Introduction xxiii
Assessment Test xxxv
Chapter 1 IT Governance and Management 1
IT Governance Practices for Executives and Boards of Directors 3
IT Strategic Planning 10
Policies, Processes, Procedures, and Standards 12
Risk Management 23
IT Management Practices 39
Organization Structure and Responsibilities 62
Maintaining an Existing Program 72
Auditing IT Governance 75
Summary 80
Exam Essentials 81
Review Questions 83
Chapter 2 The Audit Process 87
Audit Management 89
ISACA Auditing Standards 99
Risk Analysis 108
Controls 115
Performing an Audit 121
Control Self-Assessment 144
Implementation of Audit Recommendations 147
Audit Quality Assurance 148
Summary 148
Exam Essentials 150
Review Questions 152
Chapter 3 IT Life Cycle Management 157
Benefits Realization 159
Project Management 165
Systems Development Methodologies 191
Infrastructure Development and Deployment 230
Maintaining Information Systems 234
Business Processes 237
Managing Third Parties 244
Application Controls 247
Auditing the Systems Development Life Cycle 253
Auditing Business Controls 258
Auditing Application Controls 258
Auditing Third-Party Risk Management 261
Summary 262
Exam Essentials 264
Review Questions 266
Chapter 4 IT Service Management 271
Information Systems Operations 273
Systems Performance Management 274
Problem and Incident Management 277
Change, Configuration, Release, and Patch Management 279
Operational Log Management 286
IT Service Level Management 288
Database Management Systems 290
Data Management and Governance 294
Other IT Service Management Topics 295
Auditing IT Service Management and Operations 297
Summary 301
Exam Essentials 302
Review Questions 304
Chapter 5 IT Infrastructure 309
Information Systems Hardware 310
Information Systems Architecture and Software 324
Network Infrastructure 330
Asset Inventory and Classification 386
Job Scheduling and Production Process Automation 390
System Interfaces 391
End-User Computing 392
Auditing IT Infrastructure 393
Summary 398
Exam Essentials 399
Review Questions 401
Chapter 6 Business Continuity and Disaster Recovery 405
Business Resilience 406
Incident Response Communications 473
Auditing Business Continuity Planning 475
Auditing Disaster Recovery Planning 479
Summary 484
Exam Essentials 485
Review Questions 487
Chapter 7 Information Security Management 491
Information Security 493
Role of the Information Security Manager 494
Information Security Risks 497
Building an Information Security Strategy 501
Implementing Security Controls 505
Endpoint Security 507
Network Security Controls 511
Cloud Computing Security 519
Cryptography 528
Exploring Cybersecurity Threats 539
Privacy 545
Security Awareness and Training 548
Security Incident Response 550
Auditing Information Security Controls 554
Summary 559
Exam Essentials 560
Review Questions 563
Chapter 8 Identity and Access Management 567
Logical Access Controls 568
Third-party Access Management 587
Environmental Controls 592
Physical Security Controls 599
Human Resources Security 602
Auditing Access Controls 606
Summary 616
Exam Essentials 617
Review Questions 619
Chapter 9 Conducting a Professional Audit 623
Understanding the Audit Cycle 624
How the IS Audit Cycle Is Discussed 625
Overview of the IS Audit Cycle 627
Summary 699
Appendix A Popular Methodologies, Frameworks, and Guidance 701
Common Terms and Concepts 702
Frameworks, Methodologies, and Guidance 710
Notes 738
References 738
Appendix B Answers to Review Questions 741
Chapter 1: IT Governance and Management 742
Chapter 2: The Audit Process 744
Chapter 3: IT Life Cycle Management 746
Chapter 4: IT Service Management 748
Chapter 5: IT Infrastructure 749
Chapter 6: Business Continuity and Disaster Recovery 750
Chapter 7: Information Security Management 752
Chapter 8: Identity and Access Management 754
Index 759