Главная    Ex Libris    Книги    Журналы    Статьи    Серии    Каталог    Wanted    Загрузка    ХудЛит    Справка    Поиск по индексам    Поиск    Форум   
blank
Авторизация

       
blank
Поиск по указателям

blank
blank
blank
Красота
blank
Gregg M. — CISA Exam Cram
Gregg M. — CISA Exam Cram



Обсудите книгу на научном форуме



Нашли опечатку?
Выделите ее мышкой и нажмите Ctrl+Enter

Название: CISA Exam Cram

Автор: Gregg M.

Аннотация:

CISA Exam Prep

Certified Information Systems Auditor



Michael Gregg



Your Complete Certification Solution!



The Smart Way to Study™



In This Book You’ll Learn How To:

* Approach the IS audit process from ISACA’s view of IS auditing best practices
* Relate and apply information security and systems audit best practices to the six CISA job practice areas
* Understand the IS audit process and learn how to apply best practices to secure an organization’s assets
* Evaluate IT governance to ensure that the organization has the structure, policies, and mechanisms in place to provide sufficient IS controls
* Minimize risk within an IT/IS environment by using sound security techniques and practices
* Assess systems and infrastructure lifecycle practices to determine their effectiveness in meeting security requirements and meeting organizational objectives
* Gain a deeper understanding of the business continuity and disaster recovery process to help minimize risk
* Protect key informational assets by examining the security architecture and evaluating controls designed for the protection of confidentiality, availability, and integrity
* Streamline your exam preparations with our exam insights, tips, and study strategies


Язык: en

Рубрика: Технология/

Статус предметного указателя: Готов указатель с номерами страниц

ed2k: ed2k stats

Издание: Second Edition

Год издания: 2006

Количество страниц: 480

Добавлена в каталог: 11.12.2007

Операции: Положить на полку | Скопировать ссылку для форума | Скопировать ID
blank
Предметный указатель
Cryptographic keys      341
Cryptography, real-world solutions      349—350
CSA (control self-assessment) process      50—51
cut-through switching      260
Cyberterrorists      332
DAC (discretionary access control)      301 466
Data communications software      225
Data disposal      141
Data file controls      165—166
Data integrity controls      170—171
Data integrity testing      170—171
Data Mining      184 226
Data ownership, establishing      335—336
Data recovery      431—432
Data sinks      225
Data-driven DSS      184
Data-link layer (OSI reference model)      247
Data-link layer (OSI reference model), Layer 2 bridges      259
Data-link layer (OSI reference model), Layer 2 switches      259
database servers      216
databases      226 464
Databases, ACID test      229
Databases, metadata      226
Databases, structure of      227
Databases, structure of, HDMSs      227
Databases, structure of, NDMSs      227
Databases, structure of, RDMSs      228
Decompilers      223
Defense-in-depth      293
Defining, audit objectives      45
Defining, physical security policies      390
Delay window      202
Delphi Technique      88
Deluge water sprinklers      386
DES (Date Encryption Standard)      343—344
Design phase of SDLC      136
Destroying sensitive information      369—370
Detecting fraud      49
Developers, role in information security      296
Development methods, SDLC      See SDLC
Development methods, types of      456—457
Development of Internet      272
Development phase of SDLC      136—139
Devices, bridges      259
Devices, broadcast domains      259
Devices, collision domains      259
Devices, firewalls      263
Devices, firewalls, application proxies      263
Devices, firewalls, circuit-level proxies      264
Devices, firewalls, dual-homed gateways      265
Devices, firewalls, packet filters      264
Devices, firewalls, screened host firewalls      265
Devices, gateways      260
Devices, hubs      259
Devices, modems      260
Devices, portable wireless devices      271
Devices, repeaters      259
Devices, routers      260
Devices, switches      259
DHCP (Dynamic Host Configuration Protocol)      254
dictionary attacks      317
differential backups      432
Digital signatures      346—347
Directory Services      249
Disaster recovery, alternate processing sites      426—429
Disaster recovery, alternatives      425
Disaster recovery, and public relations      408
Disaster recovery, and reputation      407
Disaster recovery, backup and restoration      432
Disaster recovery, backup and restoration, media rotation      433
Disaster recovery, backup and restoration, SANs      434
Disaster recovery, BCP      409
Disaster recovery, BCP, BIA      411—413 416—417
Disaster recovery, BCP, implementation and testing phase      421—424
Disaster recovery, BCP, monitoring and maintenance      425
Disaster recovery, BCP, plan design and development      419—420
Disaster recovery, BCP, project management and initiation      410
Disaster recovery, BCP, recovery strategy      417—419
Disaster recovery, BCP, training and awareness      420—421
Disaster recovery, corrective control      76
Disaster recovery, hardware recovery      429
Disaster recovery, hardware recovery, RAID      430—431
Disaster recovery, incident classification      406—407
Disaster recovery, plans, verifying      436—437
Disaster recovery, software and data recovery      431—432
Disaster recovery, telecommunications recovery      434—435
Disposal of applications      140—141
Disposing of data      141
Disposing of sensitive information      368—370
Distance-vector protocols      251
DMZs      265 322
DNS (Domain Name Service)      249
Document-driven DSS      184
Documentation as part of auditing methodology, WPs      43—45
Documentation reviewing      78—79
Doors as physical security control      375—376
DoS attacks      318 467
DOSD (data-oriented system development)      145
DRAM (dynamic RAM)      212
Draper, John      328
DRII (Disaster Recovery Institute International)      409
Dry pipe water sprinklers      385
DSL      268
DSS (decision support system)      184—185
DSSS (direct-sequence spread spectrum)      270
Dual-homed gateways      265
Dual-homed host firewalls      322
Dumpster diving      315 368
Duplex communication      225
Durability of locks      378
DVDs (digital video discs)      213
Dwell time      270
Dynamic packet filtering      321 468
E-commerce models      179—180
EA (enterprise architecture) plan      73
EBCDIC (Extended Binary Coded Decimal Interchange Code)      225
ECC (Elliptic Curve Cryptosystem)      345
EDI (electronic data interchange)      180—181
Edit controls      167 458—459
Edmondson, Dave      89
EER (equal error rate)      467
electricity      See power systems
Electronic vaulting      434
Email      181—182
Embedded audit modules      47
Emergency fixes      208 461
Emergency response      332—334
EMI (electromagnetic interference)      382
Employee management      89. See also employees
Employee management, background checks      92
Employee management, employee handbooks      90
Employee management, hiring practices      89—90
Employee management, termination procedures      92
Employee management, training      91
Employees, compensating controls      102—103
Employees, hiring best practices      452—453
Employees, roles, understanding      100—101
Employees, segregation of duties      101—102
Encryption      340—341
Encryption, asymmetric      344
Encryption, asymmetric, ECC      345
Encryption, asymmetric, RSA      345
Encryption, cryptographic attacks      351—352
Encryption, end-to-end      350
Encryption, methods of      341
encryption, PKI      347—348
Encryption, quantum cryptography      345
Encryption, symmetric, AES      344
Encryption, symmetric, DES      343—344
Encryption, symmetric, private key encryption      342—343
End-to-end encryption      350
Ensuring compliance using sampling methods      46—47
Entity integrity      171
EPO (emergency power-off) buttons      382
ERD (entity relationship diagram)      455
ERP (Enterprise Resource Planning)      98
Establishing risk management team      33—34
Estimating ARO      416
Estimating, project tasks completion times      127
Estimating, software costs      122—123
Estimating, software size      123—124
Ethernet      243
Ethical hacking      337
EULA (End-User License Agreement)      230
evidence      47
Evidence, reliability of      48
exam      See also practice exams
Exam, job practice areas      2—4
Exam, objectives      2—4
Exam, preparing for, methods of      7—9
Exam, preparing for, resources      4—5
Exam, preparing for, study tips      9—10
Executive management, role in information security      295
Exterior controls for physical security      372
Exterior controls for physical security, bollards      373
Exterior controls for physical security, fences      372—373
Exterior controls for physical security, gates      373
Exterior controls for physical security, guard dogs      374
Exterior controls for physical security, lighting      374
Exterior controls for physical security, low-key building design      374
FACTA (U.S. Fair and Accurate Credit Transaction Act)      25
Fail safe locks      376
Fail soft locks      376
FAR (false acceptance rate)      388 467
Fault tolerance      256
FCR (first call resolution)      200
FEA (Federal Enterprise Architecture) reference model      73
Feedback, emailing to author      6
Fences as physical security control      372—373
FHSS (frequency-hopping spread spectrum)      270
Fiber-optic cable      257
Fiduciary responsibility of auditor      39
Fields      226
file servers      216
Final acceptance testing      137
Financial audits      41
Fingerprint-scanning systems      388
Fire prevention, detection, and suppression      384—385
Fire prevention, detection, and suppression, Halon      386
Fire prevention, detection, and suppression, water sprinklers      385—386
Firewalls      217 263 321—322 468
Firewalls, application proxies      263
Firewalls, circuit-level proxies      264
Firewalls, dual-homed gateways      265
Firewalls, packet filters      264
Firewalls, screened host firewalls      265
Firewalls, stateful inspection      264
Firewalls, stateless      322
FireWire      214
FISMA (U.S. Federal Information Security Management Act)      25
floppy disks      212
foreign keys      226
Forensic audits      41
FORTRAN      222
FPA (function point analysis)      123
FQDNs (fully qualified domain names)      249
Fragmentation attacks      317
Frame Relay      267
FRAP (Facilitated Risk Assessment Process)      88
Fraud      49
FRR (false reject rate)      467
FRR (false rejection rate)      388
ftp (file transfer protocol)      248
full backups      432
Full operation testing      424 473
Full-mesh topology, network redundancy      256
Function Point Analysis      125
Function Points      124
Function tests      456
Fuzzing      317
Gantt charts      125
Gates as physical security control      373
gateways      260
General control procedures      37 449—450
General user state      211
Generations of computer languages      464
Generations of programming languages      223
Generators      383
Goals of IT governance best practices      67—68
Goals of logical security      294
Governmental information classification system      392
Grandfather-father-son tape rotation scheme      433
Granularity      226
Guard dogs as physical security control      374
Guards as physical security control      379—380
Guidelines      78
Guidelines for ISACA auditing      29—30
Guidelines versus standards      28
hackers      331
Halon      386 470
Halstead Complexity Measures      124
Handling confidential information      312—313
Hard changeover      456
hard disk drives      212
Hardware error reports      219
Hardware, capacity management      220—221
Hardware, computers      214
Hardware, CPU      210
Hardware, I/O bus standards      213
Hardware, maintenance      219
Hardware, memory      212
Hardware, monitoring      219
Hardware, recovery mechanisms      429
Hardware, recovery mechanisms, RAID      430—431
Hardware, RFID tags      218—219
Hardware, tape-management systems      219
Hashing      346—347
HDMS (hierarchical database-management systems)      464
HDMSs (hierarchical database-management systems)      227
help desk      204—206 274
Help desk, problem escalation      205
Help desk, trouble tickets      204
HIDS (host-based intrusion-detection systems)      323
Hill, Zachary      315
HIPAA (U.S. Health Insurance and Portability and Accountability Act)      25
Hiring employees, best practices      452—453
Honey nets      324
Honey pots      324
Host-to-host layer (TCP/IP model)      252—253
hot fixes      208
Hot site facilities      426
Hot-swappable disks      430
HR (human resources), employee management      89
HR (human resources), employee management, employee handbooks      90
HR (human resources), employee management, hiring practices      89—90 452—453
HR (human resources), employee management, termination procedures      92
HR (human resources), employee management, training      91
HTML (Hypertext Markup Language)      272
HTTP (Hypertext Transfer Protocol)      249 272
hubs      217 259—261
HVAC systems      383
Hybrid password-cracking attacks      317
I&A (identification and authentication) process      303
I&A (identification and authentication) process, authentication by characteristic      306—307
I&A (identification and authentication) process, authentication by knowledge      304—305
I&A (identification and authentication) process, authentication by ownership      305
I/O bus standards      213—214
Identification as physical security control      380
Identifying assets      81—83
Identifying threats      81
1 2 3 4 5
blank
Реклама
blank
blank
HR
@Mail.ru
       © Электронная библиотека попечительского совета мехмата МГУ, 2004-2025
Электронная библиотека мехмата МГУ | Valid HTML 4.01! | Valid CSS! О проекте