Customer Reviews

CISA Certified Information Systems Auditor All-in-One Exam Guide

5 star:		(1)
4 star:		(2)
3 star:		(2)
2 star:		(1)
1 star:		(1)

 

 

I got this book in addition to the ISACA CBK for the CISA exam. Of the two, I definitely preferred this one, as it's a very nice easy to read manual that compliments the ISACA CISA exam guide. As with any situation where you have two different authors writing about the same subject, you'll find that there are areas where one book goes into more depth than another. That's the case here, although it's not nearly as bad as with ISC2's CBK for the CISSP and the CISSP All-in-One.

I had to take away one star since the format of the book is not consistent throughout (some chapters have a summary and then points of interest, in other chapters this is reversed, and in some one or the other are missing). I also had an issue with the lack of questions in the book itself. Considering the size of each chapter, there's no reason to limit yourself to 10 questions per chapter (this is especially true for chapters 5 and 6, which run 100+ pages).

I did rely on this book heavily for the CISA exam, and while I do not know whether or not I passed as of yet, I did find the exam to be easier to me than the CISSP. This book was a big part of that.

-Greg Houser, CISSP, GCIP, GFSP, GSEC

I held off on writing the review until I received my CISA exam results-- I passed the exam and think that this book was a big reason why. The book does a fantastic job of breathing life into ISACAs auditing concepts and is actually pretty fun to read. My favorite part of the book was the practice questions that are included on the CD that accompanies the book. In additional to the Gregory book, I also read the official CISA Manual for 2009. Although I took the 2010 June exam, the older review manual still possessed relevant information. On top of those two resources, I also purchased a CD of CISA practice questions from ISACA (800 questions in total). Getting your hands on good practice questions and more than one book is the best way to study in my opinion. The Gregory book is definitely easier and more fun to read than the official CISA Manual; but I must warn you that neither book contains everything that you need to know. However, reading both books and taking at least 600 practice questions will put you in a good spot when it comes time to take the exam.

Perhaps my expectation was too high. The reason for getting this book was due to my (positive) experience with CISSP book from the publisher (Shon Harris). However, this book, compared to the CISSP one, seemed unorganized and not as well-written.

1. I didn't notice it as much with CISSP chapters, but while reading the book, it's hard to keep track of what topic/subsection the paragraph is really under. The writing relied on section headers for transitions rather than writing the transitions in. In other words, if you didn't look at the subsection headers (which looked similar between main section vs subsection vs sub-subsection), you wouldn't be able to really follow how the concept you are reading ties in to the whole picture. Furthermore, the summary section is more like *excerpts* of summary rather than an actual summary of the topics that were discussed. That is, it does not actually summarize all the important topics. It goes into too much detail on certain topics and doesn't cover all the topics that were discussed.

2. There were some questions with wrong answers and blatantly wrong explanation. While taking the exams in the CD, I noticed a wrong answer and explanation to the CD. I tried looking for errata but there does not seem to be one. The book/CD claims the following (through one of the questions:

If you encrypt something with *private* key, then verified with *public* key, confidentiality is accomplished.

Are you freaking kidding me? Public keys are public, meant to be known by *everyone*. If you encrypt anything with private key, anyone with public key (i.e., everyone) can decrypt the message. So confidentiality is *not* achieved. Perhaps the book meant to say encrypted with public key then verified with private key, but something as important part as test exam should have been more careful.

Buyer beware! If you are looking at the title and are buying looking at the year 2010, then you will be disappointed as the product is of 2009. Only the name has 2010 in it. With all respect to everyone else's review, and the product's capabilities, I thought it to be deceptive after I bought it expecting it to be a 2010 released software(although a non-ISACA publication).

After studying directly from the CISA Review Manual, also as fondly known as CRM, I truly appreciated this book as a supplementary book of knowledge.

There is no confusing or extra editorial to fill pages. All discussions are supplementing what CRM is preaching with more illisutarion and clarity.

Reading a subject with two solid approaches sinks the concept with much more solid footing.

Initially I was thinking to resell the book after passing the exam, however, I now will keep it as one of my referenace books in the office library.

In short, a must have investment if one is serious about CISA or even IT governance as a whole.

I really didn't like this book, many important topics are not addressed and the level of details just seems inconsistent between a chapter and another. I think this book was published in a hurry without being completed.

You can try a simple test: take the CISA question database, and try to find the answers using this book. You'll see it's not there. You need the official CISA Review manual for the exam.

I am yet to write the Exam in June 2011, but have gone through it briefly and i like it because it is to the point and brief.