Introduction xxiii Assessment Test xxxv Chapter 1 IT Governance and Management 1 IT Governance Practices for Executives and Boards of Directors 3 IT Strategic Planning 10 Policies, Processes, Procedures, and Standards 12 Risk Management 23 IT Management Practices 39 Organization Structure and Responsibilities 62 Maintaining an Existing Program 72 Auditing IT Governance 75 Summary 80 Exam Essentials 81 Review Questions 83 Chapter 2 The Audit Process 87 Audit Management 89 ISACA Auditing Standards 99 Risk Analysis 108 Controls 115 Performing an Audit 121 Control Self-Assessment 144 Implementation of Audit Recommendations 147 Audit Quality Assurance 148 Summary 148 Exam Essentials 150 Review Questions 152 Chapter 3 IT Life Cycle Management 157 Benefits Realization 159 Project Management 165 Systems Development Methodologies 191 Infrastructure Development and Deployment 230 Maintaining Information Systems 234 Business Processes 237 Managing Third Parties 244 Application Controls 247 Auditing the Systems Development Life Cycle 253 Auditing Business Controls 258 Auditing Application Controls 258 Auditing Third-Party Risk Management 261 Summary 262 Exam Essentials 264 Review Questions 266 Chapter 4 IT Service Management 271 Information Systems Operations 273 Systems Performance Management 274 Problem and Incident Management 277 Change, Configuration, Release, and Patch Management 279 Operational Log Management 286 IT Service Level Management 288 Database Management Systems 290 Data Management and Governance 294 Other IT Service Management Topics 295 Auditing IT Service Management and Operations 297 Summary 301 Exam Essentials 302 Review Questions 304 Chapter 5 IT Infrastructure 309 Information Systems Hardware 310 Information Systems Architecture and Software 324 Network Infrastructure 330 Asset Inventory and Classification 386 Job Scheduling and Production Process Automation 390 System Interfaces 391 End-User Computing 392 Auditing IT Infrastructure 393 Summary 398 Exam Essentials 399 Review Questions 401 Chapter 6 Business Continuity and Disaster Recovery 405 Business Resilience 406 Incident Response Communications 473 Auditing Business Continuity Planning 475 Auditing Disaster Recovery Planning 479 Summary 484 Exam Essentials 485 Review Questions 487 Chapter 7 Information Security Management 491 Information Security 493 Role of the Information Security Manager 494 Information Security Risks 497 Building an Information Security Strategy 501 Implementing Security Controls 505 Endpoint Security 507 Network Security Controls 511 Cloud Computing Security 519 Cryptography 528 Exploring Cybersecurity Threats 539 Privacy 545 Security Awareness and Training 548 Security Incident Response 550 Auditing Information Security Controls 554 Summary 559 Exam Essentials 560 Review Questions 563 Chapter 8 Identity and Access Management 567 Logical Access Controls 568 Third-party Access Management 587 Environmental Controls 592 Physical Security Controls 599 Human Resources Security 602 Auditing Access Controls 606 Summary 616 Exam Essentials 617 Review Questions 619 Chapter 9 Conducting a Professional Audit 623 Understanding the Audit Cycle 624 How the IS Audit Cycle Is Discussed 625 Overview of the IS Audit Cycle 627 Summary 699 Appendix A Popular Methodologies, Frameworks, and Guidance 701 Common Terms and Concepts 702 Frameworks, Methodologies, and Guidance 710 Notes 738 References 738 Appendix B Answers to Review Questions 741 Chapter 1: IT Governance and Management 742 Chapter 2: The Audit Process 744 Chapter 3: IT Life Cycle Management 746 Chapter 4: IT Service Management 748 Chapter 5: IT Infrastructure 749 Chapter 6: Business Continuity and Disaster Recovery 750 Chapter 7: Information Security Management 752 Chapter 8: Identity and Access Management 754 Index 759.