterExam. Technical Support For questions regarding the content of the electronic book or MasterExam, please visit www.mhprofessional.com or email [email protected]. For customers outside the 50 United States, email [email protected]. LearnKey Technical Support For technical problems with the software (installation, operation, removing installa- tions), please visit www.learnkey.com, email [email protected], or call toll free at 1-800-482-8244.

GLOSSARY802.11 The wireless network standard commonly known as “Wi-Fi” that can trans-port data up to 108 Mbit/sec up to a distance of 300 m.access bypass Any attempt by an intruder to bypass access controls in order to gainentry into a system.access control Any means that detects or prevents unauthorized access and that per-mits authorized access.access control list (ACL) An access control method where a list of permitted or de-nied users (or systems, or services, as the case may be) is used to control access.access control log A record of attempted accesses.access management A formal business process that is used to control access to net-works and information systems.access point A device that provides communication services using the 802.11 (Wi-Fi)protocol standard.access review A review of the users, systems, or other subjects that are permitted toaccess protected objects. The purpose of a review is to ensure that all subjects shouldstill be authorized to have access.account lockout An administrative lock that is placed on a user account when a pre-determined event occurs, such as reaching an expiration date, or when there have beenseveral unsuccessful attempts to use the user account.Address Resolution Protocol (ARP) A standard network protocol used to obtain theaddress for another station on a local area network.administrative audit An audit of operational efficiency.administrative control Controls in the form of policies, processes, procedures, andstandards.agile development Software development process where a large project team is bro-ken up into smaller teams, and project deliverables are broken up into smaller pieces,each of which can be attained in a few weeks. 573