Most Important Topics-CISA Review Manual(27th Edition)




(1)Below mentioned most important topics for CISA Exam have been derived on the basis of our interaction with thousands of students who have appeared in last few CISA Exams.




(2)Invariably, in every CISA Exam, many questions were designed from below mentioned topics.




(3)We strongly recommend to study below mentioned topics directly from CRM, even though you feel that CRM is not meant for you (:-







Chapter 1

1.2.2 Management of the IS Audit Function

1.2.3 Audit Planning

1.2.4 Effect of Laws and Regulations on IS Audit Planning

1.2.5 Image Processing

1.2.5 Artificial Intelligence and Expert Systems

1.3.3 General Controls

1.3.4 IS-specific Controls

1.4.3 IS Audit Risk Assessment Techniques

1.4.4 Risk Analysis

1.7.1 Compliance Versus Substantive Testing

1.7.2 Sampling/Sampling Risk

1.8.1 Interviewing and Observing Personnel in Performance of Their Duties

1.9.1 Computer-assisted Audit Techniques-CAATs as a Continuous Online Audit Approach

1.9.2 Continuous Auditing and Monitoring

1.9.3 Continuous Auditing Techniques

1.10.1 Communicating Audit Results

1.10.5 Follow-up Activities

1.11.1 Control Self-assessment




Chapter 2

2.1.3 Audit’s Role in EGIT

2.1.7 Business Intelligence

2.3.3 Procedures

2.3.4 Guidelines

2.4.1 IT Governing Committees

2.4.2 Roles and Responsibilities of Senior Management and Boards of Directors

2.4.3 IT Organizational Structure and Responsibilities

2.4.4 Segregation of Duties Within IT

2.4.5 Auditing IT Governance Structure and Implementation

2.6.2 Risk Management Process

2.8.1 Governance, Risk and Compliance

2.8.2 Impact of Laws, Regulations and Industry Standards on IS Audit

2.9.3 IT Management Practices

2.9.4 Human Resource Management

2.9.7 Information Security Management

2.10.1 Outsourcing Practices and Strategies

2.10.2 Outsourcing and Third-party Audit Reports

2.10.3 Cloud Governance

2.10.4 Governance in Outsourcing

2.10.7 Monitoring and Review of Third-party Services

2.10.8 Managing Changes to Third-party Services Service Improvement and User Satisfaction

2.11.1 Performance Optimization

2.11.2 Tools and Techniques

2.12.1 Quality Assurance

2.12.2 Quality Management




Chapter 3

3.1.3 Project Management Roles and Responsibilities

3.1.4 Project Management Techniques

3.1.7 Project Benefits Realization

3.1.10 Project Planning

3.1.12 Project Controlling and Monitoring

3.1.14 IS Auditor’s Role in Project Management

3.2.1 IS Auditor’s Role in Business Case Development

3.3.2 SDLC Models

3.3.3 SDLC Phases

3.3.4 IS Auditor’s Role in SDLC Project Management

3.3.8 IS Auditor’s Role in Hardware Acquisition

3.3.9 IS Auditor’s Role in Software Acquisition

3.4.1 Input/Origination Controls

3.4.2 Processing Procedures and Controls

3.4.3 Output Controls

3.4.4 Application Controls

3.4.6 Decision Support System

3.5.1 Testing Classifications

3.5.2 Software Testing

3.5.3 Data Integrity Testing

3.5.4 Application Systems Testing

3.5.5 IS Auditor’s Role in Information Systems Testing

3.7.1 Data Migration

3.7.2 Changeover (Go-Live or Cutover) Techniques

3.7.3 System Implementation

3.7.4 System Change Procedures and the Program Migration Process

3.8.1 IS Auditor’s Role in Post-Implementation Review




 Chapter 4

4.1.3 Universal Serial Bus

4.1.4 Radio Frequency Identification

4.4.1 Risk Associated with System Interfaces

4.4.2 Security Issues in System Interfaces

4.4.3 Controls Associated with System Interfaces

4.6.1 Data Management

4.7.3 Access Control Software

4.7.5 Utility Programs

4.7.6 Software Licensing Issues

4.7.7 Source Code Management

4.8.1 Problem Management

4.8.2 Process of Incident Handling

4.8.3 Detection, Documentation, Control, Resolution and Reporting of Abnormal Conditions

4.8.5 Network Management Tools

4.8.6 Problem Management Reporting Reviews

4.9.1 Patch Management

4.9.2 Release Management

4.9.3 IS Operations

4.10.1 Service Level Agreements

4.10.2 Monitoring of Service Levels

4.11.3 Database Controls

4.12.1 Classification of Operations and Criticality Analysis

4.13.1 Application Resiliency and Disaster Recovery Methods

4.13.2 Telecommunication Networks Resiliency and Disaster Recovery Methods

4.14.1 Data Storage Resiliency and Disaster Recovery Methods

4.14.2 Backup and Restoration

4.14.3 Backup Schemes

4.15.1 IT Business Continuity Planning

4.15.2 Disasters and Other Disruptive Events

4.15.3 Business Continuity Planning Process

4.15.4 Business Continuity Policy

4.15.5 Business Continuity Planning Incident Management

4.15.6 Development of Business Continuity Plans

4.15.8 Components of a Business Continuity Plan

4.15.9 Plan Testing

4.15.11 Auditing Business Continuity

4.16.1 Recovery Point Objective and Recovery Time Objective

4.16.2 Recovery Strategies

4.16.3 Recovery Alternatives

4.16.5 Disaster Recovery Testing Methods

4.16.6 Invoking Disaster Recovery Plans




Chapter 5

5.1.1 Auditing the Information Security Management Framework

5.2.1 Audit Considerations for Privacy

5.3.1 Managerial, Technical and Physical Controls

5.3.2 Control Monitoring and Effectiveness

5.3.3 Environmental Exposures and Controls

5.3.4 Physical Access Exposures and Controls

5.4.1 System Access Permission

5.4.2 Mandatory and Discretionary Access Controls

5.4.3 Information Security and External Parties

5.4.4 Logical Access

5.4.5 Access Control Software

5.4.6 Identification and Authentication

5.4.7 Logon IDs and Passwords

5.4.8 Biometrics

5.4.9 Single Sign-on

5.4.11 Audit Logging in Monitoring System Access

5.4.12 Naming Conventions for Logical Access Controls

5.4.14 Auditing Logical Access

5.4.15 Data Leakage

5.5.3 Types of Networks

5.5.8 Network Infrastructure Security

5.7.1 Key Elements of Encryption Systems

5.7.2 Symmetric Key Cryptographic Systems

5.7.3 Public (Asymmetric) Key Cryptographic Systems

5.7.4 Applications of Cryptographic Systems

5.8 Public Key Infrastructure

5.9.3 Email Security Issues

5.9.5 Instant Messaging

5.9.6 Social Media

5.9.7 Cloud Computing

5.10.1 Key Risk Areas

5.10.2 Typical Controls

5.11.1 Mobile Computing

5.11.2 Wireless Networks

5.11.3 Internet of Things

5.13.1 Fraud Risk Factors

5.13.2 Computer Crime Issues and Exposures

5.13.3 Internet Threats and Security

5.13.4 Malware

5.14.1 Testing Techniques for Common Security Controls

5.14.2 Network Penetration Tests

5.14.3 Threat Intelligence

5.15.1 Intrusion Detection Systems

5.15.2 Intrusion Prevention Systems

5.17.1 Computer Forensics

5.17.2 Protection of Evidence and Chain of Custody

Share