Book details of 'The CISA Prep Guide: Mastering the Certified Information Systems Auditor Exam'

Title	The CISA Prep Guide: Mastering the Certified Information Systems Auditor Exam
Author(s)	John Kramer, John B. Kramer
ISBN	0471250325
Language	English
Published	February 2003
Publisher	Wiley

---

Back to shelf Computer networks

Score:

Vote for this book

The Virtual Bookcase Reviews of 'The CISA Prep Guide: Mastering the Certified Information Systems Auditor Exam':

Reviewer Rob Slade wrote:
The CISA, or Certified Information Systems Auditor, has been the accepted standard for information system and security audits and reviews for some time now. Chapter one outlines the types and activities of audit. Management is the topic of chapter two, and there is an emphasis on signals that indicate faults or failures. Technical infrastructure, in terms of operating systems, centralized computers, and communications networks, are generically discussed in chapter three. There is little technical detail, and it is interesting to see the significance and primacy given to financial audit considerations such as assessments of capital depreciation, which have little to do with security or performance of the information systems in question. Similarly, chapter four, ostensibly about the protection of information assets, is quite abstract, and concentrates primarily on issues of access control. (The material on viruses is based on outdated concepts: I was astonished to find the CISA does not consider user training to be an appropriate control for virus protection.) Chapter five provides a good outline of what should be included in a business continuity or disaster recovery plan, although it is not as helpful in regard to the process for achieving the plan. There is a general overview of systems development in chapter six, but it does not indicate how to check if the proper procedures were followed, the influences of specific practices, or how to judge the quality of the outcome. Chapter seven reiterates some points from chapters one and two. Those who can address this material will be able to raise questions about all aspects of computer and communications operations. The emphasis is on management, and (naturally enough) the technical or mechanistic aspects of management at that. Those with an accounting background will be more comfortable with the content and concepts than those who have worked with security reviews of systems. Whether those questions will result in directions for significant improvements in the security or performance of information systems might still be uncertain. As Albert Einstein famously said, not everything that can be counted counts, and not everything that counts can be counted. copyright Robert M. Slade, 2004

Add my review for The CISA Prep Guide: Mastering the Certified Information Systems Auditor Exam

Book description:

* This is the first commercially available book to offer CISA study materials * The consulting editor, Ronald Krutz, is the co-author of The CISSP Prep Guide (0-471-26802-X) * Provides definitions and background on the seven content areas of CISA * Includes many sample test questions and explanations of answers * More than 10,000 people registered for the CISA exam in 2002 * CD-ROM contains annual updates to the exam so the book remains current for a number of years