دانلود کتاب بسته حسابرس سیستم های اطلاعات گواهی شده CISA®

The dizzying pace of information systems innovation has made vast expanses of information available to organizations and the public. Often, design flaws and technical vulnerabilities bring unintended consequences, often in the form of information theft and disclosure. The result: a patchwork of laws, regulations, and standards such as Sarbanes-Oxley, GLBA, HIPAA, PCI-DSS, NYDFS, PIPEDA, GDPR, CCPA, and scores of U.S. state laws requiring public disclosure of security breaches involving private information. Through these, organizations are either required or incentivized to perform their own internal audits or undergo external audits that measure compliance in order to avoid penalties, sanctions, and embarrassing news headlines. These developments continue to drive demand for IT security professionals and IS auditors. These highly sought professionals play a crucial role in the development of better compliance programs and reduced risk. The Certified Information Systems Auditor (CISA) certification, established in 1978, is indisputably the leading certification for IS auditing. Demand for the CISA certification has grown so much that the once-peryear certification exam was changed to twice per year in 2005, then three times each year, and is now offered on a continuous basis. In 2005, the CISA certification was awarded accreditation by the American National Standards Institute (ANSI) under international standard ISO/IEC 17024. CISA is also one of the few certifications formally approved by the U.S. Department of Defense in its Information Assurance Technical category (DoD 8570.01-M). In 2009 and 2017, SC Magazine named CISA the best professional certification program. In 2016, there were more than 129,000 professionals holding the certification. IS auditing is not a “bubble” or a flash in the pan. Instead, IS auditing is a permanent fixture in organizations that have to contend with new technologies; new systems; new threats; and new data security and privacy laws, regulations, and standards. The CISA certification is the gold standard certification for professionals who work in this domain. Let’s get the obvious out of the way: This is a comprehensive study guide for the security or audit professional who needs a serious reference for individual or group-led study for the Certified Information Systems Auditor (CISA) certification. The majority of the content in this book contains the technical information that CISA candidates are required to know. This book is also a reference for aspiring and practicing IS auditors. The content that is required to pass the CISA exam is the same content that practicing auditors need to be familiar with in their day-to-day work. This book is an ideal CISA exam study guide as well as a desk reference for those who have already earned their CISA certification. This book is also invaluable for security and business professionals who are required to undergo external audits from audit firms and examinations from regulators. Readers will gain considerable insight into the practices and methods used by auditors; this helps not only in internal audit operations but also in understanding external auditors and how they work. This knowledge and insight will lead to better audit outcomes. This book is an excellent guide for someone exploring the IS audit profession. The study chapters explain all the relevant technologies and audit procedures, and the appendices explain process frameworks and the practical side of professional audits. The glossary contains a rich collection of terms used by IT security and IS auditors. These are useful for those readers who may wonder what the IS audit profession is all about.