- Broschiertes Buch
- Merkliste
- Auf die Merkliste
- Bewerten Bewerten
- Teilen
- Produkt teilen
- Produkterinnerung
- Produkterinnerung
The ultimate CISA prep guide, with practice exams
Sybex's CISA: Certified Information Systems Auditor Study Guide, Fourth Edition is the newest edition of industry-leading study guide for the Certified Information System Auditor exam, fully updated to align with the latest ISACA standards and changes in IS auditing. This new edition provides complete guidance toward all content areas, tasks, and knowledge areas of the exam and is illustrated with real-world examples. All CISA terminology has been revised to reflect the most recent interpretations, including 73 definition and nomenclature…mehr
Andere Kunden interessierten sich auch für
- Mike Chapple(Isc)2 Cissp Certified Information Systems Security Professional Official Study Guide & Practice Tests Bundle65,99 €
- Dafydd StuttardThe Web Application Hacker's Handbook42,99 €
- Kevin D. MitnickThe Art of Deception39,99 €
- Chris AnleyThe Shellcoder's Handbook36,99 €
- Troy McMillanCCNA Security Study Guide41,99 €
- Arthur J. DeaneCCSP For Dummies30,99 €
- Ross AndersonSecurity Engineering49,99 €
-
-
-
The ultimate CISA prep guide, with practice exams
Sybex's CISA: Certified Information Systems Auditor Study Guide, Fourth Edition is the newest edition of industry-leading study guide for the Certified Information System Auditor exam, fully updated to align with the latest ISACA standards and changes in IS auditing. This new edition provides complete guidance toward all content areas, tasks, and knowledge areas of the exam and is illustrated with real-world examples. All CISA terminology has been revised to reflect the most recent interpretations, including 73 definition and nomenclature changes. Each chapter summary highlights the most important topics on which you'll be tested, and review questions help you gauge your understanding of the material. You also get access to electronic flashcards, practice exams, and the Sybex test engine for comprehensively thorough preparation.
For those who audit, control, monitor, and assess enterprise IT and business systems, the CISA certification signals knowledge, skills, experience, and credibility that delivers value to a business. This study guide gives you the advantage of detailed explanations from a real-world perspective, so you can go into the exam fully prepared.
Discover how much you already know by beginning with an assessment test
Understand all content, knowledge, and tasks covered by the CISA exam
Get more in-depths explanation and demonstrations with an all-new training video
Test your knowledge with the electronic test engine, flashcards, review questions, and more
The CISA certification has been a globally accepted standard of achievement among information systems audit, control, and security professionals since 1978. If you're looking to acquire one of the top IS security credentials, CISA is the comprehensive study guide you need.
Sybex's CISA: Certified Information Systems Auditor Study Guide, Fourth Edition is the newest edition of industry-leading study guide for the Certified Information System Auditor exam, fully updated to align with the latest ISACA standards and changes in IS auditing. This new edition provides complete guidance toward all content areas, tasks, and knowledge areas of the exam and is illustrated with real-world examples. All CISA terminology has been revised to reflect the most recent interpretations, including 73 definition and nomenclature changes. Each chapter summary highlights the most important topics on which you'll be tested, and review questions help you gauge your understanding of the material. You also get access to electronic flashcards, practice exams, and the Sybex test engine for comprehensively thorough preparation.
For those who audit, control, monitor, and assess enterprise IT and business systems, the CISA certification signals knowledge, skills, experience, and credibility that delivers value to a business. This study guide gives you the advantage of detailed explanations from a real-world perspective, so you can go into the exam fully prepared.
Discover how much you already know by beginning with an assessment test
Understand all content, knowledge, and tasks covered by the CISA exam
Get more in-depths explanation and demonstrations with an all-new training video
Test your knowledge with the electronic test engine, flashcards, review questions, and more
The CISA certification has been a globally accepted standard of achievement among information systems audit, control, and security professionals since 1978. If you're looking to acquire one of the top IS security credentials, CISA is the comprehensive study guide you need.
Produktdetails
- Produktdetails
- Verlag: Wiley & Sons
- 4. Aufl.
- Seitenzahl: 704
- Erscheinungstermin: 26. April 2016
- Englisch
- Abmessung: 236mm x 189mm x 40mm
- Gewicht: 917g
- ISBN-13: 9781119056249
- ISBN-10: 1119056241
- Artikelnr.: 41750822
- Verlag: Wiley & Sons
- 4. Aufl.
- Seitenzahl: 704
- Erscheinungstermin: 26. April 2016
- Englisch
- Abmessung: 236mm x 189mm x 40mm
- Gewicht: 917g
- ISBN-13: 9781119056249
- ISBN-10: 1119056241
- Artikelnr.: 41750822
David L. Cannon CISA, CCSP, is President and Founder of CertTest Training Center, a leading CISA training provider. With more than 20 years of experience in IT training and consulting for IT operations, security, system administration, and management, David teaches CISA preparation courses across the country. He is a frequent speaker and lecturer at the leading security and auditing conferences. Brian T. O'Hara CISA, CISM, CRISC, CISSP is the Information Security Officer (ISO) for Do it Best Corp. and is an ISSA Fellow. He is the President of the Indiana InfraGard Members Alliance, a partnership between the FBI and the private sector and President of the Central Indiana Chapter of ISACA. Featuring test questions by... Allen Keele CISA, CISM, CISSP, ISO 31000 CICRA, ISO 27001 CICA, ISO 27001 Lead Auditor, ISO 22301 Certified Business Continuity Manager, and Certified Fraud Examiner is the founder of Certified Information Security www.certifiedinfosec.com.
Introduction xix Assessment Test xlii Chapter 1 Secrets of a Successful
Auditor 1 Understanding the Demand for IS Audits 2 Executive Misconduct 3
More Regulation Ahead 5 Basic Regulatory Objective 7 Governance Is
Leadership 8 Three Types of Data Target Different Uses 9 Audit Results
Indicate the Truth 10 Understanding Policies, Standards, Guidelines, and
Procedures 11 Understanding Professional Ethics 14 Following the ISACA
Professional Code 14 Preventing Ethical Conflicts 16 Understanding the
Purpose of an Audit 17 Classifying General Types of Audits 18 Determining
Differences in Audit Approach 20 Understanding the Auditor's Responsibility
21 Comparing Audits to Assessments 21 Differentiating between Auditor and
Auditee Roles 22 Applying an Independence Test 23 Implementing Audit
Standards 24 Where Do Audit Standards Come From? 25 Understanding the
Various Auditing Standards 27 Specific Regulations Defining Best Practices
31 Audits to Prove Financial Integrity 34 Auditor Is an Executive Position
35 Understanding the Importance of Auditor Confidentiality 35 Working with
Lawyers 36 Working with Executives 37 Working with IT Professionals 37
Retaining Audit Documentation 38 Providing Good Communication and
Integration 39 Understanding Leadership Duties 39 Planning and Setting
Priorities 40 Providing Standard Terms of Reference 41 Dealing with
Conflicts and Failures 42 Identifying the Value of Internal and External
Auditors 43 Understanding the Evidence Rule 43 Stakeholders: Identifying
Whom You Need to Interview 44 Understanding the Corporate Organizational
Structure 45 Identifying Roles in a Corporate Organizational Structure 45
Identifying Roles in a Consulting Firm Organizational Structure 47 Summary
49 Exam Essentials 49 Review Questions 52 Chapter 2 Governance 57 Strategy
Planning for Organizational Control 61 Overview of the IT Steering
Committee 64 Using the Balanced Scorecard 69 IT Subset of the BSC 74
Decoding the IT Strategy 74 Specifying a Policy 77 Project Management 79
Implementation Planning of the IT Strategy 90 Using COBIT 94 Identifying
Sourcing Locations 94 Conducting an Executive Performance Review 99
Understanding the Auditor's Interest in the Strategy 100 Overview of
Tactical Management 100 Planning and Performance 100 Management Control
Methods 101 Risk Management 105 Implementing Standards 108 Human Resources
109 System Life?]Cycle Management 111 Continuity Planning 111 Insurance 112
Overview of Business Process Reengineering 112 Why Use Business Process
Reengineering 113 BPR Methodology 114 Genius or Insanity? 114 Goal of BPR
114 Guiding Principles for BPR 115 Knowledge Requirements for BPR 116 BPR
Techniques 116 BPR Application Steps 117 Role of IS in BPR 119 Business
Process Documentation 119 BPR Data Management Techniques 120 Benchmarking
as a BPR Tool 120 Using a Business Impact Analysis 121 BPR Project Risk
Assessment 123 Practical Application of BPR 125 Practical Selection Methods
for BPR 127 Troubleshooting BPR Problems 128 Understanding the Auditor's
Interest in Tactical Management 129 Operations Management 129 Sustaining
Operations 130 Tracking Actual Performance 130 Controlling Change 131
Understanding the Auditor's Interest in Operational Delivery 131 Summary
132 Exam Essentials 132 Review Questions 134 Chapter 3 Audit Process 139
Understanding the Audit Program 140 Audit Program Objectives and Scope 141
Audit Program Extent 143 Audit Program Responsibilities 144 Audit Program
Resources 144 Audit Program Procedures 145 Audit Program Implementation 146
Audit Program Records 146 Audit Program Monitoring and Review 147 Planning
Individual Audits 148 Establishing and Approving an Audit Charter 151 Role
of the Audit Committee 151 Preplanning Specific Audits 153 Understanding
the Variety of Audits 154 Identifying Restrictions on Scope 156 Gathering
Detailed Audit Requirements 158 Using a Systematic Approach to Planning 159
Comparing Traditional Audits to Assessments and Self?]Assessments 161
Performing an Audit Risk Assessment 162 Determining Whether an Audit Is
Possible 163 Identifying the Risk Management Strategy 165 Determining
Feasibility of Audit 167 Performing the Audit 167 Selecting the Audit Team
167 Determining Competence and Evaluating Auditors 168 Ensuring Audit
Quality Control 170 Establishing Contact with the Auditee 171 Making
Initial Contact with the Auditee 172 Using Data Collection Techniques 174
Conducting Document Review 176 Understanding the Hierarchy of Internal
Controls 177 Reviewing Existing Controls 179 Preparing the Audit Plan 182
Assigning Work to the Audit Team 183 Preparing Working Documents 184
Conducting Onsite Audit Activities 185 Gathering Audit Evidence 186 Using
Evidence to Prove a Point 186 Understanding Types of Evidence 187 Selecting
Audit Samples 187 Recognizing Typical Evidence for IS Audits 188 Using
Computer?]Assisted Audit Tools 189 Understanding Electronic Discovery 191
Grading of Evidence 193 Timing of Evidence 195 Following the Evidence Life
Cycle 195 Conducting Audit Evidence Testing 198 Compliance Testing 198
Substantive Testing 199 Tolerable Error Rate 200 Recording Test Results 200
Generating Audit Findings 201 Detecting Irregularities and Illegal Acts 201
Indicators of Illegal or Irregular Activity 202 Responding to Irregular or
Illegal Activity 202 Findings Outside of Audit Scope 203 Report Findings
203 Approving and Distributing the Audit Report 205 Identifying Omitted
Procedures 205 Conducting Follow?]up (Closing Meeting) 205 Summary 206 Exam
Essentials 207 Review Questions 210 Chapter 4 Networking Technology Basics
215 Understanding the Differences in Computer Architecture 217 Selecting
the Best System 221 Identifying Various Operating Systems 221 Determining
the Best Computer Class 224 Comparing Computer Capabilities 227 Ensuring
System Control 228 Dealing with Data Storage 230 Using Interfaces and Ports
235 Introducing the Open Systems Interconnection Model 237 Layer 1:
Physical Layer 240 Layer 2: Data?]Link Layer 240 Layer 3: Network Layer 242
Layer 4: Transport Layer 248 Layer 5: Session Layer 249 Layer 6:
Presentation Layer 250 Layer 7: Application Layer 250 Understanding How
Computers Communicate 251 Understanding Physical Network Design 252
Understanding Network Cable Topologies 253 Bus Topologies 254 Star
Topologies 254 Ring Topologies 255 Meshed Networks 256 Differentiating
Network Cable Types 258 Coaxial Cable 258 Unshielded Twisted?]Pair (UTP)
Cable 259 Fiber?]Optic Cable 260 Connecting Network Devices 260 Using
Network Services 263 Domain Name System 263 Dynamic Host Configuration
Protocol 265 Expanding the Network 266 Using Telephone Circuits 268 Network
Firewalls 271 Remote VPN Access 276 Using Wireless Access Solutions 280
Firewall Protection for Wireless Networks 284 Remote Dial?]Up Access 284
WLAN Transmission Security 284 Achieving 802.11i RSN Wireless Security 287
Intrusion Detection Systems 288 Summarizing the Various Area Networks 291
Using Software as a Service (SaaS) 292 Advantages 292 Disadvantages 293
Cloud Computing 294 The Basics of Managing the Network 295 Automated LAN
Cable Tester 295 Protocol Analyzers 295 Remote Monitoring Protocol Version
2 297 Summary 298 Exam Essentials 298 Review Questions 301 Chapter 5
Information Systems Life Cycle 307 Governance in Software Development 308
Management of Software Quality 310 Capability Maturity Model 310
International Organization for Standardization 312 Typical Commercial
Records Classification Method 316 Overview of the Executive Steering
Committee 317 Identifying Critical Success Factors 318 Using the Scenario
Approach 318 Aligning Software to Business Needs 319 Change Management 323
Management of the Software Project 323 Choosing an Approach 323 Using
Traditional Project Management 324 Overview of the System Development Life
Cycle 327 Phase 1: Feasibility Study 331 Phase 2: Requirements Definition
334 Phase 3: System Design 339 Phase 4: Development 343 Phase 5:
Implementation 354 Phase 6: Postimplementation 361 Phase 7: Disposal 363
Overview of Data Architecture 364 Databases 364 Database Transaction
Integrity 368 Decision Support Systems 369 Presenting Decision Support Data
370 Using Artificial Intelligence 370 Program Architecture 371
Centralization vs. Decentralization 372 Electronic Commerce 372 Summary 374
Exam Essentials 374 Review Questions 376 Chapter 6 System Implementation
and Operations 381 Understanding the Nature of IT Services 383 Performing
IT Operations Management 385 Meeting IT Functional Objectives 385 Using the
IT Infrastructure Library 387 Supporting IT Goals 389 Understanding
Personnel Roles and Responsibilities 389 Using Metrics 394 Evaluating the
Help Desk 396 Performing Service?]Level Management 397 Outsourcing IT
Functions 398 Performing Capacity Management 399 Using Administrative
Protection 400 Information Security Management 401 IT Security Governance
401 Authority Roles over Data 402 Data Retention Requirements 403 Document
Physical Access Paths 404 Personnel Management 405 Physical Asset
Management 406 Compensating Controls 408 Performing Problem Management 409
Incident Handling 410 Digital Forensics 412 Monitoring the Status of
Controls 414 System Monitoring 415 Document Logical Access Paths 416 System
Access Controls 417 Data File Controls 420 Application Processing Controls
421 Log Management 423 Antivirus Software 424 Active Content and Mobile
Software Code 424 Maintenance Controls 427 Implementing Physical Protection
430 Data Processing Locations 432 Environmental Controls 432 Safe Media
Storage 440 Summary 442 Exam Essentials 442 Review Questions 444 Chapter 7
Protecting Information Assets 449 Understanding the Threat 450 Recognizing
Types of Threats and Computer Crimes 452 Identifying the Perpetrators 454
Understanding Attack Methods 458 Implementing Administrative Protection 469
Using Technical Protection 472 Technical Control Classification 472
Application Software Controls 474 Authentication Methods 475 Network Access
Protection 488 Encryption Methods 489 Public?]Key Infrastructure 496
Network Security Protocols 502 Telephone Security 507 Technical Security
Testing 507 Summary 509 Exam Essentials 509 Review Questions 511 Chapter 8
Business Continuity and Disaster Recovery 517 Debunking the Myths 518 Myth
1: Facility Matters 519 Myth 2: IT Systems Matter 519 From Myth to Reality
519 Understanding the Five Conflicting Disciplines Called Business
Continuity 520 Defining Disaster Recovery 521 Surviving Financial
Challenges 522 Valuing Brand Names 522 Rebuilding after a Disaster 523
Defining the Purpose of Business Continuity 524 Uniting Other Plans with
Business Continuity 527 Identifying Business Continuity Practices 527
Identifying the Management Approach 529 Following a Program Management
Approach 531 Understanding the Five Phases of a Business Continuity Program
532 Phase 1: Setting Up the BC Program 532 Phase 2: The Discovery Process
535 Phase 4: Plan Implementation 560 Phase 5: Maintenance and Integration
562 Understanding the Auditor Interests in BC/DR Plans 563 Summary 564 Exam
Essentials 564 Review Questions 566 Appendix Answers to Review Questions
571 Index 591
Auditor 1 Understanding the Demand for IS Audits 2 Executive Misconduct 3
More Regulation Ahead 5 Basic Regulatory Objective 7 Governance Is
Leadership 8 Three Types of Data Target Different Uses 9 Audit Results
Indicate the Truth 10 Understanding Policies, Standards, Guidelines, and
Procedures 11 Understanding Professional Ethics 14 Following the ISACA
Professional Code 14 Preventing Ethical Conflicts 16 Understanding the
Purpose of an Audit 17 Classifying General Types of Audits 18 Determining
Differences in Audit Approach 20 Understanding the Auditor's Responsibility
21 Comparing Audits to Assessments 21 Differentiating between Auditor and
Auditee Roles 22 Applying an Independence Test 23 Implementing Audit
Standards 24 Where Do Audit Standards Come From? 25 Understanding the
Various Auditing Standards 27 Specific Regulations Defining Best Practices
31 Audits to Prove Financial Integrity 34 Auditor Is an Executive Position
35 Understanding the Importance of Auditor Confidentiality 35 Working with
Lawyers 36 Working with Executives 37 Working with IT Professionals 37
Retaining Audit Documentation 38 Providing Good Communication and
Integration 39 Understanding Leadership Duties 39 Planning and Setting
Priorities 40 Providing Standard Terms of Reference 41 Dealing with
Conflicts and Failures 42 Identifying the Value of Internal and External
Auditors 43 Understanding the Evidence Rule 43 Stakeholders: Identifying
Whom You Need to Interview 44 Understanding the Corporate Organizational
Structure 45 Identifying Roles in a Corporate Organizational Structure 45
Identifying Roles in a Consulting Firm Organizational Structure 47 Summary
49 Exam Essentials 49 Review Questions 52 Chapter 2 Governance 57 Strategy
Planning for Organizational Control 61 Overview of the IT Steering
Committee 64 Using the Balanced Scorecard 69 IT Subset of the BSC 74
Decoding the IT Strategy 74 Specifying a Policy 77 Project Management 79
Implementation Planning of the IT Strategy 90 Using COBIT 94 Identifying
Sourcing Locations 94 Conducting an Executive Performance Review 99
Understanding the Auditor's Interest in the Strategy 100 Overview of
Tactical Management 100 Planning and Performance 100 Management Control
Methods 101 Risk Management 105 Implementing Standards 108 Human Resources
109 System Life?]Cycle Management 111 Continuity Planning 111 Insurance 112
Overview of Business Process Reengineering 112 Why Use Business Process
Reengineering 113 BPR Methodology 114 Genius or Insanity? 114 Goal of BPR
114 Guiding Principles for BPR 115 Knowledge Requirements for BPR 116 BPR
Techniques 116 BPR Application Steps 117 Role of IS in BPR 119 Business
Process Documentation 119 BPR Data Management Techniques 120 Benchmarking
as a BPR Tool 120 Using a Business Impact Analysis 121 BPR Project Risk
Assessment 123 Practical Application of BPR 125 Practical Selection Methods
for BPR 127 Troubleshooting BPR Problems 128 Understanding the Auditor's
Interest in Tactical Management 129 Operations Management 129 Sustaining
Operations 130 Tracking Actual Performance 130 Controlling Change 131
Understanding the Auditor's Interest in Operational Delivery 131 Summary
132 Exam Essentials 132 Review Questions 134 Chapter 3 Audit Process 139
Understanding the Audit Program 140 Audit Program Objectives and Scope 141
Audit Program Extent 143 Audit Program Responsibilities 144 Audit Program
Resources 144 Audit Program Procedures 145 Audit Program Implementation 146
Audit Program Records 146 Audit Program Monitoring and Review 147 Planning
Individual Audits 148 Establishing and Approving an Audit Charter 151 Role
of the Audit Committee 151 Preplanning Specific Audits 153 Understanding
the Variety of Audits 154 Identifying Restrictions on Scope 156 Gathering
Detailed Audit Requirements 158 Using a Systematic Approach to Planning 159
Comparing Traditional Audits to Assessments and Self?]Assessments 161
Performing an Audit Risk Assessment 162 Determining Whether an Audit Is
Possible 163 Identifying the Risk Management Strategy 165 Determining
Feasibility of Audit 167 Performing the Audit 167 Selecting the Audit Team
167 Determining Competence and Evaluating Auditors 168 Ensuring Audit
Quality Control 170 Establishing Contact with the Auditee 171 Making
Initial Contact with the Auditee 172 Using Data Collection Techniques 174
Conducting Document Review 176 Understanding the Hierarchy of Internal
Controls 177 Reviewing Existing Controls 179 Preparing the Audit Plan 182
Assigning Work to the Audit Team 183 Preparing Working Documents 184
Conducting Onsite Audit Activities 185 Gathering Audit Evidence 186 Using
Evidence to Prove a Point 186 Understanding Types of Evidence 187 Selecting
Audit Samples 187 Recognizing Typical Evidence for IS Audits 188 Using
Computer?]Assisted Audit Tools 189 Understanding Electronic Discovery 191
Grading of Evidence 193 Timing of Evidence 195 Following the Evidence Life
Cycle 195 Conducting Audit Evidence Testing 198 Compliance Testing 198
Substantive Testing 199 Tolerable Error Rate 200 Recording Test Results 200
Generating Audit Findings 201 Detecting Irregularities and Illegal Acts 201
Indicators of Illegal or Irregular Activity 202 Responding to Irregular or
Illegal Activity 202 Findings Outside of Audit Scope 203 Report Findings
203 Approving and Distributing the Audit Report 205 Identifying Omitted
Procedures 205 Conducting Follow?]up (Closing Meeting) 205 Summary 206 Exam
Essentials 207 Review Questions 210 Chapter 4 Networking Technology Basics
215 Understanding the Differences in Computer Architecture 217 Selecting
the Best System 221 Identifying Various Operating Systems 221 Determining
the Best Computer Class 224 Comparing Computer Capabilities 227 Ensuring
System Control 228 Dealing with Data Storage 230 Using Interfaces and Ports
235 Introducing the Open Systems Interconnection Model 237 Layer 1:
Physical Layer 240 Layer 2: Data?]Link Layer 240 Layer 3: Network Layer 242
Layer 4: Transport Layer 248 Layer 5: Session Layer 249 Layer 6:
Presentation Layer 250 Layer 7: Application Layer 250 Understanding How
Computers Communicate 251 Understanding Physical Network Design 252
Understanding Network Cable Topologies 253 Bus Topologies 254 Star
Topologies 254 Ring Topologies 255 Meshed Networks 256 Differentiating
Network Cable Types 258 Coaxial Cable 258 Unshielded Twisted?]Pair (UTP)
Cable 259 Fiber?]Optic Cable 260 Connecting Network Devices 260 Using
Network Services 263 Domain Name System 263 Dynamic Host Configuration
Protocol 265 Expanding the Network 266 Using Telephone Circuits 268 Network
Firewalls 271 Remote VPN Access 276 Using Wireless Access Solutions 280
Firewall Protection for Wireless Networks 284 Remote Dial?]Up Access 284
WLAN Transmission Security 284 Achieving 802.11i RSN Wireless Security 287
Intrusion Detection Systems 288 Summarizing the Various Area Networks 291
Using Software as a Service (SaaS) 292 Advantages 292 Disadvantages 293
Cloud Computing 294 The Basics of Managing the Network 295 Automated LAN
Cable Tester 295 Protocol Analyzers 295 Remote Monitoring Protocol Version
2 297 Summary 298 Exam Essentials 298 Review Questions 301 Chapter 5
Information Systems Life Cycle 307 Governance in Software Development 308
Management of Software Quality 310 Capability Maturity Model 310
International Organization for Standardization 312 Typical Commercial
Records Classification Method 316 Overview of the Executive Steering
Committee 317 Identifying Critical Success Factors 318 Using the Scenario
Approach 318 Aligning Software to Business Needs 319 Change Management 323
Management of the Software Project 323 Choosing an Approach 323 Using
Traditional Project Management 324 Overview of the System Development Life
Cycle 327 Phase 1: Feasibility Study 331 Phase 2: Requirements Definition
334 Phase 3: System Design 339 Phase 4: Development 343 Phase 5:
Implementation 354 Phase 6: Postimplementation 361 Phase 7: Disposal 363
Overview of Data Architecture 364 Databases 364 Database Transaction
Integrity 368 Decision Support Systems 369 Presenting Decision Support Data
370 Using Artificial Intelligence 370 Program Architecture 371
Centralization vs. Decentralization 372 Electronic Commerce 372 Summary 374
Exam Essentials 374 Review Questions 376 Chapter 6 System Implementation
and Operations 381 Understanding the Nature of IT Services 383 Performing
IT Operations Management 385 Meeting IT Functional Objectives 385 Using the
IT Infrastructure Library 387 Supporting IT Goals 389 Understanding
Personnel Roles and Responsibilities 389 Using Metrics 394 Evaluating the
Help Desk 396 Performing Service?]Level Management 397 Outsourcing IT
Functions 398 Performing Capacity Management 399 Using Administrative
Protection 400 Information Security Management 401 IT Security Governance
401 Authority Roles over Data 402 Data Retention Requirements 403 Document
Physical Access Paths 404 Personnel Management 405 Physical Asset
Management 406 Compensating Controls 408 Performing Problem Management 409
Incident Handling 410 Digital Forensics 412 Monitoring the Status of
Controls 414 System Monitoring 415 Document Logical Access Paths 416 System
Access Controls 417 Data File Controls 420 Application Processing Controls
421 Log Management 423 Antivirus Software 424 Active Content and Mobile
Software Code 424 Maintenance Controls 427 Implementing Physical Protection
430 Data Processing Locations 432 Environmental Controls 432 Safe Media
Storage 440 Summary 442 Exam Essentials 442 Review Questions 444 Chapter 7
Protecting Information Assets 449 Understanding the Threat 450 Recognizing
Types of Threats and Computer Crimes 452 Identifying the Perpetrators 454
Understanding Attack Methods 458 Implementing Administrative Protection 469
Using Technical Protection 472 Technical Control Classification 472
Application Software Controls 474 Authentication Methods 475 Network Access
Protection 488 Encryption Methods 489 Public?]Key Infrastructure 496
Network Security Protocols 502 Telephone Security 507 Technical Security
Testing 507 Summary 509 Exam Essentials 509 Review Questions 511 Chapter 8
Business Continuity and Disaster Recovery 517 Debunking the Myths 518 Myth
1: Facility Matters 519 Myth 2: IT Systems Matter 519 From Myth to Reality
519 Understanding the Five Conflicting Disciplines Called Business
Continuity 520 Defining Disaster Recovery 521 Surviving Financial
Challenges 522 Valuing Brand Names 522 Rebuilding after a Disaster 523
Defining the Purpose of Business Continuity 524 Uniting Other Plans with
Business Continuity 527 Identifying Business Continuity Practices 527
Identifying the Management Approach 529 Following a Program Management
Approach 531 Understanding the Five Phases of a Business Continuity Program
532 Phase 1: Setting Up the BC Program 532 Phase 2: The Discovery Process
535 Phase 4: Plan Implementation 560 Phase 5: Maintenance and Integration
562 Understanding the Auditor Interests in BC/DR Plans 563 Summary 564 Exam
Essentials 564 Review Questions 566 Appendix Answers to Review Questions
571 Index 591
Introduction xix Assessment Test xlii Chapter 1 Secrets of a Successful
Auditor 1 Understanding the Demand for IS Audits 2 Executive Misconduct 3
More Regulation Ahead 5 Basic Regulatory Objective 7 Governance Is
Leadership 8 Three Types of Data Target Different Uses 9 Audit Results
Indicate the Truth 10 Understanding Policies, Standards, Guidelines, and
Procedures 11 Understanding Professional Ethics 14 Following the ISACA
Professional Code 14 Preventing Ethical Conflicts 16 Understanding the
Purpose of an Audit 17 Classifying General Types of Audits 18 Determining
Differences in Audit Approach 20 Understanding the Auditor's Responsibility
21 Comparing Audits to Assessments 21 Differentiating between Auditor and
Auditee Roles 22 Applying an Independence Test 23 Implementing Audit
Standards 24 Where Do Audit Standards Come From? 25 Understanding the
Various Auditing Standards 27 Specific Regulations Defining Best Practices
31 Audits to Prove Financial Integrity 34 Auditor Is an Executive Position
35 Understanding the Importance of Auditor Confidentiality 35 Working with
Lawyers 36 Working with Executives 37 Working with IT Professionals 37
Retaining Audit Documentation 38 Providing Good Communication and
Integration 39 Understanding Leadership Duties 39 Planning and Setting
Priorities 40 Providing Standard Terms of Reference 41 Dealing with
Conflicts and Failures 42 Identifying the Value of Internal and External
Auditors 43 Understanding the Evidence Rule 43 Stakeholders: Identifying
Whom You Need to Interview 44 Understanding the Corporate Organizational
Structure 45 Identifying Roles in a Corporate Organizational Structure 45
Identifying Roles in a Consulting Firm Organizational Structure 47 Summary
49 Exam Essentials 49 Review Questions 52 Chapter 2 Governance 57 Strategy
Planning for Organizational Control 61 Overview of the IT Steering
Committee 64 Using the Balanced Scorecard 69 IT Subset of the BSC 74
Decoding the IT Strategy 74 Specifying a Policy 77 Project Management 79
Implementation Planning of the IT Strategy 90 Using COBIT 94 Identifying
Sourcing Locations 94 Conducting an Executive Performance Review 99
Understanding the Auditor's Interest in the Strategy 100 Overview of
Tactical Management 100 Planning and Performance 100 Management Control
Methods 101 Risk Management 105 Implementing Standards 108 Human Resources
109 System Life?]Cycle Management 111 Continuity Planning 111 Insurance 112
Overview of Business Process Reengineering 112 Why Use Business Process
Reengineering 113 BPR Methodology 114 Genius or Insanity? 114 Goal of BPR
114 Guiding Principles for BPR 115 Knowledge Requirements for BPR 116 BPR
Techniques 116 BPR Application Steps 117 Role of IS in BPR 119 Business
Process Documentation 119 BPR Data Management Techniques 120 Benchmarking
as a BPR Tool 120 Using a Business Impact Analysis 121 BPR Project Risk
Assessment 123 Practical Application of BPR 125 Practical Selection Methods
for BPR 127 Troubleshooting BPR Problems 128 Understanding the Auditor's
Interest in Tactical Management 129 Operations Management 129 Sustaining
Operations 130 Tracking Actual Performance 130 Controlling Change 131
Understanding the Auditor's Interest in Operational Delivery 131 Summary
132 Exam Essentials 132 Review Questions 134 Chapter 3 Audit Process 139
Understanding the Audit Program 140 Audit Program Objectives and Scope 141
Audit Program Extent 143 Audit Program Responsibilities 144 Audit Program
Resources 144 Audit Program Procedures 145 Audit Program Implementation 146
Audit Program Records 146 Audit Program Monitoring and Review 147 Planning
Individual Audits 148 Establishing and Approving an Audit Charter 151 Role
of the Audit Committee 151 Preplanning Specific Audits 153 Understanding
the Variety of Audits 154 Identifying Restrictions on Scope 156 Gathering
Detailed Audit Requirements 158 Using a Systematic Approach to Planning 159
Comparing Traditional Audits to Assessments and Self?]Assessments 161
Performing an Audit Risk Assessment 162 Determining Whether an Audit Is
Possible 163 Identifying the Risk Management Strategy 165 Determining
Feasibility of Audit 167 Performing the Audit 167 Selecting the Audit Team
167 Determining Competence and Evaluating Auditors 168 Ensuring Audit
Quality Control 170 Establishing Contact with the Auditee 171 Making
Initial Contact with the Auditee 172 Using Data Collection Techniques 174
Conducting Document Review 176 Understanding the Hierarchy of Internal
Controls 177 Reviewing Existing Controls 179 Preparing the Audit Plan 182
Assigning Work to the Audit Team 183 Preparing Working Documents 184
Conducting Onsite Audit Activities 185 Gathering Audit Evidence 186 Using
Evidence to Prove a Point 186 Understanding Types of Evidence 187 Selecting
Audit Samples 187 Recognizing Typical Evidence for IS Audits 188 Using
Computer?]Assisted Audit Tools 189 Understanding Electronic Discovery 191
Grading of Evidence 193 Timing of Evidence 195 Following the Evidence Life
Cycle 195 Conducting Audit Evidence Testing 198 Compliance Testing 198
Substantive Testing 199 Tolerable Error Rate 200 Recording Test Results 200
Generating Audit Findings 201 Detecting Irregularities and Illegal Acts 201
Indicators of Illegal or Irregular Activity 202 Responding to Irregular or
Illegal Activity 202 Findings Outside of Audit Scope 203 Report Findings
203 Approving and Distributing the Audit Report 205 Identifying Omitted
Procedures 205 Conducting Follow?]up (Closing Meeting) 205 Summary 206 Exam
Essentials 207 Review Questions 210 Chapter 4 Networking Technology Basics
215 Understanding the Differences in Computer Architecture 217 Selecting
the Best System 221 Identifying Various Operating Systems 221 Determining
the Best Computer Class 224 Comparing Computer Capabilities 227 Ensuring
System Control 228 Dealing with Data Storage 230 Using Interfaces and Ports
235 Introducing the Open Systems Interconnection Model 237 Layer 1:
Physical Layer 240 Layer 2: Data?]Link Layer 240 Layer 3: Network Layer 242
Layer 4: Transport Layer 248 Layer 5: Session Layer 249 Layer 6:
Presentation Layer 250 Layer 7: Application Layer 250 Understanding How
Computers Communicate 251 Understanding Physical Network Design 252
Understanding Network Cable Topologies 253 Bus Topologies 254 Star
Topologies 254 Ring Topologies 255 Meshed Networks 256 Differentiating
Network Cable Types 258 Coaxial Cable 258 Unshielded Twisted?]Pair (UTP)
Cable 259 Fiber?]Optic Cable 260 Connecting Network Devices 260 Using
Network Services 263 Domain Name System 263 Dynamic Host Configuration
Protocol 265 Expanding the Network 266 Using Telephone Circuits 268 Network
Firewalls 271 Remote VPN Access 276 Using Wireless Access Solutions 280
Firewall Protection for Wireless Networks 284 Remote Dial?]Up Access 284
WLAN Transmission Security 284 Achieving 802.11i RSN Wireless Security 287
Intrusion Detection Systems 288 Summarizing the Various Area Networks 291
Using Software as a Service (SaaS) 292 Advantages 292 Disadvantages 293
Cloud Computing 294 The Basics of Managing the Network 295 Automated LAN
Cable Tester 295 Protocol Analyzers 295 Remote Monitoring Protocol Version
2 297 Summary 298 Exam Essentials 298 Review Questions 301 Chapter 5
Information Systems Life Cycle 307 Governance in Software Development 308
Management of Software Quality 310 Capability Maturity Model 310
International Organization for Standardization 312 Typical Commercial
Records Classification Method 316 Overview of the Executive Steering
Committee 317 Identifying Critical Success Factors 318 Using the Scenario
Approach 318 Aligning Software to Business Needs 319 Change Management 323
Management of the Software Project 323 Choosing an Approach 323 Using
Traditional Project Management 324 Overview of the System Development Life
Cycle 327 Phase 1: Feasibility Study 331 Phase 2: Requirements Definition
334 Phase 3: System Design 339 Phase 4: Development 343 Phase 5:
Implementation 354 Phase 6: Postimplementation 361 Phase 7: Disposal 363
Overview of Data Architecture 364 Databases 364 Database Transaction
Integrity 368 Decision Support Systems 369 Presenting Decision Support Data
370 Using Artificial Intelligence 370 Program Architecture 371
Centralization vs. Decentralization 372 Electronic Commerce 372 Summary 374
Exam Essentials 374 Review Questions 376 Chapter 6 System Implementation
and Operations 381 Understanding the Nature of IT Services 383 Performing
IT Operations Management 385 Meeting IT Functional Objectives 385 Using the
IT Infrastructure Library 387 Supporting IT Goals 389 Understanding
Personnel Roles and Responsibilities 389 Using Metrics 394 Evaluating the
Help Desk 396 Performing Service?]Level Management 397 Outsourcing IT
Functions 398 Performing Capacity Management 399 Using Administrative
Protection 400 Information Security Management 401 IT Security Governance
401 Authority Roles over Data 402 Data Retention Requirements 403 Document
Physical Access Paths 404 Personnel Management 405 Physical Asset
Management 406 Compensating Controls 408 Performing Problem Management 409
Incident Handling 410 Digital Forensics 412 Monitoring the Status of
Controls 414 System Monitoring 415 Document Logical Access Paths 416 System
Access Controls 417 Data File Controls 420 Application Processing Controls
421 Log Management 423 Antivirus Software 424 Active Content and Mobile
Software Code 424 Maintenance Controls 427 Implementing Physical Protection
430 Data Processing Locations 432 Environmental Controls 432 Safe Media
Storage 440 Summary 442 Exam Essentials 442 Review Questions 444 Chapter 7
Protecting Information Assets 449 Understanding the Threat 450 Recognizing
Types of Threats and Computer Crimes 452 Identifying the Perpetrators 454
Understanding Attack Methods 458 Implementing Administrative Protection 469
Using Technical Protection 472 Technical Control Classification 472
Application Software Controls 474 Authentication Methods 475 Network Access
Protection 488 Encryption Methods 489 Public?]Key Infrastructure 496
Network Security Protocols 502 Telephone Security 507 Technical Security
Testing 507 Summary 509 Exam Essentials 509 Review Questions 511 Chapter 8
Business Continuity and Disaster Recovery 517 Debunking the Myths 518 Myth
1: Facility Matters 519 Myth 2: IT Systems Matter 519 From Myth to Reality
519 Understanding the Five Conflicting Disciplines Called Business
Continuity 520 Defining Disaster Recovery 521 Surviving Financial
Challenges 522 Valuing Brand Names 522 Rebuilding after a Disaster 523
Defining the Purpose of Business Continuity 524 Uniting Other Plans with
Business Continuity 527 Identifying Business Continuity Practices 527
Identifying the Management Approach 529 Following a Program Management
Approach 531 Understanding the Five Phases of a Business Continuity Program
532 Phase 1: Setting Up the BC Program 532 Phase 2: The Discovery Process
535 Phase 4: Plan Implementation 560 Phase 5: Maintenance and Integration
562 Understanding the Auditor Interests in BC/DR Plans 563 Summary 564 Exam
Essentials 564 Review Questions 566 Appendix Answers to Review Questions
571 Index 591
Auditor 1 Understanding the Demand for IS Audits 2 Executive Misconduct 3
More Regulation Ahead 5 Basic Regulatory Objective 7 Governance Is
Leadership 8 Three Types of Data Target Different Uses 9 Audit Results
Indicate the Truth 10 Understanding Policies, Standards, Guidelines, and
Procedures 11 Understanding Professional Ethics 14 Following the ISACA
Professional Code 14 Preventing Ethical Conflicts 16 Understanding the
Purpose of an Audit 17 Classifying General Types of Audits 18 Determining
Differences in Audit Approach 20 Understanding the Auditor's Responsibility
21 Comparing Audits to Assessments 21 Differentiating between Auditor and
Auditee Roles 22 Applying an Independence Test 23 Implementing Audit
Standards 24 Where Do Audit Standards Come From? 25 Understanding the
Various Auditing Standards 27 Specific Regulations Defining Best Practices
31 Audits to Prove Financial Integrity 34 Auditor Is an Executive Position
35 Understanding the Importance of Auditor Confidentiality 35 Working with
Lawyers 36 Working with Executives 37 Working with IT Professionals 37
Retaining Audit Documentation 38 Providing Good Communication and
Integration 39 Understanding Leadership Duties 39 Planning and Setting
Priorities 40 Providing Standard Terms of Reference 41 Dealing with
Conflicts and Failures 42 Identifying the Value of Internal and External
Auditors 43 Understanding the Evidence Rule 43 Stakeholders: Identifying
Whom You Need to Interview 44 Understanding the Corporate Organizational
Structure 45 Identifying Roles in a Corporate Organizational Structure 45
Identifying Roles in a Consulting Firm Organizational Structure 47 Summary
49 Exam Essentials 49 Review Questions 52 Chapter 2 Governance 57 Strategy
Planning for Organizational Control 61 Overview of the IT Steering
Committee 64 Using the Balanced Scorecard 69 IT Subset of the BSC 74
Decoding the IT Strategy 74 Specifying a Policy 77 Project Management 79
Implementation Planning of the IT Strategy 90 Using COBIT 94 Identifying
Sourcing Locations 94 Conducting an Executive Performance Review 99
Understanding the Auditor's Interest in the Strategy 100 Overview of
Tactical Management 100 Planning and Performance 100 Management Control
Methods 101 Risk Management 105 Implementing Standards 108 Human Resources
109 System Life?]Cycle Management 111 Continuity Planning 111 Insurance 112
Overview of Business Process Reengineering 112 Why Use Business Process
Reengineering 113 BPR Methodology 114 Genius or Insanity? 114 Goal of BPR
114 Guiding Principles for BPR 115 Knowledge Requirements for BPR 116 BPR
Techniques 116 BPR Application Steps 117 Role of IS in BPR 119 Business
Process Documentation 119 BPR Data Management Techniques 120 Benchmarking
as a BPR Tool 120 Using a Business Impact Analysis 121 BPR Project Risk
Assessment 123 Practical Application of BPR 125 Practical Selection Methods
for BPR 127 Troubleshooting BPR Problems 128 Understanding the Auditor's
Interest in Tactical Management 129 Operations Management 129 Sustaining
Operations 130 Tracking Actual Performance 130 Controlling Change 131
Understanding the Auditor's Interest in Operational Delivery 131 Summary
132 Exam Essentials 132 Review Questions 134 Chapter 3 Audit Process 139
Understanding the Audit Program 140 Audit Program Objectives and Scope 141
Audit Program Extent 143 Audit Program Responsibilities 144 Audit Program
Resources 144 Audit Program Procedures 145 Audit Program Implementation 146
Audit Program Records 146 Audit Program Monitoring and Review 147 Planning
Individual Audits 148 Establishing and Approving an Audit Charter 151 Role
of the Audit Committee 151 Preplanning Specific Audits 153 Understanding
the Variety of Audits 154 Identifying Restrictions on Scope 156 Gathering
Detailed Audit Requirements 158 Using a Systematic Approach to Planning 159
Comparing Traditional Audits to Assessments and Self?]Assessments 161
Performing an Audit Risk Assessment 162 Determining Whether an Audit Is
Possible 163 Identifying the Risk Management Strategy 165 Determining
Feasibility of Audit 167 Performing the Audit 167 Selecting the Audit Team
167 Determining Competence and Evaluating Auditors 168 Ensuring Audit
Quality Control 170 Establishing Contact with the Auditee 171 Making
Initial Contact with the Auditee 172 Using Data Collection Techniques 174
Conducting Document Review 176 Understanding the Hierarchy of Internal
Controls 177 Reviewing Existing Controls 179 Preparing the Audit Plan 182
Assigning Work to the Audit Team 183 Preparing Working Documents 184
Conducting Onsite Audit Activities 185 Gathering Audit Evidence 186 Using
Evidence to Prove a Point 186 Understanding Types of Evidence 187 Selecting
Audit Samples 187 Recognizing Typical Evidence for IS Audits 188 Using
Computer?]Assisted Audit Tools 189 Understanding Electronic Discovery 191
Grading of Evidence 193 Timing of Evidence 195 Following the Evidence Life
Cycle 195 Conducting Audit Evidence Testing 198 Compliance Testing 198
Substantive Testing 199 Tolerable Error Rate 200 Recording Test Results 200
Generating Audit Findings 201 Detecting Irregularities and Illegal Acts 201
Indicators of Illegal or Irregular Activity 202 Responding to Irregular or
Illegal Activity 202 Findings Outside of Audit Scope 203 Report Findings
203 Approving and Distributing the Audit Report 205 Identifying Omitted
Procedures 205 Conducting Follow?]up (Closing Meeting) 205 Summary 206 Exam
Essentials 207 Review Questions 210 Chapter 4 Networking Technology Basics
215 Understanding the Differences in Computer Architecture 217 Selecting
the Best System 221 Identifying Various Operating Systems 221 Determining
the Best Computer Class 224 Comparing Computer Capabilities 227 Ensuring
System Control 228 Dealing with Data Storage 230 Using Interfaces and Ports
235 Introducing the Open Systems Interconnection Model 237 Layer 1:
Physical Layer 240 Layer 2: Data?]Link Layer 240 Layer 3: Network Layer 242
Layer 4: Transport Layer 248 Layer 5: Session Layer 249 Layer 6:
Presentation Layer 250 Layer 7: Application Layer 250 Understanding How
Computers Communicate 251 Understanding Physical Network Design 252
Understanding Network Cable Topologies 253 Bus Topologies 254 Star
Topologies 254 Ring Topologies 255 Meshed Networks 256 Differentiating
Network Cable Types 258 Coaxial Cable 258 Unshielded Twisted?]Pair (UTP)
Cable 259 Fiber?]Optic Cable 260 Connecting Network Devices 260 Using
Network Services 263 Domain Name System 263 Dynamic Host Configuration
Protocol 265 Expanding the Network 266 Using Telephone Circuits 268 Network
Firewalls 271 Remote VPN Access 276 Using Wireless Access Solutions 280
Firewall Protection for Wireless Networks 284 Remote Dial?]Up Access 284
WLAN Transmission Security 284 Achieving 802.11i RSN Wireless Security 287
Intrusion Detection Systems 288 Summarizing the Various Area Networks 291
Using Software as a Service (SaaS) 292 Advantages 292 Disadvantages 293
Cloud Computing 294 The Basics of Managing the Network 295 Automated LAN
Cable Tester 295 Protocol Analyzers 295 Remote Monitoring Protocol Version
2 297 Summary 298 Exam Essentials 298 Review Questions 301 Chapter 5
Information Systems Life Cycle 307 Governance in Software Development 308
Management of Software Quality 310 Capability Maturity Model 310
International Organization for Standardization 312 Typical Commercial
Records Classification Method 316 Overview of the Executive Steering
Committee 317 Identifying Critical Success Factors 318 Using the Scenario
Approach 318 Aligning Software to Business Needs 319 Change Management 323
Management of the Software Project 323 Choosing an Approach 323 Using
Traditional Project Management 324 Overview of the System Development Life
Cycle 327 Phase 1: Feasibility Study 331 Phase 2: Requirements Definition
334 Phase 3: System Design 339 Phase 4: Development 343 Phase 5:
Implementation 354 Phase 6: Postimplementation 361 Phase 7: Disposal 363
Overview of Data Architecture 364 Databases 364 Database Transaction
Integrity 368 Decision Support Systems 369 Presenting Decision Support Data
370 Using Artificial Intelligence 370 Program Architecture 371
Centralization vs. Decentralization 372 Electronic Commerce 372 Summary 374
Exam Essentials 374 Review Questions 376 Chapter 6 System Implementation
and Operations 381 Understanding the Nature of IT Services 383 Performing
IT Operations Management 385 Meeting IT Functional Objectives 385 Using the
IT Infrastructure Library 387 Supporting IT Goals 389 Understanding
Personnel Roles and Responsibilities 389 Using Metrics 394 Evaluating the
Help Desk 396 Performing Service?]Level Management 397 Outsourcing IT
Functions 398 Performing Capacity Management 399 Using Administrative
Protection 400 Information Security Management 401 IT Security Governance
401 Authority Roles over Data 402 Data Retention Requirements 403 Document
Physical Access Paths 404 Personnel Management 405 Physical Asset
Management 406 Compensating Controls 408 Performing Problem Management 409
Incident Handling 410 Digital Forensics 412 Monitoring the Status of
Controls 414 System Monitoring 415 Document Logical Access Paths 416 System
Access Controls 417 Data File Controls 420 Application Processing Controls
421 Log Management 423 Antivirus Software 424 Active Content and Mobile
Software Code 424 Maintenance Controls 427 Implementing Physical Protection
430 Data Processing Locations 432 Environmental Controls 432 Safe Media
Storage 440 Summary 442 Exam Essentials 442 Review Questions 444 Chapter 7
Protecting Information Assets 449 Understanding the Threat 450 Recognizing
Types of Threats and Computer Crimes 452 Identifying the Perpetrators 454
Understanding Attack Methods 458 Implementing Administrative Protection 469
Using Technical Protection 472 Technical Control Classification 472
Application Software Controls 474 Authentication Methods 475 Network Access
Protection 488 Encryption Methods 489 Public?]Key Infrastructure 496
Network Security Protocols 502 Telephone Security 507 Technical Security
Testing 507 Summary 509 Exam Essentials 509 Review Questions 511 Chapter 8
Business Continuity and Disaster Recovery 517 Debunking the Myths 518 Myth
1: Facility Matters 519 Myth 2: IT Systems Matter 519 From Myth to Reality
519 Understanding the Five Conflicting Disciplines Called Business
Continuity 520 Defining Disaster Recovery 521 Surviving Financial
Challenges 522 Valuing Brand Names 522 Rebuilding after a Disaster 523
Defining the Purpose of Business Continuity 524 Uniting Other Plans with
Business Continuity 527 Identifying Business Continuity Practices 527
Identifying the Management Approach 529 Following a Program Management
Approach 531 Understanding the Five Phases of a Business Continuity Program
532 Phase 1: Setting Up the BC Program 532 Phase 2: The Discovery Process
535 Phase 4: Plan Implementation 560 Phase 5: Maintenance and Integration
562 Understanding the Auditor Interests in BC/DR Plans 563 Summary 564 Exam
Essentials 564 Review Questions 566 Appendix Answers to Review Questions
571 Index 591