ISACA BOOKSTOREisaca.org/bookstore

GOVERNANCE Featuring CGEIT® Exam Prep

ISACA® (isaca.org) helps global professionals lead, adapt and assure trust in an evolving digital world by offering innovative and world-class knowledge, standards, networking, credentialing and career development. Established in 1969, ISACA is a global nonprofit association of 140,000 professionals in 180 countries. ISACA also offers the Cybersecurity Nexus™ (CSX), a holistic cybersecurity resource, and COBIT®, a business framework to govern enterprise technology.

Contact the ISACA Bookstore

E-mail: bookstore@isaca.org

Tel: +1.847.660.5650

Fax: +1.847.253.1443

CGEIT® Exam Prep Materials

Order online at isaca.org/bookstore

CGEIT® Review Questions, Answers & Explanations Manual, 4th Editionby ISACA

The CGEIT® Review Questions, Answers & Explanations Manual, 4th Edition is designed to familiarize candidates with the question types and topics featured in the CGEIT exam.

The 250 questions in this manual have been consolidated from the CGEIT® Review Questions, Answers & Explanations Manual, 2015 and the CGEIT® Review Questions, Answers & Explanations Manual, 2015 Supplement.

Many questions have been revised or completely rewritten to be more representative of the CGEIT exam question format and/or to provide further clarity or explanation of the correct answer. These questions are not actual exam items but are intended to provide CGEIT candidates with an understanding of the type and structure of questions and content that has previously appeared on the exam. This publication is ideal to use in conjunction with the:

• CGEIT® Review Manual, 7th Edition

To help candidates maximize—and customize—study

efforts, questions are presented in the following two ways:

• Sorted by job practice area—Questions, answers and explanations are sorted by the CGEIT job practice areas. This allows the CGEIT candidate to refer to questions that focus on a particular area as well as to evaluate comprehension of the topics covered within each practice area.

• Scrambled as a sample 75-question exam—The 75 questions are arranged in the same percentages as the current CGEIT job practice areas. Candidates are urged to use this sample test to simulate an actual exam and to determine their strengths and weaknesses in order to identify areas that require further study. Answer sheets and an answer/reference key for the sample exam are also included. All sample test questions have been cross-referenced to the questions sorted by practice area, making it convenient for the user to refer back to the explanations of the correct answers.

Member: US $60.00Non-member: US $75.00Product Code: CGQ4ED

NEW!

4th Edition

CGEIT Review Questions, Answers & Explanations Manual

CG

EIT

Review

Questio

ns, Answ

ers & E

xplanatio

ns Manual

4th Edition

3701 Algonquin Road | Suite 1010Rolling Meadows, IL 60008 | USA

P: +1.847.253.1545F: +1.847.253.1443E: info@isaca.orgisaca.org

CGEIT® Review Manual, 7th Editionby ISACA

The CGEIT® Review Manual, 7th Edition is designed to help individuals prepare for the CGEIT exam and understand the responsibilities of those who implement or manage the governance of enterprise IT (GEIT) or have significant advisory or assurance responsibilities in regards to GEIT. It is a detailed reference guide that has been developed and reviewed by subject matter experts actively involved in governance of enterprise IT worldwide.

The manual is organized to assist candidates in understanding essential concepts and studying the following updated job practice areas:

• Framework for the governance of enterprise IT

• Strategic management

• Benefits realization

• Risk optimization

• Resource optimization

The CGEIT® Review Manual, 7th Edition features an easy-to-use format. Each of the book’s five chapters has been divided into two sections for focused study. Section one of each chapter contains the definitions and objectives for each of the five CGEIT practice areas, as well as the corresponding tasks performed by GEIT professionals and knowledge statements necessary to perform these tasks. It also includes:

• A map of the relationship of each task to the knowledge statements

• Self-assessment questions and explanations of the answers

• Suggested resources for further study

Section two of each chapter consists of content and reference material that supports the knowledge statements. The material enhances CGEIT candidates’ knowledge and understanding when preparing for the CGEIT certification exam. In addition, the CGEIT® Review Manual, 7th Edition includes definitions of terms most commonly found on the exam.

Member: US $85.00Non-member: US $115.00 Product Code: CGM7ED

NEW!

7th Edition

CGEIT Review Manual

CG

EIT

Review

Manual —

7th Edition

3701 Algonquin Road | Suite 1010Rolling Meadows, IL 60008 | USA

P: +1.847.253.1545F: +1.847.253.1443E: info@isaca.orgisaca.org

Order online at isaca.org/bookstore

Governance Resources

Monitoring Internal Control Systems and IT: A Primer for Business Executives, Managers and Auditors on How to Embrace and Advance Best Practicesby ISACA

Monitoring Internal Control Systems and IT provides useful guidance and tools for enterprises interested in applying information technology to support and sustain the monitoring of internal control.

The main goal/aims of this publication are to:

• Complement and expand on the 2009 COSO Guidance of Monitoring of Internal Controls

• Emphasize the monitoring of application and IT general controls

• Discuss the use of automation (tools) for increased efficiency and effectiveness of monitoring processes

This publication will be helpful for: • Executives/senior management by providing an executive overview and suggested questions to determine whether the monitoring of internal controls is adequately addressed

• Business process owners by describing how to monitor key IT application controls and how to automate monitoring processes

• IT professionals by supplying templates and tools that can be leveraged when developing and implementing a monitoring project

Member: US $55.00 Non-member: US $70.00Product Code: MIC

Implementing Service Quality Based on ISO/IEC 20000 by Michael Kunas

ISO/IEC 20000 is an important international standard for IT service providers. Implementation and certification improves business processes and practices and reassures customers that a company is efficient, reliable and trustworthy.

This step-by-step management guide will benefit all who have a role in the implementation and certification process. Written for companies of any size in any location, it:

• Gives a clear and detailed breakdown of the 2011 edition of ISO/IEC 20000

• Identifies the role of ISO/IEC 20000 and other related standards, as well as ITIL and COBIT and the relationship between them

• Explains what is really meant by quality

• Establishes the importance of a service management system and gives practical recommendations for its implementation

Member: US $30.00 Non-member: US $40.00Product Code: 10ITISQ

Order online at isaca.org/bookstore

IT Project Management: 30 Steps to Successby Premanand Doraiswamy

Few businesses could function effectively without their IT systems. At the same time, they depend on IT for more than their day-to-day operations. Companies must constantly innovate in order to remain competitive and keep up with ever-changing customer requirements; IT projects deliver these innovations. The IT project manager is the person responsible for implementing the project and realizing the objectives it was designed to achieve.

This pocket guide is designed to help IT project managers to succeed, and is based on the author’s years of experience in IT project management. The guide’s step-by-step approach will enable those new to IT project management, or intending to make a career in this field, to master the essential skills. For seasoned professionals, the pocket guide offers an invaluable concise reference guide.

Member: US $15.00 Non-member: US $25.00 Product Code: 12ITPM

The Definitive Guide to IT Service Metrics by Kurt McWhirter and Ted Gaughan

Measuring success is crucial, but how do we do it? How can we be sure that the IT services we offer are adding real value to our business?

Used just as they are, the metrics in this book will bring many benefits to both the IT department and the business as a whole. Details of the attributes of each metric are given, enabling you to make the right choices for your business. If you prefer to design and create your own metrics to bring even more value to your business, this book will guide the way.

Up-to-date, based on the ITIL® framework, as well as COBIT®, PMI®, ISO/IEC 20000 and ISO/IEC 27000, The Definitive Guide to IT Service Metrics will show you:

• How to integrate metrics into your business

• What to consider when gathering and reporting information

• How to maximize the usage of metrics in order to ensure value for money from the system

• How to secure and protect your company’s metrics

Member: US $50.00 Non-member: US $60.00Product Code: 18ITTDG

IT Governance for CEOs and Members of the Boardby Bryn TT Phillips

This book gives a concise overview of Information Technology Governance and is geared towards those who need to understand it the most, but usually have the least time to do so—CEO’s and members of the board. It provides a summary of the reasons IT Governance is required, a brief description of the elements of IT Governance, and, most importantly, gives guidance with regards to the responsibilities of the Board. This book also gives guidance as to what is required of the Board and CEO, and what should be delegated to the CIO and others.

Member: US $13.00 Non-member: US $23.00Product Code: 1CSITG

Order online at isaca.org/bookstore

Governance Resources

Robust Control System Networks: How to Achieve Reliable Control by Ralph Langner

Some security experts advocate risk management, implementing more firewalls and carefully managing passwords and access. Instead, this book shows in clear, concise detail how a system that has been set up with an eye toward quality design in the first place is much more likely to remain secure and less vulnerable to hacking, sabotage or malicious control.

It blends several well-established concepts and methods from control theory, systems theory, cybernetics and quality engineering to create the ideal protected system.

Highlights include:

• An overview of the problem of “cyber fragility” in industrial control systems

• How to make an industrial control system “robust,” including principal design objectives and overall strategic planning

• Why using the methods of quality engineering like the Taguchi method, SOP and UML will help to design more “armored” industrial control systems.

Member: US $97.00 Non-member: US $107.00 Product Code: 2MPRC

Information Security Governance: Guidance for Information Security Managersby W. Krag Brotby, IT Governance Institute

This book discusses how to develop an information security strategy within an organization’s governance framework and how to drive that strategy through an information security program. It provides guidance on determining information security objectives and how to measure progress toward achieving them. It is an exposition on the rationale and necessity for senior management to integrate information security into overall organizational governance at the highest levels. It provides information, developed in recent years, that mandates a business case for information security governance.

PRINTMember: US $30.00Non-member: US $35.00Product Code: 3ITG

eBook Free member downloadNon-member: US $45.00Product Code: 3ITG

IT Governance to Drive High Performance: Lessons from Accenture by Robert E. Kress

This pocket guide provides readers with an insider’s detailed description of Accenture’s IT governance policy and details its governance structure. It will show how effective IT governance links IT strategy and IT decisions to Accenture’s business strategy and business priorities.

Benefits to business include: • Boost productivity • Coordinate your operations • Manage change effectively • Keep a grip on budgets

Member: US $15.00 Non-member: US $25.00 Product Code: 8ITHP

Order online at isaca.org/bookstore

Reverse Deception: Organized Cyber Threat Counter Exploitationby Sean Bodmer, Dr. Mak Kilger, Gregory Carpenter, Jade Jones, Jeff Jones

“ A comprehensive and unparalleled overview of the topic by experts in the field.” – Slashdot

Expose, pursue, and prosecute the perpetrators of advanced persistent threats (APTs) using the tested security techniques and real-world case studies featured in this one-of-a-kind guide. Reverse Deception: Organized Cyber Threat Counter-Exploitation shows how to assess your network’s vulnerabilities, zero in on targets, and effectively block intruders. Discover how to set up digital traps, misdirect and divert attackers, configure honeypots, mitigate encrypted crimeware, and identify malicious software groups. The expert authors provide full coverage of legal and ethical issues, operational vetting, and security team management.

Member: US $40.00Non-member: US $50.00Product Code: 31MRDO

The Adventures of an IT Leader by Robert D. Austin, Richard L. Nolan, Shannon O’Donnell

Becoming an effective IT manager presents a host of challenges—from anticipating emerging technology to managing relationships with vendors, employees, and other managers. A good IT manager must also be a strong business leader. This book invites you to accompany new CIO Jim Barton to better understand the role of IT in your organization. You’ll see Jim struggle through a challenging first year, handling (and fumbling) situations that, although fictional, are based on true events. You can read this book from beginning to end, or treat is as a series of cases. You can also skip around to address your most pressing needs. For example, need to learn about crisis management and security? Read chapters 10-12. You can formulate your own responses to a CIO’s obstacles by reading the authors’ regular “Reflection” questions. You’ll turn to this book many times as you face IT-related issues in your own career.

Member: US $22.00 Non-member: US $32.00 Product Code: 4HBS

Information Governance: Concepts, Strategies, and Best Practices by Robert F. Smallwood

Information Governance (IG) is a rapidly emerging “super discipline” and is being applied to electronic document and records management, email, social media, cloud computing, mobile computing, and, in fact, the management and output of information organization-wide. IG leverages information technologies to enforce policies, procedures and controls to manage information risk in compliance with legal and litigation demands, external regulatory requirements, and internal governance objectives. Information Governance: Concepts, Strategies, and Best Practices reveals how, and why, to utilize IG and leverage information technologies to control, monitor, and enforce information access and security policies.

Member: US $60.00 Non-member: US $70.00 Product Code: 109WIG

Governance, Risk Management, and Compliance: It Can’t Happen to us—Avoiding Corporate Disaster While Driving Success by Richard M. Steinberg

Governance, Risk Management, and Compliance shows senior executives and board members how to ensure that their companies incorporate the necessary processes, organization, and technology to accomplish strategic goals. Examining how and why some major companies failed while others continue to grow and prosper, author and internationally recognized expert Richard Steinberg reveals how to cultivate a culture, leadership process and infrastructure toward achieving business objectives and related growth, profit, and return goals.

Member: US $33.00 Non-member: US $43.00 Product Code: 123WCRM

Order online at isaca.org/bookstore

Governance Resources

Information Security Roles and Responsibilities Made Easy, Version 3.0 by Charles Cresson Wood

Information Security Roles and Responsibilities Made Easyprovides over 70 pre-written job descriptions, mission statements, and organization charts that you can easily customize to suit your own needs. Included are time-saving tools and practical, step-by-step instructions on how to develop and document specific information on security responsibilities for over 40 different key organizational roles.

Additionally, Information Security Roles & Responsibilities Made Easy, Version 3.0 provides:

• Justification to help increase management’s awareness and funding of information security

• Specific advice on how to plan, document and execute an information security infrastructure project

• Practical advice on how to maintain security when dealing with third parties

• Valuable staffing advice and descriptions for information security professionals

Member: US $495.00Non-member: US $505.00Product Code: 2PS3

Empowering Green Initiatives with IT: A Strategy and Implementation Guide by Carl H. Speshock

This book provides organizations with strategy, planning, implementation and assessment guidance for their green initiatives. It discusses the many benefits of green initiatives with the assistance, integration and collaboration of the IT department and vendors, i.e., custom and vendor application development and reporting tools, green IT examples, and business intelligence dashboards that can perform analytical and predictive analysis of green-related business data.

• Outlines the major benefits to be gained through green initiatives with IT

• Shows you how your business can strategize, plan, implement, assess green initiatives solutions with IT

• Explores how to develop green initiative strategies, plans, projects, and assessments that integrate IT resources and offerings effectively

Member: US $50.00 Non-member: US $60.00 Product Code: 89WEG

Auditing Social Media: A Governance and Risk Guide by Peter R. Scott and J. Mike Jacka

Packed with useful web links, popular social media tools, platforms, and monitoring tools, Auditing Social Media shows you how to leverage the power of social media for instant business benefits while assessing the risks involved. Your organization sees the value in social media and wants to reach new markets, yet there are risks and compliance issues that must be considered. Auditing Social Media equips you to successfully partner with your business in achieving its social media goals and track it through strong metrics.

Member: US $31.00 Non-member: US $41.00 Product Code: 110WAS

Order online at isaca.org/bookstore

Lukaszewski on Crisis Communication by James E. Lukaszewski

Jim Lukaszewski, “America’s Crisis Guru,” draws on four decades of consulting experience confronting crisis of every kind to advise you exactly what to do, what to say, when to say it, and when to do it—while your whole world is watching. He uniquely emphasizes how to manage the victim-driven nature of crisis.

• Packed with case studies, practical tools, charts, checklists, forms, templates, and sample language.

• Endorsed by The Business Continuity Institute and Selected One of “30 Best Business Books of 2013” by Soundview Executive Book Summaries.

Member: US $50.00 Non-member: US $60.00 Product Code: 8RO

Hacking Exposed Unified Communications & VoIP Security Secrets & Solutions, 2nd Edition by Mark Collier and David Endler

“ Hacking Exposed: Unified Communications & VoIP Security Secrets & Solutions, includes more sophisticated attack vectors focused on UC and NGN. The authors describe in depth many new tools and techniques such as TDoS and UC interception. Using these techniques, you will learn how you can identify the security problems of VoIP/UC. This book is a masterpiece.” – Fatih Ozavci, Senior Security Consultant at Sense of Security, Author of viproy

Establish a holistic security stance by learning to view your unified communications infrastructure through the eyes of the nefarious cyber-criminal. Hacking Exposed Unified Communications & VoIP, Second Edition offers thoroughly expanded coverage of today’s rampant threats alongside ready-to-deploy countermeasures. Find out how to block TDoS, toll fraud, voice SPAM, voice social engineering and phishing, eavesdropping, and man-in-the-middle exploits. This comprehensive guide features all-new chapters, case studies, and examples.

Member: US $50.00 Non-member: US $60.00 Product Code: 36MHHE

Agile Governance and Audit—An Overview for Auditors and Agile Teamsby Christopher Wright

Written for auditors and Agile managers, Agile Governance and Audit bridges the gap between traditional auditing approaches and the requirements of Agile methodologies. It provides an overview of Agile for auditors and other risk professionals who have not encountered the approach before. Each chapter includes hints and tips for auditors, and a selection of case studies illustrate the practical issues involved in auditing Agile projects. This makes it an ideal book for any auditor encountering the Agile methodology, and any Agile teams preparing for a management audit.

Contents: • Introduction to Agile

• Agile versus Waterfall

• Why Doesn’t My Auditor/Agile Project Team Understand Me?

• Project Initiation and Risk Assessment and much more Member: US $28.00 Non-member: US $38.00Product Code: 23ITAG

Order online at isaca.org/bookstore

Governance Resources

CIO Best Practices: Enabling Strategic Value with Information Technology, 2nd Editionby Joseph P. Stenzel, Gary Cokins, Karl D. Schubert, Michael H. Hugos

Anyone working in information technology today feels the opportunities for creating and enabling lasting value. The CIO helps define those opportunities and turn them into realities. Now in a second edition, CIO Best Practices is an essential guide offering real-world practices used by CIOs and other IT specialists who have successfully mastered the blend of business and IT responsibilities.

This practical resource provides best practice guidance on the key responsibilities of the CIOs and their indispensable executive leadership role in modern enterprises of all sizes and industries. It is the most definitive and important collection of best practices for achieving and exercising strategic IT leadership for CIOs, those who intend to become CIOs, and those who want to understand the strategic importance of IT for the entire enterprise.

Member: US $70.00Non-member: US $80.00Product Code: 54WCIO2

An Executive Guide to IFRS: Content, Costs and Benefits to Businessby Peter Walton

International Financial Reporting Standards have been mandatory in the EU since 2005 and are rapidly being adopted by countries throughout the world. In this environment it is increasingly important for managers, executives and CEO’s to understand the background of the IFRS and their main requirements.

In An Executive Guide to IFRS: Content , Costs and Benefits to Business, Peter Walton provides a concise and accessible guide to the principal features of IFRS, explains why they are useful looks at their impact on businesses, and provides some of the context to help define their global role.

Member: US $40.00Non-member: US $50.00Product Code: 94WIFRS

Business Continuity & Disaster Recovery for IT Professionals, 2nd Editionby S. Snedaker

The second edition of Business Continuity and Disaster Recovery for IT Professionals gives you the most up-to-date planning and risk management techniques for business continuity and disaster recovery (BCDR). With distributed networks, increasing demands for confidentiality, integrity and availability of data, and the widespread risks to the security of personal, confidential and sensitive data, no organization can afford to ignore the need for disaster planning.

Author Susan Snedaker shares her expertise with you, including the most current options for disaster recovery and communication, BCDR for mobile devices, and the latest infrastructure considerations including cloud, virtualization, clustering, and more. Snedaker also provides you with new case studies in several business areas, along with a review of high availability and information security in healthcare IT.

Member: US $70.00Non-member: US $80.00Product Code: 6SYN2

Order online at isaca.org/bookstore

Safeguarding Critical E-Documents: Implementing a Program for Securing Confidential Information Assets by Robert & Smallwood and Barclay T. Blair

Practical, step-by-step guidance for corporations, universities and government agencies to protect and secure confidential documents and business records

Managers and public officials are looking for technology and information governance solutions to “information leakage” in an understandable, concise format. Safeguarding Critical E-Documents provides a road map for corporations, governments, financial services firms, hospitals, law firms, universities and other organizations to safeguard their internal electronic documents and private communications.

• Provides practical, step-by-step guidance on protecting sensitive and confidential documents-even if they leave the organization electronically or on portable devices

• Presents a blueprint for corporations, governments, financial services firms, hospitals, law firms, universities and other organizations to safeguard internal electronic documents and private communications

• Offers a concise format for securing your organizations from information leakage

Member: US $75.00 Non-member: US $85.00 Product Code: 98WSC

Governance of Enterprise IT based on COBIT® 5 by Geoff Harmer

Written for IT service managers, consultants and other practitioners in IT governance, risk management and compliance, this practical book discusses all the key concepts of COBIT® 5, and explains how to direct the governance of enterprise IT (GEIT) using the COBIT® 5 framework. Drawing on more than 30 years of experience in the IT sector, the author explains the main frameworks and standards supporting GEIT, discusses the ideas of enterprise and governance, and shows the path from corporate governance to the governance of enterprise IT.

The author covers the key elements of COBIT® 5 implementation including:

• The 5 principles, the 7 enablers, the 37 processes and the goals cascade

• The implementation of GEIT using COBIT® 5 and an implementation lifecycle

• The COBIT® 5 Process Assessment Model (PAM) based on international standard ISO/IEC 15504

• Covers the COBIT® 5 Foundation syllabus Member: US $35.00Non-member: US $45.00Product Code: 22ITG

Big Data: A Revolution That Will Transform How We Live, Work, and Think by Viktor Mayer-Schonberger and Kenneth Cukier

A revelatory exploration of emerging trends in “big data”—our newfound ability to gather and interpret vast amounts of information—and the revolutionary effects these developments are producing in business, science, and society at large.

Member: US $16.00 Non-member: US $26.00Product Code: 1HMBD

Contact the ISACA Bookstore

E-mail: bookstore@isaca.org

Tel: +1.847.660.5650

Fax: +1.847.253.1443

3701 Algonquin Road, Suite 1010

Rolling Meadows, IL 60008 USA