Cisa exam cram 2 pdf free download

Skip to content. What will you learn? Anyone interested in learning information systems auditing skills; those interested in learning about security auditing. End-of-lesson quizzes. Interactive exercises to help you learn and retain knowledge. IDM Internet Download Manager software should be installed in your system for high-speed and resume download. VLC Media Player should be installed in your system for playing the course video.

Was this post helpful? Let us know if you liked the post. You may register as early as February 2, , and the registration deadline is March 30, You should note that this exam is not computerized and is not provided through conventional testing centers such as Prometric or Vue.

The Information Systems Audit and Control Association states that the tasks and knowledge required of today's and tomorrow's information systems audit professional serve as the blueprint for the CISA examination. These areas are defined through a Practice Analysis that is conducted at regular intervals and consists of both process and content components in a CISA's job function. Accordingly, exams consist of tasks that are routinely performed by a CISA and the required knowledge to perform these tasks.

How valuable is the CISA certification to employers and individuals? Sometimes the best measure of a certification's value is reflected by how certification holders feel about the certification after having achieved it.

Another measure of a certification's value can be found by assessing the desirability of the certification to employers. How many employers desire the certification as an employment prerequisite? Looking to popular job boards on the Internet such as Monster. What is driving the employer demand for the CISA certification?

Companies are under growing pressure to improve, document, and test their methods for managing information. As the late Dr. Deming — was able to prove, the quest for quality of processes and product is achieved through careful measurement of what exists, thorough analysis of defects, and effective remediation and correction. The quest for quality is just that: a quest. This means that quality improvement is an ongoing process that requires continuous reassessment.

Assessing the capability of information systems to support business goals while maintaining information confidentiality, integrity, and reliability is exactly what a Certified Information Systems Auditor CISA does well.

It is easy enough to create and implement a technology for processing information, which is what the majority of individuals within the information technology IT industry are tasked with. However, using IT to facilitate communication and information management is only half the story. Today we need to make sure that IT not only does what it is supposed to do, but also that it will not do what it is not supposed to do. For example, we have created systems to facilitate online commerce and transaction processing.

Will those same systems ensure that no transactional errors occur? Will those systems resist accidental or purposeful and malicious modification of data?

Do the systems protect the information confidentiality well enough to comply with new privacy laws and standards? We cannot know the answers to these questions unless we have professionally reviewed, measured, and tested the systems. Again, this is what a CISA does. Although many organizations strive to ensure quality of processes and manufacturing according to ISO standards such as the ISO series, for competitive reasons, other organizations are forced to invest in quality assurance to comply with the law.

Either way, most organizations are spending increasing amounts of money to improve corporate governance. We draw from this example to show the importance of improving IT governance in today's corporate and governmental environment.

Why, an audit must be performed! Who directs or assists such a specialized systems audit? Finding someone certified to perform professional systems audits might be a good start. A CISA perhaps? Likewise, other U. Other countries around the world have instituted similar laws or are in the process of creating similar laws. Just look at the United Kingdom's Combined Code, more commonly known as the Turnbull report, and you will see what we mean.

Proving compliance with any legislation requires testing and documentation. Testing and documentation of systems controls is what a CISA systems auditor does. The simple fact is that there are new and compelling reasons for companies and government agencies to increase and improve systems auditing, and they need CISA professionals to help them.

The CISA examination is quite broad in scope. The following is a brief description of each topic area. As we move through the chapters, we cover each area in greater detail and provide a map for navigating the CISA exam. Evaluate strategy, policies, standards, procedures, and related practices for the management, planning, and organization of IS.

Evaluate the effectiveness and efficiency of the organization's implementation and ongoing management of technical and operational infrastructure to ensure that they adequately support the organization's business objectives. Evaluate IT infrastructure security to ensure that it satisfies the organization's business requirements for safeguarding information assets against unauthorized use, disclosure, modification, damage, and loss.

Evaluate the process for developing and maintaining documented, communicated, and tested plans for the continuity of business operations and IS processing in the event of a disruption.

Evaluate the methodology and processes by which the business application system development, acquisition, implementation, and maintenance are undertaken to ensure that they meet the organization's business objectives. Evaluate business systems and processes to ensure that risks are managed in accordance with the organization's business objectives.

Conduct IS audits in accordance with generally accepted IS audit standards and guidelines to ensure that the organization's information technology and business systems are adequately controlled, monitored, and assessed. The CISA exam is somewhat difficult to prepare for because it is very broad in scope and asks indirect questions requiring strong cognitive skills. The exam is also unusual in its format. The exam is not computerized and is presented as multiple-choice questions in a paper exam booklet.

You are required to provide your answers on a familiar "fill-in-the-bubble" answer sheet. This is not an exam that you can adequately prepare for by simply rote- memorizing terms and definitions. You need to be able to analyze a scenario and answer by combining various knowledge points from various topic areas.

Successfully completing this exam requires a great deal of thought and analysis to properly choose the "best" solution from several "viable" solutions. Unfortunately, there is not much available for the individual seeking a concise distillation of the exam topics only—hence the need for this book!

However, other resources are available via additional books and instructor-led training. As such, many of my students have found it difficult to prepare for the CISA exam with this book because it tends to focus on strictly review points rather than teaching the supporting concepts. We personally found it impossible to do well on ISACA's practice exams after having thoroughly read this book.

In spite of this, we recommend it as a supplemental resource. This is an excellent resource, if you can afford it. Although you should not expect to see a great deal of direct overlap with your real exam, the practice questions provided in this resource nicely fortify your ability to achieve success on exam day. The questions might not teach you necessary concepts as well as other mediums, but this is an excellent resource for final exam preparation.

As a matter of fact, comprehensive training for information systems and controls auditing is scarce as well. These sessions can vary in price and are not controlled for content quality or consistency by ISACA itself. Whereas ISACA provides template material to present from, the chapters have complete discretion regarding what is actually delivered and how it is delivered.

Typically, the sessions are provided by chapter members on a volunteer basis in their spare time. As you can see, it is difficult to really be sure of what to expect in terms of the quality of content and presentation style.

A few professional training organizations are starting to offer specialized training for systems auditing and assurance. One of the authors of this book, Allen Keele, is the lead content developer and lecturer for IT auditing and assurance courses provided by Certified Tech Trainers. As such, he has developed a very specialized custom curriculum focused on the core essentials of IT auditing and IT governance best practices. Certified Tech Trainers provides these courses at various locations throughout the world.

These courses are far more than simple exam-preparation reviews and are priced accordingly. However, if you are looking for a complete course on IS auditing so that you can learn about CISA exam topics, as well as many other critical IS auditing topics not covered on the exam or in this book, you might want to take a look at CTT's course offerings and decide whether instructor-led training is a viable and attractive alternative for you.

This book is designed to be read as a pointer to the areas of knowledge you will be tested on. In other words, you might want to read the book one time just to get insight into how comprehensive your knowledge of this topic is. The book is also designed to be read shortly before you go for the actual test and to give you a distillation of the field of systems auditing in as few pages as possible.

We think you can use this book to get a sense of the underlying context of any topic in the chapters—or to skim-read for Exam Alerts, bulleted points, summaries, and topic headings. We have drawn on material from ISACA's own listing of knowledge requirements, from other preparation guides, and from the exams themselves. We have also drawn from a battery of third-party test-preparation tools and technical websites, as well as from our own experience with application development and the exam.

Our aim is to walk you through the knowledge you will need—looking over your shoulder, so to speak—and point out those things that are important for the exam Exam Alerts, practice questions, and so on. By reading this book, you will not only gain from the experience of real-world professional information systems auditors, but you will also enjoy the benefit of costly professional content development. The CISA exam makes a basic assumption that you already have a strong background in information systems auditing and controls.

On the other hand, because the systems auditing requirements and practices constantly evolve, no one can be a complete expert. We have tried to demystify the jargon, acronyms, terms, and concepts. In addition, wherever we think you are likely to blur past an important concept, we have defined the assumptions and premises behind that concept.

We have tried to create a real-world tool that you can use to prepare for and pass the CISA certification exam. We are interested in any feedback you would care to share about the book, especially if you have ideas about how we can improve it for future test-takers.

We will consider everything you say carefully and will respond to all reasonable suggestions and comments. You can reach Allen Keele via email at allenk certifiedtechtrainers. Let us know if you found this book to be helpful in your preparation efforts. We would also like to know how you felt about your chances of passing the exam before you read the book and then after you read the book.

Of course, we would love to hear that you passed the exam—and even if you just want to share your triumph, we would be happy to hear from you. Thanks for choosing us as your personal trainers, and enjoy the book. We would wish you luck on the exam, but we know that if you read through all the chapters and have some real-world information systems and controls auditing experience, you will not need luck—you will pass the test on the strength of real knowledge!

This book will not teach you everything you need to know about auditing systems and controls, or even about an auditing standard or procedure. Nor is this book an introduction to computer technology.

This book reviews what you need to know before you take the test, with its fundamental purpose dedicated to reviewing the information needed on the ISACA CISA certification exam. This book uses a variety of teaching and memorization techniques to analyze the exam-related topics and to provide you with everything you will need to know to pass the test. Again, it is not a comprehensive introduction to information systems and controls auditing.

The topic areas for the exam often overlap in required understanding and can sometimes seem somewhat redundant. Topic areas can often intertwine, to make elimination of redundancy unavoidable. Try not to let redundancy bother you; instead, let it reinforce the concept interdependencies you need to understand to pass the CISA exam. We suggest that you read this book from front to back. You will not be wasting your time because nothing we have written is a guess about an unknown exam.

We have had to explain certain underlying information on such a regular basis that we have included those explanations here. After you have read the book, you can brush up on a certain area by using the index or the table of contents to go straight to the topics and questions you want to re-examine. We have tried to use the headings and subheadings to provide outline information about each given topic.

After you have been certified, we think you will find this book useful as a tightly focused reference and an essential foundation of information systems and controls auditing. Each Exam Cram 2 chapter follows a regular structure, along with graphical cues about especially important or useful material. The structure of a typical chapter is as follows:.