ContentsIntroductionChapter 1 Introduction to the CISA examinationThe structure of the CISA examBecoming CertifiedExperience requirementsPassing the ExamCISA Job Practice Domains and task and knowledge statementsISACAs Code of Professional EthicsThe ISACA StandardsContinuous Professional EducationChapter 2: Domain 1The Process of Auditing Information SystemsKnowledge StatementsUnderstanding the Fundamental Business ProcessesControl principles related to controls in information systemsRisk-based audit planning and audit project management techniquesQuality of the internal control frameworkAuditor understanding of the applicable lawsEvidence collection techniquesDomain One exam tipsDomain One - Practice questionsDomain One Review Questions and Hands on ExerciseDomain One - Answers to practice questionsExercise 1 sample answerChapter 3: Domain 2Governance and Management of ITGovernance in GeneralResource ManagementProject Management ToolsAuditors Role in the Project Management ProcessAudit Risk AssessmentAudit PlanningDomain Two - practice questionsDomain Two Review Questions and Hands on ExerciseExercise 2 sample answerDomain 2 Answers to practice questionsChapter 4: Domain 3Information Systems Acquisition, Development and ImplementationSystems AcquisitionSystems DevelopmentSystems ImplementationSystems Maintenance ReviewDomain Three - practice questionsDomain Three Review Questions and Hands on ExerciseExercise 3 sample answerDomain 3 Answers to practice questionsChapter 5: Domain 4 Information Systems Operations, Maintenance and Service ManagementHardwareAuditing Operating SystemsPeopleSystem interfacesChange ManagementAuditing Change ControlDisaster Recovery PlanningAuditing Service DeliveryDomain Four - practice questionsDomain Four Review Questions and Hands on ExerciseExercise 4 sample answerDomain 4 Answers to practice questionsChapter 6: Domain 5 Protection of Information AssetsProtection of information assetsPrivacy principlesDesign, implementation, maintenance, monitoring and reporting of security controlsPhysical access controls for the identification, authentication and restriction of usersLogical access controls for the identification, authentication and restriction of usersRisk and controls associated with virtualization of systemsRisks and controls associated with the use of mobile and wireless devicesEncryption-related techniques and their usesPublic key infrastructure (PKI) components and digital signature techniquesPeer-to-peer computing, instant messaging, and web-based technologiesData classification standards related to the protection of information assetsRisks in end-user computingImplementing a security awareness programInformation system attack methods and techniquesPrevention and detection tools and control techniquesSecurity testing techniquesPenetration testing and Vulnerability scanningForensic investigation and procedures in collection and preservation of the data and evidenceDomain Five - practice questionsDomain Five Review Questions and Hands on ExerciseExercise 5 sample answerDomain 5 Answers to practice questionsChapter 7 Preparing for the ExamAppendicesAppendix A: Glossary of TermsAppendix B: CISA Sample Exam Choose any 150 questionsAppendix C: Sample Exam Answers