Custom Search

Thursday, January 24, 2008

CISA Audit Process Continued -002-02_p1

This is a continuation of the previous videos which touches on controls , risks analysis and detailed audit process based on standards by ISACA. Enjoy!!!




Tags:












CISA Exam Cram (2nd Edition) (Perfect)

CISA Exam Cram (2nd Edition) (Perfect)


CISA Exam Cram (2nd Edition) Michael Gregg is founder and president of Superior Solutions, Inc., a Houston-based IT security consulting and auditing firm. The CISA Exam Prep provides you with the markets most comprehensive and current material for passing the new CISA certification exam. Exam Preps best-selling study methods feature chapter review questions, practice exams, exam alerts, notes, tips, and cautions. Youll also have exclusive access to online test questions, which help you assess your understanding of the material before you take your exam. The CISA Exam Cram, Second Edition provides you with the newest material for passing the CISA certification exam. Exam Cram offers readers an innovative approach to study with a video introduction to the exam and strategies for doing well on the exam. Key features of the book includenbspthe cram sheet tearcard and the chapter-ending questions cover all exam objectives. Other tools, including practice exams, exam alerts, notes, tips, and cautions, help you successfully prepare for this exam. The CISA Exam Prep provides readers with comprehensive coverage of the2006 CISA certification exam objectives. Focused specifically on the material readers must know to score high ontheir CISA exams, this bookfeaturesreview questions at the end of each chapter,practice exams, exam alerts, important notes, and handy study tips. The book also features exclusive access to online practice questions, so readers canassess their strengths and weaknessesbefore theytake their exams.Topic Information The Sarbanes-Oxley Act of 2002 elevated systems auditing to a legal requirement for publicly traded companies and many privately held companies are following suit due to increased security risks. The exam is a test of auditing concepts to be used as guidance for systems auditors andmajor changes were incorporated into the 2006 exam.The CISA Exam Prep provides the most comprehensive, accurate, and current coverage ofthese exam objectives. The CISAis now offeredtwice a year, every June and December, in 200 locations worldwide. Since its inception, approximately 45,000 IS auditors, accountants, security practitioners and other leaders in IT governance and assurance from around the world have earned the CISA designation. Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . .1 nbsp How This Book Helps You . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 About the CISA Exam . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 CISA Exam Objectives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 How to Prepare for the Exam . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 Additional Exam-Preparation Resources . . . . . . . . . . . . . . . . . . . . . . . . . .











Posted by at No comments:

CISA Audit Process part 1 continued - p2 -2

This is a continuation of part 1 on CISA'S audit process , enjoy!!

Posted by at No comments:

Saturday, January 19, 2008

Certified Information Systems Auditor - Recap

In this recap section, we will look at the audit process area again.
Topics like detection controls, correction controls & Preventive controls etc.

See the video for recap




Tags:









CISA Exam Cram (2nd Edition) (Paperback (Trade Paper))

CISA Exam Cram (2nd Edition) (Paperback (Trade Paper))


CISA Exam Cram (2nd Edition) Michael Gregg is founder and president of Superior Solutions, Inc., a Houston-based IT security consulting and auditing firm. The CISA Exam Prep provides you with the markets most comprehensive and current material for passing the new CISA certification exam. Exam Preps best-selling study methods feature chapter review questions, practice exams, exam alerts, notes, tips, and cautions. Youll also have exclusive access to online test questions, which help you assess your understanding of the material before you take your exam. The CISA Exam Cram, Second Edition provides you with the newest material for passing the CISA certification exam. Exam Cram offers readers an innovative approach to study with a video introduction to the exam and strategies for doing well on the exam. Key features of the book includenbspthe cram sheet tearcard and the chapter-ending questions cover all exam objectives. Other tools, including practice exams, exam alerts, notes, tips, and cautions, help you successfully prepare for this exam. The CISA Exam Prep provides readers with comprehensive coverage of the2006 CISA certification exam objectives. Focused specifically on the material readers must know to score high ontheir CISA exams, this bookfeaturesreview questions at the end of each chapter,practice exams, exam alerts, important notes, and handy study tips. The book also features exclusive access to online practice questions, so readers canassess their strengths and weaknessesbefore theytake their exams.Topic Information The Sarbanes-Oxley Act of 2002 elevated systems auditing to a legal requirement for publicly traded companies and many privately held companies are following suit due to increased security risks. The exam is a test of auditing concepts to be used as guidance for systems auditors andmajor changes were incorporated into the 2006 exam.The CISA Exam Prep provides the most comprehensive, accurate, and current coverage ofthese exam objectives. The CISAis now offeredtwice a year, every June and December, in 200 locations worldwide. Since its inception, approximately 45,000 IS auditors, accountants, security practitioners and other leaders in IT governance and assurance from around the world have earned the CISA designation. Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . .1 nbsp How This Book Helps You . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 About the CISA Exam . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 CISA Exam Objectives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 How to Prepare for the Exam . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 Additional Exam-Preparation Resources . . . . . . . . . . . . . . . . . . . . . . . . . .














Posted by at No comments:

Tuesday, July 10, 2007

CISA Audit Process #16

CISA Audit Process #16

The first step in a risk-based audit approach is to gather information about the business and industry to evaluate the inherent risks. After completing the assessment of the inherent risks, the next step is to complete an assessment of the internal control structure. The controls are then tested and, on the basis of the test results, substantive tests are carried out and assessed.

Related Tags: , , , , , , , ,
Posted by at No comments:

CISA Audit Process#15

CISA Audit Process #15

The ISACA IS Auditing Guideline G15 on planning the IS audit states, "An assessment of risk should be made to provide reasonable assurance that material items will be adequately covered during the audit work. This assessment should identify areas with a relatively high risk of the existence of material problems." Definite assurance that material items will be covered during the audit work is an impractical proposition. Reasonable assurance that all items will be covered during the audit work is not the correct answer, as material items need to be covered, not all items.

Related Tags: , , , , ,
Posted by at No comments:

Monday, July 9, 2007

CISA Audit Process #14

Calculation of a Business Risk - Risky Analysis

Overall business risk for a particular threat can be expressed as:
a product of the probability and magnitude of the impact if a threat successfully exploits a vulnerability.
For example: If you lose some strictly confidential documents which consists of pricing and patent information of new products that your company is going to launch, what is the impact if it falls under the hands of competitors & further more the documents have not been encrypted.

Impact = 10 (high impact)
Probabaility = 0.9( very likely)

Therefore the risk factor is 10 * 0.9 = 9 (very high risk factor)


Related Tags: , , , , , , ,
Posted by at No comments:

Friday, June 29, 2007

CISA Audit Process #13

Data Flow Diagrams

Data flow diagrams are used as aids to graph or chart data flow and storage. They trace the data from its origination to destination, highlighting the paths and storage of data. They do not order data in any hierarchy. The flow of the data will not necessarily match any hierarchy or data generation order.

An IT auditor will always need some data flow diagrams from his auditee to verify data confidentiality , Integrity , Ava liability compliance of an organisation the IT auditor is auditing.

Related Tags: , , , , , , ,
Posted by at No comments:
Subscribe to: Posts (Atom)