CISA Exam Cram: Certified Information Systems Auditor [Paperback]

Allen Keele (Author)

Book Description

Publication Date: April 30, 2005 | ISBN-10: 0789732726 | ISBN-13: 978-0789732729

Want an affordable yet innovative approach to studying for the Certified Information Systems Auditor (CISA) 2005 exam? CISA 2005 Exam Cram 2 is your solution. You will have the essential material for passing the CISA 2005 exam right at your fingertips. All exam objectives are covered and you'll find practice exams, exam alerts, notes, tips and cautions to help guide you through your exam preparation. A CD also provides you with a video introduction to the exam and complete explanations of answers to the practice questions from Certified Tech Trainers (CTT). As a special bonus, you will receive $75 in discounts on CTT products and services. For your smartest, most efficient way to get certified, choose CISA 2005 Exam Cram 2.

Editorial Reviews

About the Author

Allen Keele has 20 certifications, the CISA, CISM, CISSP, and Security+ among them.  As president and program developer for Certified Tech Trainers, he has over 14 years experience in information security and risk management. He has authored books on security and lectures at leading companies such as Deloitte and Touche, Blue Cross-Blue Shield, and Fujitsu. 

Keith Mortier holds a CISA and CISSP certification and a BS in Computer Information Systems. Within the IT industry, Keith has designed and implemented risk assessment, vulnerability testing and disaster recovery-security plans. Keith is president of LMI solutions providing security services to both commercial and government clients.

Excerpt. © Reprinted by permission. All rights reserved.

Introduction

Welcome to Information Systems Audit and Controls Association's Certified Information Systems Auditor (CISA) Exam Cram 2! Whether this is your first or your fifteenth Exam Cram 2 series book, you will find information here that will help ensure your success as you pursue knowledge, experience, and certification. This introduction explains ISACA certification programs in general and talks about how the Exam Cram 2 series can help you prepare for the CISA exam. This chapter discusses the basics of ISACA certification exams, including a description of the testing environment and a discussion of test-taking strategies. Chapters 1 through 7 are designed to remind you of everything you need to know to take—and pass—the CISA certification exam. The two sample tests at the end of the book should give you a reasonably accurate assessment of your knowledge—and, yes, we've provided the answers and their explanations to the tests. Read the book and understand the material, and you'll stand a very good chance of passing the test.

Exam Cram 2 books help you understand and appreciate the subjects and materials you need to pass ISACA certification exams. Exam Cram 2 books are aimed strictly at test preparation and review. They do not teach you everything you need to know about a topic. Instead, we present and dissect the questions and problems we've found that you're likely to encounter on a test. We've worked to bring together as much information as possible about ISACA certification exams.

Nevertheless, to completely prepare yourself for any ISACA test, we recommend that you begin by taking the Self-Assessment that is included in this book, immediately following this introduction. The Self-Assessment will help you evaluate your knowledge base against the requirements for an ISACA Certified Information Systems Auditor under both ideal and real circumstances.

Based on what you learn from the Self-Assessment, you might decide to begin your studies with some classroom training, some practice with systems auditing, or some background reading. On the other hand, you might decide to read one of the many study guides available from ISACA or third-party vendors on certain topics, including the award-winning certification preparation series from Que Publishing. We also recommend that you supplement your study program with visits to http://www.examcram2.com to receive additional practice questions, get advice, and track the CISA program.

About the CISA Exam and Content Areas

The Information Systems Audit and Control Association (ISACA) developed the Certified Information Systems Auditor (CISA) program in 1978 to accomplish these goals:

• Develop and maintain a testing instrument that could be used to evaluate an individual's competency in conducting information systems audits

• Provide a mechanism for motivating information systems auditors to maintain their competencies and monitoring the success of the maintenance programs

• Aid top management in developing a sound information systems audit function by providing criteria for personnel selection and development

The CISA program is designed to assess and certify individuals in the IS audit, control, or security profession who demonstrate exceptional skill, judgment and proficiency in IS audit, control, and security practices.

More than 35,000 professionals have earned the CISA certification since inception, and the certification is widely respected as a premier information security and information systems auditing accreditation. The certification continues to grow in acceptance and employer desirability; more than 15,000 candidates are expected to register for the 2005 exam (15% growth from 2004).

The CISA exam is offered only once per year, in early June; the exam for 2005 is offered on June 11. You may register as early as February 2, 2005, and the registration deadline is March 30, 2005. You should note that this exam is not computerized and is not provided through conventional testing centers such as Prometric or Vue. You may register online at http://www.isaca.org or take the exam at any ISACA chapter location. The current published exam registration fee is $385 for members and $505 for nonmembers. The best place to learn more about the CISA certification and the CISA exam is http://www.isaca.org.

The Information Systems Audit and Control Association states that the tasks and knowledge required of today's and tomorrow's information systems audit professional serve as the blueprint for the CISA examination. These areas are defined through a Practice Analysis that is conducted at regular intervals and consists of both process and content components in a CISA's job function. Accordingly, exams consist of tasks that are routinely performed by a CISA and the required knowledge to perform these tasks.

How valuable is the CISA certification to employers and individuals? Sometimes the best measure of a certification's value is reflected by how certification holders feel about the certification after having achieved it. In 2001, ISACA surveyed its membership to obtain feedback from CISA certified professionals as to whether obtaining the certification had advanced their careers. Seventy-one percent of members holding the CISA certification affirmed the value of the certification toward career advancement, and 75% of all members, certified and noncertified alike, felt that the CISA certification would be valuable for career advancement in the future.

Another measure of a certification's value can be found by assessing the desirability of the certification to employers. How many employers desire the certification as an employment prerequisite? Looking to popular job boards on the Internet such as Monster.com, TotalJobs.com, and Workthing.com, we can see that the quantity and quality of jobs requiring CISA certification are growing every month.

What is driving the employer demand for the CISA certification? Companies are under growing pressure to improve, document, and test their methods for managing information. As the late Dr. W. E. Deming (1900–1993) was able to prove, the quest for quality of processes and product is achieved through careful measurement of what exists, thorough analysis of defects, and effective remediation and correction. The quest for quality is just that: a quest. This means that quality improvement is an ongoing process that requires continuous reassessment. Assessing the capability of information systems to support business goals while maintaining information confidentiality, integrity, and reliability is exactly what a Certified Information Systems Auditor (CISA) does well.

It is easy enough to create and implement a technology for processing information, which is what the majority of individuals within the information technology (IT) industry are tasked with. However, using IT to facilitate communication and information management is only half the story. Today we need to make sure that IT not only does what it is supposed to do, but also that it will not do what it is not supposed to do. For example, we have created systems to facilitate online commerce and transaction processing. Will those same systems ensure that no transactional errors occur? Will those systems resist accidental or purposeful and malicious modification of data? Do the systems protect the information confidentiality well enough to comply with new privacy laws and standards? We cannot know the answers to these questions unless we have professionally reviewed, measured, and tested the systems. Again, this is what a CISA does.

Although many organizations strive to ensure quality of processes and manufacturing according to ISO standards such as the ISO 9000 series, for competitive reasons, other organizations are forced to invest in quality assurance to comply with the law. Either way, most organizations are spending increasing amounts of money to improve corporate governance. We draw from this ex...

Product Details

• Paperback: 456 pages
• Publisher: Que (April 30, 2005)
• Language: English
• ISBN-10: 0789732726
• ISBN-13: 978-0789732729
• Product Dimensions: 9.1 x 6 x 1.1 inches
• Shipping Weight: 1.2 pounds (View shipping rates and policies)
• Average Customer Review: 3.7 out of 5 stars  See all reviews (24 customer reviews)
• Amazon Best Sellers Rank: #148,073 in Books (See Top 100 in Books)

More About the Author

Discover books, learn about writers, read author blogs, and more.

Customer Reviews

Most Helpful Customer Reviews

16 of 16 people found the following review helpful:

5.0 out of 5 stars Excellent book for CISA prep., May 3, 2005

By 

Richard "Steinman" (Florida, USA) - See all my reviews

This review is from: CISA Exam Cram: Certified Information Systems Auditor (Paperback)

I have been trying to prepare for the upcoming ISACA CISA exam using materials from ISACA, namely the 2005 CISA Review Manual and the ISACA practice questions on CD. I have personnally found the ISACA material a bit challenging to prep from since the CD questions refer to many sources besides the ISACA Review Manual.

This Exam Cram prep book is EXCELLENT. It maps directly to the exam objectives, and teaches the material in a way that I can understand and retain. The book is FILLED with "Exam Alerts" so you do not have to wonder if you've missed important key learning points for test prep.

The CD that comes with the book has some very good practice questions as well. The answers are even explained with audio/visual clips that often show the author's technique for ferreting the answer from the question itself. Nice.

The seminars on the CD were very informative too, and provided additional content beyond the book. Nice. For twice the price, this book would still be a must-have CISA prep resource.

13 of 13 people found the following review helpful:

3.0 out of 5 stars For a cursory appraisal of one's knowledge, July 27, 2005

By 

H. Lam (USA) - See all my reviews
(REAL NAME)   

Amazon Verified Purchase

This review is from: CISA Exam Cram: Certified Information Systems Auditor (Paperback)

Per the authors' intent, CISA Exam Cram 2 is not meant to be a comprehensive preparation for the Certified Information Systems Auditor exam, but a summary of its important elements. As such, this book does a fair job, and I would recommend the book as a cursory appraisal of one's knowledge to identify areas for further study.

There are some idiosyncrasies in the book, such as:

- "4GL languages are inappropriate for designing any intensive data-calculation procedures" (Page 259);

but the book appears to be reflective of ISACA test policy. The authors and the publishing company were responsive to my questions about content in the book.

CISA Exam Cram 2 also includes a set of practice multiple-choice questions on CD-ROM. Registration of the book online entitles one to a bonus set of questions. As the book is not comprehensive, neither are the practice questions - in that they mirror the material in the book, and in that they require less analytical reasoning than typical of the actual exam. The answers do not explain why a particular choice is right compared to other choices, and why other choices are wrong. Nonetheless, the practice questions are a good value, considering their price and that the actual exam may also ask basic questions.

One should look to other resources for in-depth preparation (one can ask for recommendations in the various Yahoo and Google Groups dedicated to the CISA exam), but CISA Exam Cram 2 deserves to be considered as an introductory part of a rigorous curriculum in preparation for ISACA's Certified Information Systems Auditor exam. It is probably best to use this book before December 2005. ISACA has stated that the 2006 exams will cover new practice areas.

13 of 14 people found the following review helpful:

3.0 out of 5 stars Very well written - not quite aligned with the CISA exam, June 13, 2005

By 

Eric Svetcov (San Francisco, CA USA) - See all my reviews
(REAL NAME)   

This review is from: CISA Exam Cram: Certified Information Systems Auditor (Paperback)

I used this book and the associated test questions as my primary study resource for the June 11, 2005 CISA exam. I thought that the book was extremely well written and the practice test questions were very well aligned with the book; however, after just experiencing the test this past weekend, I am a bit concerned that the material in the book was not well aligned with the test. Sure, the topics were the same, but the real test hit on areas the book didn't cover. I would say that between 20 and 30 percent of the test was very well covered by this book and another 30 to 40 percent was fairly well covered; however, the remaining 30-50 percent was not well covered. It is possible that by using just this book to study that you will be able to pass the test; however, you will need to know quite a bit already and this book will need to fill-in areas you didn't already know about.

Incidentally, if I did pass using just this book, I will come back and report that....in a few months.

*****Returning to Continue Review*****

As I mentioned before, I indicated I would come back and say whether I passed or not (I passed). This book and the practice questions that were bundled with this book were my only study materials. I have been working for a big 4 accounting firm for nearly a year and have in addition to the CISA a CISSP, CWNA, and MCP. I've been working in IT for over 10 years.

As I alluded to in my first review, this book is not completely aligned with the test; however it is well written and the test questions are well aligned with the book.

I'm fairly sure that without my background that this book alone would not have been enough. I would suggest that at least you pickup alternate test questions from some other source or read alternate study materials in addition to this book. Although I did well on the test, significantly better than many others who passed, I did feel underprepared while taking the test.

Good luck on your studies.