CISA Certified Information Systems Auditor All-in-One Exam Guide [Hardcover]

Peter H. Gregory (Author)

Book Description

ISBN-10: 0071487557 | ISBN-13: 978-0071487559 | Publication Date: October 14, 2009 | Edition: 1

"All-in-One is All You Need."

CISA Certified Information Systems Auditor All in One Exam Guide

Get complete coverage of all the material included on the Certified Information Systems Auditor exam inside this comprehensive resource. Written by an IT security and audit expert, this authoritative guide covers all six exam domains developed by the Information Systems Audit and Control Association (ISACA). You'll find learning objectives at the beginning of each chapter, exam tips, practice exam questions, and in-depth explanations. Designed to help you pass the CISA exam with ease, this definitive volume also serves as an essential on-the-job reference.

Covers all exam topics, including:

• IS audit process
• IT governance
• Network technology and security
• Systems and infrastructure lifestyle management
• IT service delivery and support
• Protection of information assets
• Physical security
• Business continuity and disaster recovery

Peter H. Gregory, DRCE, CISSP, CISA, is a security and risk manager at a financial management company. He is a member of the board of advisors and is the lead instructor for the University of Washington's certificate program in Information Systems Security.

Editorial Reviews

About the Author

Peter Gregory, CISSP, CISA is a career technologist and currently a security and risk manager at a financial management company in Redmond. He is the author of twenty books on security and technology. A board member of Evergreen State InfraGard, Peter is a co-founder of the Pacific CISO Forum, a graduate of the FBI Citizens’ Academy, and a member of the board of advisors for the University of Washington certificate program on Information Assurance and Cybersecurity.

Product Details

• Hardcover: 672 pages
• Publisher: McGraw-Hill Osborne Media; 1 edition (October 14, 2009)
• Language: English
• ISBN-10: 0071487557
• ISBN-13: 978-0071487559
• Product Dimensions: 9.3 x 7.7 x 1.7 inches
• Shipping Weight: 2.9 pounds (View shipping rates and policies)
• Average Customer Review: 3.1 out of 5 stars  See all reviews (7 customer reviews)
• Amazon Best Sellers Rank: #189,102 in Books (See Top 100 in Books)

Customer Reviews

Most Helpful Customer Reviews

5 of 5 people found the following review helpful:

4.0 out of 5 stars Solid secondary source, December 14, 2009

By 

Yoda117 - See all my reviews

Amazon Verified Purchase

This review is from: CISA Certified Information Systems Auditor All-in-One Exam Guide (Hardcover)

I got this book in addition to the ISACA CBK for the CISA exam. Of the two, I definitely preferred this one, as it's a very nice easy to read manual that compliments the ISACA CISA exam guide. As with any situation where you have two different authors writing about the same subject, you'll find that there are areas where one book goes into more depth than another. That's the case here, although it's not nearly as bad as with ISC2's CBK for the CISSP and the CISSP All-in-One.

I had to take away one star since the format of the book is not consistent throughout (some chapters have a summary and then points of interest, in other chapters this is reversed, and in some one or the other are missing). I also had an issue with the lack of questions in the book itself. Considering the size of each chapter, there's no reason to limit yourself to 10 questions per chapter (this is especially true for chapters 5 and 6, which run 100+ pages).

I did rely on this book heavily for the CISA exam, and while I do not know whether or not I passed as of yet, I did find the exam to be easier to me than the CISSP. This book was a big part of that.

-Greg Houser, CISSP, GCIP, GFSP, GSEC

4 of 5 people found the following review helpful:

5.0 out of 5 stars An amazing guide for prospective exam takers, August 12, 2010

By 

A. Yarnal - See all my reviews

Amazon Verified Purchase

This review is from: CISA Certified Information Systems Auditor All-in-One Exam Guide (Hardcover)

I held off on writing the review until I received my CISA exam results-- I passed the exam and think that this book was a big reason why. The book does a fantastic job of breathing life into ISACAs auditing concepts and is actually pretty fun to read. My favorite part of the book was the practice questions that are included on the CD that accompanies the book. In additional to the Gregory book, I also read the official CISA Manual for 2009. Although I took the 2010 June exam, the older review manual still possessed relevant information. On top of those two resources, I also purchased a CD of CISA practice questions from ISACA (800 questions in total). Getting your hands on good practice questions and more than one book is the best way to study in my opinion. The Gregory book is definitely easier and more fun to read than the official CISA Manual; but I must warn you that neither book contains everything that you need to know. However, reading both books and taking at least 600 practice questions will put you in a good spot when it comes time to take the exam.

1 of 1 people found the following review helpful:

2.0 out of 5 stars Don't buy this book, December 14, 2010

By 

K. Baek (Philadelphia, PA) - See all my reviews
(REAL NAME)   

Amazon Verified Purchase

This review is from: CISA Certified Information Systems Auditor All-in-One Exam Guide (Hardcover)

Perhaps my expectation was too high. The reason for getting this book was due to my (positive) experience with CISSP book from the publisher (Shon Harris). However, this book, compared to the CISSP one, seemed unorganized and not as well-written.

1. I didn't notice it as much with CISSP chapters, but while reading the book, it's hard to keep track of what topic/subsection the paragraph is really under. The writing relied on section headers for transitions rather than writing the transitions in. In other words, if you didn't look at the subsection headers (which looked similar between main section vs subsection vs sub-subsection), you wouldn't be able to really follow how the concept you are reading ties in to the whole picture. Furthermore, the summary section is more like *excerpts* of summary rather than an actual summary of the topics that were discussed. That is, it does not actually summarize all the important topics. It goes into too much detail on certain topics and doesn't cover all the topics that were discussed.

2. There were some questions with wrong answers and blatantly wrong explanation. While taking the exams in the CD, I noticed a wrong answer and explanation to the CD. I tried looking for errata but there does not seem to be one. The book/CD claims the following (through one of the questions:

If you encrypt something with *private* key, then verified with *public* key, confidentiality is accomplished.

Are you freaking kidding me? Public keys are public, meant to be known by *everyone*. If you encrypt anything with private key, anyone with public key (i.e., everyone) can decrypt the message. So confidentiality is *not* achieved. Perhaps the book meant to say encrypted with public key then verified with private key, but something as important part as test exam should have been more careful.