Book details of 'The CISA Prep Guide: Mastering the Certified Information Systems Auditor Exam'
|Title||The CISA Prep Guide: Mastering the Certified Information Systems Auditor Exam|
|Author(s)||John Kramer, John B. Kramer|
Shop for this book
As an Amazon Associate I earn from qualifying purchases
Back to shelf Computer networks
The Virtual Bookcase Reviews of 'The CISA Prep Guide: Mastering the Certified Information Systems Auditor Exam':
Reviewer Rob Slade wrote:
The CISA, or Certified Information Systems Auditor, has been the
accepted standard for information system and security audits and
reviews for some time now.
Chapter one outlines the types and activities of audit. Management is
the topic of chapter two, and there is an emphasis on signals that
indicate faults or failures. Technical infrastructure, in terms of
operating systems, centralized computers, and communications networks,
are generically discussed in chapter three. There is little technical
detail, and it is interesting to see the significance and primacy
given to financial audit considerations such as assessments of capital
depreciation, which have little to do with security or performance of
the information systems in question. Similarly, chapter four,
ostensibly about the protection of information assets, is quite
abstract, and concentrates primarily on issues of access control.
(The material on viruses is based on outdated concepts: I was
astonished to find the CISA does not consider user training to be an
appropriate control for virus protection.) Chapter five provides a
good outline of what should be included in a business continuity or
disaster recovery plan, although it is not as helpful in regard to the
process for achieving the plan. There is a general overview of
systems development in chapter six, but it does not indicate how to
check if the proper procedures were followed, the influences of
specific practices, or how to judge the quality of the outcome.
Chapter seven reiterates some points from chapters one and two.
Those who can address this material will be able to raise questions
about all aspects of computer and communications operations. The
emphasis is on management, and (naturally enough) the technical or
mechanistic aspects of management at that. Those with an accounting
background will be more comfortable with the content and concepts than
those who have worked with security reviews of systems. Whether those
questions will result in directions for significant improvements in
the security or performance of information systems might still be
uncertain. As Albert Einstein famously said, not everything that can
be counted counts, and not everything that counts can be counted.
copyright Robert M. Slade, 2004
Add my review for The CISA Prep Guide: Mastering the Certified Information Systems Auditor Exam