Bookstore-2014-Catalog Bro Eng 0314

YOUR LEADING
RESOURCE FOR SUCCESS
2014 BOOKSTORE CATALOG

isaca.org/bookstore
Book Review
www.isaca.org/bookreviews
Member Complimentary PDF Download
www.isaca.org/downloads
WHATS INSIDE...
TABLE OF CONTENTS
4
COBIT PRODUCTS

COBIT 5 & Related Products

COBIT 4.1 & Related Products
14
EXAMINATION REFERENCE MATERIALS

CISA

CISM

CGEIT

CRISC
20
NON-ENGLISH RESOURCES
36 RISK-RELATED
41
AUDIT, CONTROL and SECURITY RELATED

Essentials

Specific Environments
54
INTERNET & RELATED SECURITY TOPICS
65
IT GOVERNANCE & BUSINESS MANAGEMENT
80
INVENTORY REDUCTION SALE
83
TITLE INDEX
RESEARCH & RESOURCES

KNOWLEDGE, COMMUNITY AND GUIDANCE HELP DELIVER
ENTERPRISE VALUE WORLDWIDE
By working collectively with our global community of thought leaders, innovators and professionals, ISACA
develops globally accepted research, standards, frameworks and guidance that enhance the profession and
support enterprise success worldwide. This ability to leverage member expertise makes ISACA the most trusted
resource for thought leadership and advocacy in IT audit, compliance, security, risk, privacy and governance for
industries, enterprises and individuals.
THOUGHT LEADERSHIP
Equip yourself with knowledge critical to thinking
strategically and navigating todays complex IT issues.
From surveys and whitepapers to frameworks, standards
and research publications, ISACA has what you need.
ISACA JOURNAL
Get access to cutting-edge, front-line perspectives on
emerging trends, developing risks and professional
development.
ISACA BOOKSTORE
Explore a peer-reviewed collection of industry
publications, including COBIT 5 products and exam
resources for insights and guidance that youll never
want to be without.
ISACAS eLIBRARY
Browse over 575 titles on demand to supplement your
knowledge and sharpen your skills.
KNOWLEDGE CENTER
Dont face your technology challenges alone. Connect and
collaborate with like-minded professionals on topics of
mutual interest and share your real-world experiences.
ADVOCACY
Share your expertise and experience to enhance the
awareness and influence of our association. Our advocacy
efforts help build and promote the importance, integrity
and value of ISACA credentials and knowledge on a
global scale
Our goal is to make members more valued, knowledgeable and capable of illuminating opportunities, exposing risks
and revealing the road ahead for organizations all over the globe.
COBIT 5
COBIT PRODUCTS
Section: 01
COBIT 5 & RELATED PRODUCTS
COBIT 5 Enabler Guides
COBIT 5: Enabling Processes
COBIT 5: A Flexible Framework

Business and IT leaders need up-to-date tools and
expertise to navigate an increasingly complex business
and IT environment. COBIT 5 can help. It represents the
next generation of ISACAs guidance, unifying previous
frameworks and standards.
COBIT 5: Enabling Information
COBIT 4.1 & RELATED PRODUCTS

VAL IT AND RELATED PRODUCTS
RISK IT AND RELATED PRODUCTS
COBIT 5 Professional Guides

COBIT 5 Implementation
COBIT 5 For Information Security
COBIT 5 For Assurance
Globally Endorsed & Validated

The collective wisdom and practical expertise of global
experts helped shape the COBIT 5 framework, which
represents the most significant evolution in COBITs
16-year history. It went through a public exposure period
and also was reviewed by more than 95 governance,
security, risk and assurance professionals worldwide.
COBIT 5 For Risk
COBIT 5 Online
Collaborative Environment
COBIT 5 signifies a transformation in the business view of the governance and management of enterprise IT. It accelerates the alignment of organizational strategy and IT in a way that increases value, stimulates growth and creates distinct competitive advantages, all while fortifying against threats and risks.
A consolidated, comprehensive resource, COBIT 5 embodies global thought leadership and guidance, and
is an asset that helps business, IT and governance experts around the world thrive.
Robust Family of Products

The COBIT 5 product family includes the centerpiece
framework and encompasses a comprehensive
set of enabler and professional guides and
resources that provide additional guidance on how
professionals in all industries and geographies can
use COBIT to deliver their products and services.
Bring order to the growing complexity of IT.
COBIT 5
COBIT 5
COBIT PRODUCTS
PROFESSIONAL GUIDES
PROFESSIONAL GUIDES (Continued)
COBIT ASSESSMENT PROGRAM
COBIT 5: A Business Framework for

the Governance and Management of
Enterprise IT
COBIT Process Assessment Model (PAM):

Using COBIT 5
This volume documents the five principles and seven

supporting enablers that defines the COBIT 5 framework
and incorporates the latest thinking in enterprise
governance and management techniques.
Information and related information technologies are

pervasive in enterprises. It is no longer possible or good
practice to separate business and IT-related activities.
The governance and management of enterprise IT
should be an integral part of enterprise governance,
covering the each enterprise, end-to-end.
COBIT 5 for Risk
Member: US $35.00
Nonmember: US $50.00
Currently available in 8 languages
A complimentary eBook
Available in print CB5 and eBook WCB5
Member: US $35.00
Available in print CB5IG and
eBook WCB5IG
A Business Framework for the

Governance and Management
of Enterprise IT
ENABLER GUIDES
COBIT 5 for Information Security
COBIT 5 for Information Security examines COBIT 5

from a security view, placing a security lens over the
concepts, enablers and principles. Using it can help
enterprises benefit from improved risk decisions and
cost management related to information
security.
Member: US $35.00
Nonmenber: US $135.00
Available in print CB5EP and
eBook WCB5EP
Member: US $35.00
Available in print CB5IS and
eBook WCB5IS
A reference guide that provides a structured way of

thinking about information governance and management
issues in any type of organization. This structure can be
applied throughout the life cycle of information, from
conception through the time information is destroyed.
Member: US $35.00
Available in print CB5EI and
eBook WCB5EI
Effectively managing IT risk helps drive better business

performance by linking information and technology risk
to the achievement of strategic enterprise objectives.
This information risk view of COBIT 5 provides detailed
guidance to help businesses leaders manage risk in their
organization.
Member: US $35.00
Available in print CB5RK and
eBook WCB5RK
The Process Assessment Model (PAM) for COBIT 5

provides a repeatable and reliable way to assess IT
process capabilities, which helps IT leaders gain C-level
and board member buy-in for change and improvement
initiatives.
Member: US $30.00
Available in print CPAM5 and
eBook WCPAM5
COBIT Assessor Guide: Using COBIT 5
This publication contains a detailed reference guide

to the processes defined in the COBIT 5 process
reference model. COBIT 5: Enabling Processes
includes the COBIT 5 Goals Cascade, a process mode
explanation and the process reference model.
COBIT 5: Enabling Information
COBIT 5 for Assurance
Building on the COBIT 5 framework, this guide focuses

on assurance and provides more detailed and practical
guidance for assurance professionals and other
interested parties at all levels of the enterprise on how
to use COBIT 5 to support a variety of IT
assurance activities.
Member: US $35.00
Available in print CB5A and
eBook WCB5A
COBIT 5 Special Bulk

Discount Structure
5-9 copies......................................................10%
10-19 copies......................................................15%
20-39 copies......................................................20%
40-69 copies......................................................30%
70-99 copies......................................................40%
100+ copies......................................................50%
COBIT 5 Bundle Discount:

Purchase the complete COBIT 5
Bundle and save!
The set includes:

COBIT 5
MEMBER PRICE: US $95.00

NON-MEMBER PRICE: US $275.00
*COBIT 5 Special Bulk Discount does not apply to the COBIT 5 Bundle.
Book Review
Provide organizations with an understandable,

logical, repeatable, reliable and robust methodology
for assessing the capability of their IT processes.
Assessments can then be used to report on the
capability of the organizations IT processes or to
establish a target for improvement based
on business requirements.
Member: US $30.00
Available in print CAG5 and
eBook WCAG5
COBIT Self-Assessment Guide:

Using COBIT 5
Building on the COBIT 5 framework, this guide

focuses on assurance and provides more detailed and
practical guidance for assurance professionals and
other interested parties at all levels of the enterprise
on how to use COBIT 5 to support a
variety of IT assurance activities.
Member: US $30.00
Available in print CSAG5 and
eBook WCSAG5
COBIT 5
COBIT 5
EXTRACTING VALUE FROM
INFORMATION CHAOS
WHY GOOD GOVERNANCE MAKES GOOD SENSE
6 OUT OF 10
EMPLOYEES
AGES 18-35
USE A PERSONAL
DEVICE FOR WORK
SECURITY BREACHES
75M
CYBERCRIME COSTS
US $1 TRILLION
PER YEAR
24B
MALWARE
SAMPLES
in
2012
CONNECTED
DEVICES
by
2020
COBIT PRACTICAL GUIDANCE

Configuration Management:
Using COBIT 5
BYOD [BRING YOUR OWN DEVICE]
DATA PROLIFERATION
Enterprises continuously experience changes and

without proper communication and coordination,
signs of malfunction are likely to manifest as business
disruptions, inefficiencies and potential financial
losses. This publication provides detailed guidance to
help enterprise leaders manage change and minimize
unforeseen impacts.
Member: US $30.00
Available in print CB5CM and
eBook WCB5CM
112
EMAILS
PER DAY
PRIVACY REGULATIONS
COMPANIES
are at
RISK
from
SOCIAL
MEDIA
PASS
****
DOWNTIME
WORKER
RECEIVES
$380B
65
AVERAGE COST
TERABYTES
of
$5,000
COUNTRIES HAVE
THEIR OWN DATA
PROTECTION
LAWS
INFORMATION
PER YEAR
A MINUTE
FOR DOWNTIME
INCIDENTS
COST OF DISASTERS
in
2011
9.6 MILLION
PETABYTES:
business-related information
processed by the worlds computer
servers per year
BUSINESS GOVERNANCE AND

MANAGEMENT OF ENTERPRISE IT
COBIT 5 Training Programs

ISACA offers a wide variety of COBIT training
programs designed to fit your unique requirements
for subject matter and learning style.

COBIT 5 Foundation Course & Exam

COBIT 5 Implementation Course & Exam
COBIT Certified Assessor Program
. COBIT Certified Assessor Course
. COBIT Certified Assessor Exam
. COBIT Certified Assessor Certification
Learn more at www.isaca.org/COBIT5
Download a complimentary copy of COBIT 5 today or learn more at

www.isaca.org/cobit
This publication describes the vendor management process

and its activities and then presents the most common
threats, risk and mitigation actions. A detailed case study
is provided to show the potential consequences of faulty
vendor management. Practical sample templates and
checklists are also.
Member: US $35.00
Available in print CB5VM and
eBook WCB5VM
This publication is intended for several audiences who

use mobile devises directly or indirectly. The publication
applies COBIT 5 to mobile device security is to establish a
uniform management framework and to give guidance on
planning, implementing and maintaining comprehensive
security for mobile devices in the context
of enterprises.
Member: US $35.00
Available in print CB5SMD and
eBook WCB5SMD
Transforming Cybersecurity:
Using COBIT 5
Cybersecurity has evolved as a new field of interest,

gaining political and societal attention. Given this
magnitude, the future tasks and responsibilities
associated with cybersecurity will be essential to
organizational survival and profitability. This publication
applies the COBIT 5 framework and its component
publications to transforming cybersecurity in a
systemic way.
Member: US $35.00
Available in print CB5TC and
eBook WCB5TC
SOURCES
http://www.isaca.org/About-ISACA/Press-room/News-Releases/2011/Pages/ISACA-Survey-Bring-Your-Own-Device-Trend-Heightens-Online-Holiday-Shopping-Risk.aspx
http://www.gsma.com/articles/gsma-announces-the-business-impact-of-connected-devices-could-be-worth-us-4-5-trillion-in-2020/22536
http://blogs.mcafee.com/mcafee-labs/mcafee-q4-threats-report-shows-malware-surpassed-75-million-samples-in-2011
http://www.radicati.com/?p=6904
http://ucsdnews.ucsd.edu/newsrel/general/04-05BusinessInformation.asp
http://www.informationweek.com/thebrainyard/news/community_management_development/231602379
http://www.un.org/en/development/desa/news/ecosoc/cybersecurity-demands-global-approach.html
http://www.mofo.com/privacy--data-security-services/
http://www.time.com/time/world/article/0,8599,2108354,00.html
http://www.eweek.com/c/a/IT-Infrastructure/Unplanned-IT-Downtime-Can-Cost-5K-Per-Minute-Report-549007/
Vendor Management:
Using COBIT 5
Securing Mobile Devices:

Using COBIT 5 for Information Security
THE AVERAGE CORPORATE

WORKER SENDS & RECEIVES
SOCIAL MEDIA RISK
Book Review
10
COBIT 5
COBIT 4.1 and Related Products

COBIT 4.1
COBIT Quickstart, 2nd Edition
COBIT and Application Controls:

A Management Guide
COBIT Assessor Guide: Using COBIT 4.1
ISACA
Print CAC
Member US $35.00
Nonmember US $75.00
eBook WCAC
Nonmember US $55.00
ISACA
Print CAG
Member US $50.00
Nonmember US $100.00
eBook WCAG
Member US $30.00
Nonmember US $80.00
COBIT Control Practices: Guidance to

Achieve Control Objectives for Successful
IT Governance, 2nd Edition
COBIT Security Baseline: An Information

Security Survival Kit, 2nd Edition
ISACA
Member US $75.00
CB4.1
Business Benefits
Beyond IT
In todays value-driven world, decisions cant be
made in vacuums or silos. The comprehensive
nature of business is reflected in the
comprehensive nature of COBIT 5. Its globally
accepted principles, practices, analytical tools
and models are designed for business executives
as well as , and enterprises of all sizes and in
all industries can benefit. COBIT 5 addresses
the needs of business and IT stakeholders
across the enterprise and helps clarify goals for
more effective decision making. COBIT 5 helps
demonstrate that the right priorities are in place,
the right decisions are being made and risk is
being addressed. It allows enterprises to rely
on established, credible practices, rather than
reinvent the wheel. It was developed by strong
international thought leaders, and will continue
to evolve with advancements in the industry.
COBIT 5 Benefits
Enterprises of all sizes:
Maintain high-quality information to support
business decisions
Achieve strategic goals through the effective
and innovative use of IT
Achieve operational excellence through
reliable, efficient application of technology
The COBIT Focus newsletter is complimentary

to all COBIT users. Sign Up >
Optimize the cost of IT services and technology

Support compliance with relevant laws,
regulations, contractual agreements and policies
ISACA
Member US $55.00
CPS2
COBIT Process Assessment

Model (PAM): Using COBIT 4.1
COBIT 5 builds and expands on COBIT 4.1 by

integrating other major frameworks, standards
and resources, including ISACAs Val IT and Risk
IT, Information Technology Infrastructure Library
(ITIL) and related standards from the International
Organization for Standardization (ISO) and also
draws significantly from the Business Model
for Information Security (BMIS) and ITAF.
You are invited to download the COBIT 5 framework
for no charge and if more guidance is needed,
reference the individual publications for more detail.
COBIT 5 consolidates and integrates the COBIT 4.1, Val IT 2.0 and Risk IT
frameworks and also draws significantly from BMIS and ITAF. You are invited to
review the COBIT 5 framework first at isaca.org/COBIT and if more guidance
is needed, reference the individual publications for more detail.
ISACA
Member US $55.00
CBQ2
Maintain IT-related risk at an acceptable level
COBIT 5
COBIT Focus
11
ISACA
Print CPAM
Member US $30.00
Nonmember US $50.00
eBook WCPAM
Nonmember US $40.00
COBIT Self-assessment Guide:

Using COBIT 4.1
ISACA
Print CSAG
Member $25.00
Nonmember $40.00
eBook WCSAG
Nonmember US $30.00
Download here: www.isaca.org/COBIT

Book Review
ISACA
Member US $20.00
Nonmember US $40.00
CBSB2
COBIT User Guide for Service Managers

ISACA
Print CUG
Member US $20.00
Nonmember US $50.00
eBook WCUG
Nonmember US $35.00
IT Assurance Guide: Using COBIT

ISACA
Member US $55.00
CB4A
Implementing and Continually

Improving IT Governance
ISACA
Member US $55.00
ITG9

12

SharePoint Deployment Governance
Using COBIT 4.1: A Practical Approach
ISACA
Member US $30.00
Nonmember US $70.00
SDG
COBIT Suite Datasec

ISACA
Web Site Download EMSW
Member US $9,849.00
Nonmember US $10,970.00
COBIT CSA (Control Self-assessment)

ISACA
Web Site Download ECSAW

Member US $2,010.00
COBIT Delphos
ISACA
Web Site Download EDW
Member US $2,550.00

Enterprise Value: Governance of IT
Investments, Getting Started With Value
Management
e-book VITM
Member US $25.00
Nonmember US $40.00

Investments,The Val IT Framework 2.0
COBIT MG (Management Guidelines)
e-book VITF2
Member US $45.00
Nonmember US $90.00
Web Site Download EMGW

Member US $2,258.00
The Business Case Guide

Using Val IT 2.0
ISACA
COBIT AG (Audit Guidelines)

(Continued)
Michael D. S. Harris, David Herron and Stasia Iwanicki
COBIT KP
(Knowledge Provider)
ISACA
Web Site Download EKPW

Member US $3,694.00
39CR
Member US $80.00
Nonmember US $90.00
The Risk IT Framework

RITF
Member US $45.00
Nonmember US $95.00
David Kaye and Julia Graham
The Risk IT Practitioner Guide
5RO
Member US $95.00
RITPG
Member US $46.00

Investments Complete Set
VITS2
Member US $105.00
Value Management Guidance for

Assurance Professionals: Using Val IT 2.0
VITAG
Member US $25.00
Nonmember US $40.00
eBook
e-book VITB2
Member US $25.00
Nonmember US $40.00
The Business Value of IT:

Managing Risks, Optimizing
Performance and Measuring Results
RISK IT AND RELATED PRODUCTS
Risk Management Approach to

Business Continuity: Aligning Business
Continuity With Corporate Governance
Meycor Products
COBIT Suite Datasec
The Meycor COBIT Suite is a complete and
integrated software for use in implementing
COBIT 4.1 as a governance of IT, IT security
or IT assurance tool. It includes five modules:
M
eycor COBIT CSA (Control Self
Assessment)
M
eycor COBIT MG (Management &
Governance)
Meycor COBIT AG (Assurance Guidelines)
ISACA
Web Site Download EAGW

Member US $2,258.00
13
Meycor COBIT KP (Knowledge Provider)
IT is complicated.
IT governance does
not have to be.
For more information on COBIT 5 and its family of
products, visit the ISACA
website at www.isaca.org/cobit.
Book Review
M
eycor COBIT Delphos (Balanced
Scorecard)
It also includes a central module that allows
for the performance of administrative and
functional tasks among different modules.
All COBIT contents are unified in a single
database shared by different modules.
14
15
Exam References
CISA PRODUCTS
CISA Review Manual 2014
EXAM REFERENCE
Section: 02
CISA
CISM
CGEIT
CRISC
A comprehensive reference guide designed to help

individuals prepare for the CISA exam and understand
the roles and responsibilities of an information systems
(IS) auditor. The manual has been enhanced over
the past editions and represents the most current,
comprehensive, peer-reviewed IS audit, assurance,
security and control resource available worldwide.
Member price: US $105.00
Nonmember price: US $135.00
CRM14
Available in: Chinese Simplified,
Japanese, Spanish, Italian, French
CISA Review Questions, Answers &

Explanations Manual 2014 Supplement
This guide features 100 new sample questions,

answers and explanations to help candidates
effectively prepare for the CISA exam. The questions
are intended to provide CISA candidates with an
understanding of the type and structure of questions
that have typically appeared on past exams.
Enterprises worldwide are seeking forward-thinking thought leaders with the skill to anticipate problems
and stay ahead of the curve. Having an ISACA certification announces you and your team are accomplished
individuals with an innovative point of view and up to the task to help set the enterprise up for future success.
A comprehensive 1,150-question study guide that

combines the 950 questions and answers from the CISA
Review Questions, Answers & Explanations Manual
2013 with those from the 2013 and 2014 editions of
the CISA Review Questions, Answers & Explanations
Manual Supplements(100 questions and answers each).
Exam candidates can take sample exams with randomly
selected questions, and view the results by job practice
domain, allowing for concentrated study in particular
areas. Additionally, questions generated during a study
session are sorted based on previous scoring history,
allowing CISA candidates to identify their strengths and
weaknesses and focus their study efforts accordingly.
Available in CD-ROM CDB14 or
Download CDB14W
Available in Spanish

Explanations Manual 2013

Designed to familiarize candidates with the question

types and topics featured in the CISA exam, this guide
consists of 950 multiple-choice study questions that have
previously appeared in the CISA Review Questions,
Answers & Explanations Manual 2011 and the 2011 and
2012 Supplements.

Explanations Manual, 2013 Supplement

QAE14

QAE14ES
ISACA certifications are recognized globally as the industry standard and in many cases as job prerequisites
for IT audit, assurance, control, governance, risk and security-related positions.
CISA Practice Question Database v14

effectively prepare for the CISA exam. The questions
are intended to provide CISA candidates with an
that have typically appeared on past exams.

Japanese, Spanish, Italian

QAE13ES
Book Review
16
Exam References
Exam References
CISM PRODUCTS
CISM PRODUCTS (Continued)
CGEIT PRODUCTS
CISM Review Manual 2014
CISM Review Questions,

Answers & Explanations Manual 2014
CGEIT Review Manual 2014
A comprehensive reference guide designed to help

individuals prepare for the CISM exam and understand
the roles and responsibilities of an information
security manager. The manual has been enhanced
over the past editions and represents the most
current, comprehensive, peer-reviewed information
security management resource available
worldwide.
CM14
CISM Review Questions, Answers &


effectively prepare for the CISM exam. The questions
are intended to provide CISM candidates with
an understanding of the type and
structure of questions that have
typically appeared on past exams.
14ES
17
The guide consists of 815 multiple-choice study

questions, answers and explanations, which are
organized according to the CISM job practice domains.
The questions in this manual have been consolidated
from the CISM Review Questions, Answers &
Explanations Manual 2012 and the 2012 and 2013
editions of the CISM Review Questions,
Answers & Explanations Manual
Supplement.
CQA14
Available in Japanese, Spanish
CISM Practice Question

Database v14
A comprehensive 915-question study guide that

combines the questions from the Review Questions,
Answers & Explanations Manual 2014 with those
from the 2014 supplement. Exam candidates can take
sample exams with randomly selected questions, and
view the results by job practice domain, allowing for
concentrated study in particular areas. Additionally,
questions generated during a study session are sorted
based on previous scoring history, allowing CISM
candidates to identify their strengths and weaknesses
and focus their study efforts accordingly.
The CGEIT Review manual is designed to help

individuals prepare for the CGEIT exam and understand
the responsibilities of those who implement or manage
the governance of enterprise
IT
(GEIT) or have significant advisory
or
assurance responsibilities in regards
to GEIT.

CGM14
CGEIT Review Questions, Answers &

The CGEIT Review Questions, Answers & Explanations

Manual 2013 is designed to familiarize candidates with the
question types and topics featured in the CGEIT exam.
The 60 questions in this manual have been consolidated
from the CGEIT Review Questions, Answers &
Explanations Manual 2011 and
the
CGEIT Review Questions, Answers
& Explanations Manual 2012
Supplement.
CGQ13

The CGEIT Review Questions, Answers & Explanations

Manual 2013 Supplement features 60 new sample
questions, answers and explanations to help candidates
effectively prepare for the 2013 CGEIT exam. The questions
are intended to provide CGEIT candidates with an
understanding of the type and structure of questions that
have typically appeared on past exams,
and were prepared specifically for use in
studying on the CGEIT exam.
CGQ13ES

This manual features 60 new sample questions,

answers and explanations to help candidates effectively
prepare for the CGEIT exam. The questions are intended
to provide CGEIT candidates with an understanding of
the type and structure of questions that
have typically appeared on past exams.
CGQ14ES

Available in CD-ROM MDB14
or Download MDB14W
Book Review
18
Exam References
Exam References
CRISC PRODUCTS
CRISC Review Manual 2014
CRISC PRODUCTS (Continued)

CRISC Review Questions, Answers &
The CRISC Review Manual 2014 is a comprehensive

reference guide designed to help individuals prepare for
the CRISC exam and understand IT-related business risk
management roles and responsibilities. The manual has
been enhanced over the past editions and represents
the most current, comprehensive,
peer-reviewed IT-related business risk
management resource available worldwide.
The publications is designed to familiarize candidates

with the question types and topics featured in the
CRISC exam. The 200 questions in this manual have
been consolidated from the CRISCTM Review Questions,
Answers & Explanations Manual 2011 and
the CRISCTM Review Questions, Answers &
Explanations Manual 2012 Supplement.

CRR14

CRQ14


TM
The CRISCTM Review Questions, Answers & Explanations

Manual 2014 Supplement features of 100 new sample
effectively prepare for the CRISC exam. The questions
are intended to provide CRISC candidates with and
that have typically appeared on past
exams, and were prepared specifically
for use in studying for the CRISC exam.
CRQ13ES
19
CRISC Practice Question Database

12 Months
CRISC Practice Question Database

6 Month Extension
The CRISC Practice Question Database - 12 Month

Subscription is a comprehensive 400-question pool
of items that combine the questions from the CRISC
Review Questions, Answers & Explanations Manual
2013 with those from the 2013 and 2014 editions of the
Explanations Manual Supplement.
XMXCR14-12M
The CRISCTM Review Questions, Answers & Explanations

Manual 2013 Supplement features of 100 new sample
effectively prepare for the CRISC exam. The questions
are intended to provide CRISC candidates with an
that have typically appeared on past exams, and
were prepared specifically for use
in studying for the CRISC exam.
CRISC Practice Question Database - 6 Month Extension

should be purchased only as an extension to the CRISC
Practice Question Database - 12-Month Subscription
Exam candidates can take sample exams with randomly
selected questions and view the results by job practice
domain, allowing for concentrated study in particular
areas. Additionally questions generated during a study
session are sorted based on previous scoring history,
allowing CRISC candidates to identify their strengths and
weaknesses and focus their study efforts accordingly.
Other features provide the ability to select sample
exams by specific job practice domain, view questions
that were previously answered incorrectly and vary
the length of study sessions, giving
candidates the ability to customize their
study approach to fit their needs.
XMXCR14-EXT180

CRQ14ES
Book Review
20
21
Non-English Resources
ESPAOL
Manual de Preparacin al
Examen CISA 2014
NON-ENGLISH RESOURCES
Section: 03
SPANISH
CHINESE
FRENCH
ITALIAN
JAPANESE
ARABIC
El Manual de Preparacin al Examen CISA 2014 es

una completa gua de referencia diseada para
ayudar a quienes se preparan para el examen
CISA, as como tambin para comprender los roles
y las responsabilidades de un auditor de sistemas
de informacin (SI). El manual ha sido mejorado y
revisado por profesionales altamente calificados
en las ltimas ediciones, por lo que representa el
recurso disponible a nivel mundial ms
actualizado y completo en auditora,
aseguramiento, seguridad y control
de sistemas de informacin (SI).
Precio miembro: US $105.00
Precio no miembro: US $135.00
CRM14S
GERMAN
HEBREW
LITHUANIAN
ROMANIAN
RUSSIAN
THAI
TURKISH
Information is todays currency. Yet the complexity of the business and technology environments continues
to grow, with increasing legal and regulatory requirements, as well as more diverse and sophisticated
security threats. As enterprises are faced with massive volumes of data, tightening privacy restrictions and
a tangle of regulations, maximizing the value of an enterprises information and technology becomes a daily
challenge. ISACA can help.
Manual de Preguntas, Respuestas

y Explicaciones de Preparacin al
Examen CISA Suplemento 2014
El Manual de Preguntas, Respuestas y Explicaciones

de Preparacin al Examen CISA Suplemento
2014 contiene 100 nuevas preguntas de ejemplo,
respuestas y explicaciones, para ayudar a los
candidatos a prepararse de forma efectiva el examen
CISA. Estas nuevas preguntas estn diseadas para
ser similares a las realmente empleadas en el examen.
Las preguntas estn diseadas para ofrecer a los
candidatos un entendimiento sobre el tipo y estructura
de las preguntas que han aparecido habitualmente
en exmenes anteriores, y han sido preparadas
especficamente para su utilizacin
en la preparacin del examen CISA.
Base de Datos de Preguntas de

Prctica v14 CISA
La Base de Datos de Preguntas de Prctica v14 CISA

combina el Manual de Preguntas, Respuestas y
Explicaciones de Preparacin al Examen CISA 2013 con
los Suplementos 2013 y 2014 del Manual de Preguntas,
Respuestas y Explicaciones de Preparacin al Examen
CISA (100 preguntas y respuestas cada uno) en un
producto completo para estudio con 1150 preguntas.
Los candidatos pueden tomar ejemplos de exmenes
con preguntas seleccionadas al azar, y pueden ver
los resultados por rea de prctica de trabajo, lo que
permite que el candidato se concentre en un rea
particular. Adems, las preguntas generadas durante
una sesin de estudio estn clasificadas de acuerdo a
la historia de calificaciones previas del usuario,
lo que permite a los candidatos CISA identificar
fcilmente sus puntos fuertes y dbiles y concentrar de
esa manera su estudio de acuerdo a lo que necesiten.
Disponible en CD-ROM CDB14S o en
versin de descarga CDB14SW.

QAE14SS
Book Review
22
ESPAOL (Continuado)
Manual de Preguntas, Respuestas y
Explicaciones de Preparacin al
Examen CISA 2013

Examen CISA Suplemento 2013

de Preparacin al Examen CISA Suplemento 2013
contiene 100 nuevas preguntas de ejemplo, respuestas
y explicaciones, para ayudar a los candidatos a
prepararse de forma efectiva el examen CISA.
Estas nuevas preguntas estn diseadas para ser
similares a las realmente empleadas en el examen.
Las preguntas estn diseadas para ofrecer a los
candidatos un entendimiento sobre el tipo y estructura
de las preguntas que han aparecido habitualmente
en exmenes anteriores, y han sido preparadas
especficamente para su utilizacin
en la preparacin del examen CISA.

QAE13S

Examen CISM Suplemento 2014
El Manual de Preparacin al Examen CISM 2014

es una gua completa de referencia diseada para
ayudar a quienes se preparan para el examen CISM,
as como a quienes desean comprender los roles y las
responsabilidades de un gerente de seguridad de la
informacin. El manual ha sido continuamente mejorado
durante las diez ediciones anteriores, siendo un recurso
global sobre el gerenciamiento de la seguridad de la
informacin actualizado, completo, y prerevisado por pares altamente calificados.
CM14S
ESPAOL (Continuado)
Diseado para familiarizar a los candidatos con los

modelos de pregunta y temas encontrados en el examen
CISA, el Manual de Preguntas, Respuestas y Explicaciones
de Preparacin al Examen CISA 2013 consta de 950
preguntas de estudio, de tipo seleccin mltiple, que
aparecieron en el Manual de Preguntas, Respuestas y
Explicaciones de Preparacin al Examen CISA 2011 y
los Suplementos 2011 y 2012 del Manual de Preguntas,
Respuestas y Explicaciones de Preparacin al Examen
CISA. Muchas preguntas han sido revisadas o escritas
completamente de nuevo para representar mejor el
formato de las preguntas en el examen CISA y/o brindar
aclaraciones o explicaciones adicionales sobre la respuesta
correcta. Estas no son preguntas reales del examen; pero
se espera que proporcionen al candidato a CISA una mayor
comprensin del tipo y la estructura
de las preguntas y los temas que han
aparecido anteriormente en el examen.
Manual de Preparacin al
Examen CISM 2014
23

QAE13SS

de Preparacin al Examen CISM Suplemento
2014 consta de 100 nuevas preguntas de ejemplo,
sus respuestas y explicaciones para ayudar a los
candidatos a prepararse efectivamente para el examen
CISM. Estas nuevas preguntas estn diseadas
para ser similares a las de los exmenes reales. Se
busca que las preguntas brinden a los candidatos
a CISM la comprensin del tipo y estructura de las
preguntas que tpicamente han aparecido en exmenes
anteriores, y fueron especficamente
preparadas para ser utilizadas en la
preparacin para el examen CISM.
CQA14SS
Manual de Preguntas, Respuestas

y Explicaciones de Preparacin al
Examen CISM Suplemento 2014

de Preparacin al Examen CISM 2014 consiste
en 815 preguntas de estudio de mltiple eleccin,
respuestas y explicaciones que estn organizadas
segn las reas de prctica de trabajo de CISM. Las
preguntas de este manual han sido recopiladas desde
el Manual de Preguntas, Respuestas y Explicaciones
de Preparacin al Examen CISM 2012 y los
Suplementos 2012 y 2013 del Manual de
Preguntas, Respuestas y Explicaciones
de Preparacin al Examen CISM.
CQA14S
Controles estratgicos y
operacionales de la TI
John Kyriazogloul
Tome el control de sus sistemas informticos y

obtenga las recompensas que le ofrece el negocio.
Todos estamos familiarizados con los beneficios
que la informtica proporciona a los negocios. Sin
embargo, los sistemas informticos desestructurados
o mal controlados pueden sembrar el caos, ocasionar
resultados inesperados e incluso amenazar su negocio
a travs de crmenes informticos y de violaciones de
seguridad. Para llevar estos riesgos al mnimo, cualquier
sistema informtico necesita una serie de controles
que aseguren el mximo beneficio de la tecnologa al
mismo tiempo que una reduccin de las
amenazas potencial para la empresa.
Principios de Auditoria y Control

de Sistemas de Informacion
(Segunda Edicion)
Manuel Tupia Anticona
Esta publicacin rene las nuevas prcticas

internacionalmente aceptadas para auditoria de
sistemas y tecnologas de informacion informacin
comunicaciones, con un lenguaje sencillo. Se
detallan tanto los aspectos de gestin como los
de carcter meramente tcnico basados en el
cuerpo de conocimientos propuesto
por ISACA internacional.
ITCA2
Computacin Forense: Descubriendo

Los Rastros Informticos
Jeimy Cano
En aos recientes, se ha visto un incremento en el

nmero de delitos informticos, que han impactado
considerablemente a la sociedad, para realizar
investigaciones sobre delitos relacionados con las
TIC se utilizan las tcnicas de cmputo forense, con
el objetivo de preserver y analizar adecuadamente
la evidencia digital que est tambin ligado a los
aspectos legales que deben considerarse para presenter
adecuadamente los resultados de la
investigacin de la evidencia digital.
1AOCF

20ITCE
Book Review
24
COBIT 5 es el marco general que engloba negocio y

gestin para el gobierno y la gestin de las TI de la
empresa. Este volumen documenta los 5 principios de
COBIT 5 y define los 7 catalizadores de apoyo que forman
el marco. COBIT 5 es el nico marco de negocio para el
gobierno y la gestin de las TI de la empresa. Esta versin
evolucionada contiene las ltimas ideas en tcnicas
de gobierno y gestin empresarial y ofrece principios
universalmente aceptados, herramientas de anlisis y
modelos para que aumente la confianza en
y el valor de los sistemas de informacin.
Un libro electrnico gratuito
CB5SS
COBIT 5 Implementacin tambin est disponible

como descarga PDF gratuita para miembros de ISACA.
Esta gua y COBIT 5 reconocen que la informacin
y las tecnologas de la informacin relacionadas
son generalizadas en las empresas y que no es
posible, ni es buena prctica separar las actividades
empresariales de las relacionadas con TI. Por lo tanto, el
gobierno y la gestin de las TI de la empresa deberan
implementarse como parte ntegra del gobierno de la
empresa, cubriendo de extremo a extremo las reas de
responsabilidad empresariales y funcionales de TI.
Esta publicacin facilita un enfoque de buenas prcticas
para implementar un gobierno TI de la empresa (GEIT,
por sus siglas en ingls) basado en un ciclo de vida
de mejora continua que debe disearse en funcin
de las necesidades particulares de cada empresa.
CB5IGS
CHINESE
ESPAOL (Continuado)
COBIT 5 Framework
25
COBIT 5: Procesos Catalizadores tambin est

disponible como descarga PDF gratuita para miembros
de ISACA. Esta publicacin complementa a COBIT
5 y contiene una gua de referencia detallada de
los procesos que estn definidos en el modelo de
procesos de referencia de COBIT 5. COBIT 5: Procesos
Catalizadores incluye La Cascada de Metas de COBIT
5, El Modelo de Procesos de COBIT 5 y
El Modelo de Referencia de Procesos.
CB5EPS
COBIT 5 For Information Security
COBIT 5 para Seguridad de la Informacin es una Gua

Profesional de COBIT 5. Examina COBIT 5 desde el punto
de vista de la seguridad, mirando con un prisma de
seguridad a los conceptos, catalizadores y principios de
COBIT 5. El apndice B, Gua Detallada: Catalizador de
Procesos se presenta en el mismo formato que las tablas
de COBIT 5: Procesos Catalizadores y proporciona objetivos
y mtricas de procesos, entradas/salidas y actividades,
especficos para seguridad. COBIT 5 para Seguridad de la
Informacin est destinado a todas las partes interesadas
de la empresa, porque la seguridad de la informacin
es responsabilidad de todas las partes interesadas
de la empresa. Usarlo puede suponer beneficios para
la empresa como mejores decisiones sobre riesgos y
gestin de gastos relacionados con la
funcin de seguridad de la informacin.
2014 CISA
(CISA Review Manual 2014)

CISA (IS)
105
135
CRM14C
2014 CISA
(CISA Review Questions, Answers & Explanations

Manual 2014 Supplement) 100
2014
CISA
CISA
CISA
40
60
QAE14CS
2013 CISA

Manual 2013) CISA
950
2011 CISA
CISA (2011
and 2012 Supplements) 2011 2012
CISA
100
130
QAE13C
2013 CISA

Manual 2013 Supplement) 100
2014
CISA
CISA
CISA
40
60
QAE13CS

Book Review
26
CHINESE (Continued)
COBIT 5 Framework
COBIT 5IT
COBIT 5IT
100
130
CB5C
COBIT 5 PDF
ISACA
COBIT 5 COBIT 5
COBIT 5
35
135
CB5EPC
27
FRANAIS
COBIT 5 PDF
ISACA
COBT 5
IT
IT
IT
IT
35
150
CB5IGC
Manuel de Prparation CISA 2014
Le Manuel de Prparation CISA 2014 est un guide

de rfrence exhaustif destin aider les candidats
se prparer lexamen CISA et comprendre les
rles et les responsabilits dun auditeur informatique.
Le Manuel a t amlior par rapport aux ditions
antrieures. Rvis par des pairs, il reprsente
la ressource en audit, assurance, scurit et
contrle des systmes dinformation
la plus jour et la plus complte
disponible travers le monde.
Prix membres : 105.00 $ US

Prix non-membres : 135.00 $ US
CRM14F
Manuel Complmentaire CISA 2014:

Questions, Rponses et Explications
Manuel Complmentaire CISA 2013:

Questions, Rponses et Explications
Le Manuel Complmentaire CISA 2013 : Questions,

Rponses et Explications contient 100 nouvelles
questions, leurs rponses et des explications pour aider
les candidats prparer efficacement lexamen CISA.
Ces nouvelles questions sont conues lidentique
des questions dun examen rel. Les questions visent
donner au candidat lexamen CISA une bonne
comprhension des structures et des types de questions
qui ont t poses lors des examens prcdents. Ces
questions ont t ralises spcialement
pour la prparation lexamen CISA.
QAE13FS
Le Manuel Complmentaire CISA 2014: Questions,

Rponses et Explications contient 100 nouvelles
questions, leurs rponses et des explications pour
aider les candidats prparer efficacement lexamen
CISA. Ces nouvelles questions sont conues
lidentique des questions dun examen rel. Les
questions visent donner au candidat lexamen
CISA une bonne comprhension des structures et
des types de questions qui ont t poses lors des
examens prcdents. Ces questions ont t ralises
spcialement pour la prparation
lexamen CISA.
QAE14FS
Book Review
28
ITALIAN
Manuale Tecnico CISA 2014
Manuale Tecnico CISA 2014 una guida di riferimento

completa concepita per aiutare i candidati nella
preparazione dellesame CISA e nella comprensione dei
ruoli e delle responsabilit di un auditor informatico. Il
manuale stato migliorato rispetto alle passate edizioni
e rappresenta oggi la fonte di riferimento pi attuale,
esaustiva e autorevole a livello mondiale
nel campo dellIT audit e della gestione
della sicurezza delle informazioni.
Prezzo socio: $ USA 105.00

Prezzo non socio: $ USA 135.00
CRM14I
Manuale di Esercitazione CISA:

Domande, Risposte e Spiegazioni
Supplemento 2014
Manuale di Esercitazione CISA: Domande, Risposte e

Spiegazioni Supplemento 2014 contiene 100 nuove
domande esemplificative, con risposte e spiegazioni per
aiutare i candidati a prepararsi con efficacia allesame
CISA. Queste nuove domande sono presentate in modo
da costituire una simulazione desame. Le domande hanno
lo scopo di consentire al candidato di capire il tipo e la
struttura delle domande presenti negli esami precedenti e
sono state formulate specificatamente per essere utilizzate
nella preparazione allesame CISA.
QAE14IS
Manuale di Esercitazione CISA 2013:

Concepito per familiarizzare il candidato con il tipo di

domande e gli argomenti dellesame CISA, il Manuale
di esercitazione CISA 2013: Domande, Risposte e
Spiegazioni consiste di 950 domande a scelta multipla,
tratte dal Manuale di esercitazione CISA 2011:
Domande, Risposte e Spiegazioni e dai Supplementi
2011 e 2012. Molte domande sono state riadattate
o totalmente riformulate per adeguarsi meglio al
formato corrente delle domande desame CISA e/o a
scopo di maggior chiarezza o migliore spiegazione della
risposta esatta. Queste domande possono essere o
no analoghe a quelle che compaiono allesame vero e
proprio e sono fornite al candidato CISA per agevolare la
comprensione del tipo e della struttura
di domande e contenuti che sono
precedentemente apparsi nellesame.
29
ITALIAN (Continued)
JAPANESE
IT Control Objectives for Cloud

Computing: Controls and Assurance
in the Cloud (Italian)
2014
(CISA
Il cloud computing un importante tema emergente nel

mondo economico di oggi. Come seguito al documento
pubblicato nellottobre 2009, ISACA ha realizzato
questa edizione per approfondire lassurance del cloud
computing. Lattenzione si concentra sui controlli e
sulle contromisure da utilizzare nel cloud, ma esamina
anche come adottare il cloud per creare valore nei
sistemi aziendali. Il libro illustra questa soluzione e la
sua importanza per le imprese, i rischi e la necessit
di unattivit di assurance facilitata da COBIT.
Prezzo membro: GRATIS
Non membri Prezzo: US $50.00
WITCOCI
2014(CISA)
CISACISA
IS
: US $105.00
: US $135.00
CRM14J
2013CISA&

QAE13I
2013CISA
CISA
950
2011CISA
20112012CISA
()
2011CISA
CISA
CISA
2014CISA
2013CISA
2014
CISA
Manuale di Esercitazione CISA:

Supplemento 2013

Spiegazioni Supplemento 2013 contiene 100 nuove
domande esemplificative, con risposte e spiegazioni per
aiutare i candidati a prepararsi con efficacia allesame
CISA. Queste nuove domande sono presentate in modo
da costituire una simulazione desame. Le domande
hanno lo scopo di consentire al candidato di capire il
tipo e la struttura delle domande presenti negli esami
precedenti e sono state formulate
specificatamente per essere utilizzate
nella preparazione allesame CISA.
: US $100.00
: US $130.00

QAE13IS
QAE13J
Book Review
30
JAPANESE(Continued)
2014CISA
2014CISA &
(CISA
100
CISA
2014CISA
2013CISA
: US $40.00
: US $60.00
QAE14JS
2013CISA&
)
2013CISA
) CISA
100
CISA
2014CISA
2013CISA
31
JAPANESE(Continued)
2012
(CISM)
2012CISMCISM
10
: US $85.00
: US $115.00
COBIT 5: Enabling ProcessISACA

PDF
COBIT 5COBIT 5
COBIT 5
35.00 US
135.00 US
CB5EPG
CM12J
COBIT 5: ImplementationISACA
PDF
COBIT 5 IT
IT
IT (GEIT)
COBIT 5 Framework
COBIT 5IT
COBIT 5
7
COBIT 5IT
: US $35.00
: US $50.00
CB5J
35.00 US
150.00 US
CB3IGJ
: US $40.00
: US $60.00
QAE13JS
Book Review
32
ARABIC
GERMAN
HEBREW
LITHUANIAN
COBIT 5 Framework
COBIT 5 Framework
COBIT 5
COBIT 5 Framework

, , /
. COBIT
,
-21. COBIT 5
, , ,
,

.

Nemokamai ebook
CB5L
5

.

.

.

.

)(

: US $35.00
: US $50.00

CB5AR
COBIT 5 ist das bergreifende Business- und

Management-Rahmenwerk fr die Governance und
das Management der Unternehmens-IT. Dieser Band
dokumentiert die fnf Grundstze von COBIT 5 und
definiert 7 untersttzende Enabler, die das Rahmenwerk
bilden. COBIT 5 ist das einzige Business-Rahmenwerk fr
die Governance und das Management der UnternehmensIT. Diese weiterentwickelte Version enthlt die neusten
Entwicklungen auf dem Gebiet der UnternehmensGovernance und den Managementtechniken, und
stellt allgemein akzeptierte Grundstze, analytische
Werkzeuge und Modelle zur Verfgung, um zu helfen,
das Vertrauen in und Wert von
Informationssystemen zu vergrern.
Mitgliederpreis: 35,00 USD.
Preis fr Nicht-Mitglieder: 50,00 USD.
Ein kostenloses E-Book
CB5G
33
COBIT 5
.
COBIT 5

.
COBIT 5 yra visa apimanti veiklos valdymo metodika,

skirta organizacijos IT valdymui ir vadovavimui. ioje
knygoje pateikiami 5 COBIT 5 principai ir apraomos
metodikos pagrind sudaranios 7 realizavimo priemons.
COBIT 5 yra vienintel veiklos valdymo metodika, skirta
organizacijos IT valdymui ir vadovavimui. i evoliucin
versija pateikia naujausi poir organizacijos IT valdymo
ir vadovavimo metodus, naudodama visame pasaulyje
pripaintus principus, analitines priemones ir modelius,
leidianius labiau pasitikti informacinmis
sistemomis ir gauti i j didesn vert.
: US $40.00
: US $60.00

CB5H
Bitte beachten Sie, dass COBIT 5: Enabling Processes

fr ISACA-Mitglieder auch als kostenloser PDFDownload zur Verfgung steht. Diese Publikation
ergnzt COBIT 5 und enthlt einen detaillierten
Referenz-Leitfaden zu den Prozessen, die im COBIT 5
Prozessreferenzmodell definiert werden. Sie enthlt
die COBIT 5 Ziel-Kaskade, das Prozessmodell und
Prozessreferenzmodell. C13
Member Price: US $35.00
Nonmember Price: US $135.00
Ein kostenloses E-Book
CB5EPG
Book Review
34
ROMANIAN
RUSSIAN
THAI
TURKISH
COBIT 5 Framework
COBIT 5 Framework
COBIT 5 Framework

/

COBIT

21 COBIT 5

ISACA yelerine: US $35.00

dur ve ye olmayanlara US : US $135.00
cretsiz kitap
CB5EPT
COBIT 5 este cadrul de referin general pentru guvernarea

i managementul IT din cadrul organizaiilor. Acest volum
documenteaz cele cinci principii ale COBIT 5 i definete
7 catalizatori suport care alctuiesc cadrul de referin.
COBIT 5 este singurul cadru de referin adresabil
afacerilor pentru guvernarea i managementul IT n cadrul
organizaiilor. Aceast versiune evolutiv ncorporeaz cele
mai recente opinii cu privire la tehnicile de guvernare i
management i ofer principii acceptate la nivel mondial,
instrumente analitice i modele care
ajut la creterea ncrederii n, i valoarea
rezultat din sistemele informaionale.
Pre pentru membri: US 35.00
Pre pentru nonmembri: US 50.00
Un eBook gratuit
CB5R
V rugm s reinei c manualul COBIT 5: Procese

catalizatoare este de asemenea disponibil ca fiier pdf,
descrcabil gratuit de ctre membrii ISACA. Aceast
publicaie completeaz COBIT 5 i conine un ghid
detaliat al proceselor definite n modelul de referin al
proceselor din COBIT 5. Manualul include de asemenea
i succesiunea obiectivelor COBIT 5 i
modelul de referin al proceselor.
COBIT 5 -
.

COBIT 5
,
. COBIT 5
,
.

, ,
,
,
,

.
:
US $ 35.00,
:
US $ 50.00.

CB5RU
35
COBIT 5

5
COBIT 5

7

COBIT 5: Gerekletirme Sreleri ISACA yelerine

cretsiz olarak pdf formatnda www.isaca.org sitesinden
sunulmaktadr. COBIT 5: Gerekletirme Sreleri,
COBIT 5in iinde tanmlanan sre referans modelinin
detaylarn, hedef basamaklarn ve
olgunluk modelini tanmlamaktadr.

: US $35.00

: US $50.00
eBook
CB5TH
Pre pentru membri: US 35.00

Pre pentru nonmembri: US 135.00
Un eBook gratuit
CB5EPR
Book Review
36
37
RISK Related
RISK RELATED
Section: 04
The Failure of Risk Management:

Why Its Broken and How to Fix It
Information Technology Risk Management

in Enterprise Environments
Douglas W. Hubbard
Jake Kouns and Daniel Minoli
An essential guide to the calibrated risk analysis

approach, this book takes a close look at misused
and misapplied basic analysis methods. Using
examples from the credit crisis, natural disasters,
outsourcing, engineering disasters and more, the
author reveals critical flaws in risk
management methods and how
these problems can be fixed.
This book provides a comprehensive review of

industry approaches, practices and standards on how
to handle the ever-increasing risks to organizations
business-critical assets. Through a practical
approach, this book explores key
topics that enable readers to uncover
and remediate potential infractions.
Member: US $50.00
78WRM
How to Complete a Risk Assessment in

5 Days or Less
Thomas R. Peltier
This is what risk assessment is all about. This book

demonstrates how to identify threats your company
faces and then determine if those threats pose a real
risk to the organization. To help you determine the best
way to mitigate risk levels in any given
situation, this book includes userfriendly checklists, forms, questionnaires
and sample assessments.
Member: US $92.00
11CRC8
Member: US $104.00
84WRM
Advanced Persistent Threats:

How to Manage the Risk to Your Business
ISACA
An APT to the organization and practical measures that
can be taken to prevent, detect and respond to such an
attack. In addition, it highlights key differences between
the controls needed to counter the risk of an APT attack
and those commonly used to mitigate
everyday information security risk.
Member: US $35.00
Available in print APT and
eBook WAPT formats
In business today, strong support from IS/IT is an indispensable component of any company, and can be what
separates good companies from great ones. Business leaders know that its not technology per se but the
ability to use it wisely that counts. Helping businesses make that transition requires more than just problem
solvers. ISACA invests in research that grows knowledge and results in the development of innovative
thinking that security professionals can leverage in their everyday functions and strategies for the future.
Book Review
38
RISK Related
RISK Related
The Operational Risk Handbook for

Financial Companies
IT Risk: Turning Business Threats

Into Competitive Advantage
Brian Barnier
George Westerman and Richard Hunter
Range of proven operational risk techniques from

other industries and disciplines to the troubled
territory of financial services. The author introduces
a range of sophisticated, dependable and
cruciallyapproachable tools for risk evaluation,
risk response and risk governance. He provides a
more robust way of gaining a better picture of risks,
shows how to build risk-return awareness into
decision making, and explores how
to fix (and not just report) risk.
Based on research conducted by the Massachusetts

Institute of Technology (MIT)s Center for Information
Systems Research and Gartner Inc., this book helps
enterprises focus on the most pressing risks and
leverage the upside that comes with vigilance.
Traditionally, managers have grouped technology
risk and funding into silos. IT Risk outlines a new
model for integrated risk management,
which identifies three core areas that
can be developed to eliminate the
problems that silo strategies create.
Member: US $53.00
1HOP
1
0
0
1
0
1
0
1
0
1
0
1
0
1
0
1
0
1
0
1
0
1
0
1
0
1
0
1
0
1
0
1
0
1
0
1
0
1
0
1
0
1
0
1
0
1
0
1
0
1
0
1
1
0
1
0
1
0
1
0
1
0
1
0
1
0
1
0
1
0
1
0
1
0
1
0
1
0
1
0
1
0
1
0
1
0
1
0
1
0
1
0
1
0
1
0
1
0
1
0
1
0
1
0
0
1
0
1
0
1
0
1
0
1
0
1
0
1
0
1
0
1
0
1
0
1
0
1
0
1
0
1
0
1
0
1
0
1
0
1
0
1
0
1
0
1
0
1
0
1
0
1
0
1
39
ISACA has issued white papers to provide

constituents with practical and pragmatic
information that is timely and relevant regarding
issues that impact enterprise operations.
Each white paper is provided as a complimentary
PDF download, and a link for your feedback is
provided on each white paper landing page. Your
feedback is a very important element in the process
of the development of ISACA guidance for our
constituents.
Member: US $35.00
2HBS
1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1
0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
1 0 1 0 1 0 0 1 0 1 0 1 0 1 0 0 1 0 1 0 1 0 1 0 0 1 0 1 0 1 0 1 0 0 1 0 1 0 1 0 1 0 0 1
0 1 0 1 0 1 1 0 1 0 1 0 1 0 1 1 0 1 0 1 0 1 0 1 1 0 1 0 1 0 1 0 1 1 0 1 0 1 0 1 0 1 1 0
1 0 1 0 1 0 0 1 0 1 0 1 0 1 0 0 1 0 1 0 1 0 1 0 0 1 0 1 0 1 0 1 0 0 1 0 1 0 1 0 1 0 0 1
0 1 0 1 0 1 1 0 1 0 1 0 1 0 1 1 0 1 0 1 0 1 0 1 1 0 1 0 1 0 1 0 1 1 0 1 0 1 0 1 0 1 1 0
1 0 1 0 1 0 0 1 0 1 0 1 0 1 0 0 1 0 1 0 1 0 1 0 0 1 0 1 0 1 0 1 0 0 1 0 1 0 1 0 1 0 0 1
0 1 0 1 0 1 1 0 1 0 1 0 1 0 1 1 0 1 0 1 0 1 0 1 1 0 1 0 1 0 1 0 1 1 0 1 0 1 0 1 0 1 1 0
1 0 1 0 1 0 0 1 0 1 0 1 0 1 0 0 1 0 1 0 1 0 1 0 0 1 0 1 0 1 0 1 0 0 1 0 1 0 1 0 1 0 0 1
0 1 0 1 0 1 1 0 1 0 1 0 1 0 1 1 0 1 0 1 0 1 0 1 1 0 1 0 1 0 1 0 1 1 0 1 0 1 0 1 0 1 1 0
1 0 1 0 1 0 0 1 0 1 0 1 0 1 0 0 1 0 1 0 1 0 1 0 0 1 0 1 0 1 0 1 0 0 1 0 1 0 1 0 1 0 0 1
0 1 0 1 0 1 1 0 1 0 1 0 1 0 1 1 0 1 0 1 0 1 0 1 1 0 1 0 1 0 1 0 1 1 0 1 0 1 0 1 0 1 1 0
1 0 1 0 1 0 0 1 0 1 0 1 0 1 0 0 1 0 1 0 1 0 1 0 0 1 0 1 0 1 0 1 0 0 1 0 1 0 1 0 1
0 1
0 1 0 1 0 1 1 0 1 0 1 0 1 0 1 1 0 1 0 1 0 1 0 1 1 0 1 0 1 0 1 0 1 1 0 1 0 1 0 1
1 0
0
1 0 1 0 1 0 0 1 0 1 0 1 0 1 0 0 1 0 1 0 1 0 1 0 0 1 0 1 0 1 0 1 0 0 1 0 1 0 1
1
1 1 0
0 1 0
0 1 1 0 1 0 1 0 1 0 1 1 0 1 0 1 0 1 0 1 1 0 1 0 1 0 1 0 1 1 0 1 0
0 0 1
1 0 1
0 1 0 1 0 1 0 1 0 0 1 0 1 0 1 0 1 0 0 1 0 1 0 1 0 1 0 0 1 0 1
1 1
0 1 0
1 0 1 0 1 0 1 0 1 1 0 1 0 1 0 1 0 1 1 0 1 0 1 0 1 0 $1 1 0 1
C-LEVEL EXECUTIVES
0 0 1
1 0 1
0 1who 0say that
1 customer
0 1 0 1 0 0 1 0 1 0 1 0 1 0 0 1 0 1 0 1 0 1 PER
0 RECORD
0 1 0
$
1 1 0
0 1 0
1 0 satisfaction
1 0 1is very
0 1 0 1 1 0 1 0 1 0 1 0 1 1 0 1 0 1 0 1 Cost
0 when
1 data
1 breach
0 1
0 0 1
1 0 1
0 1 much
0 affected
1 0 by1 0 1 0 0 1 0 1 0 1 0 1 0 0 1 0 1 0 1 0 caused
1 by
0 hacker
0 1or other
0
cybercriminal
IT
risk
1 1due 0
0 1 0
1 0 1 0 1 0 1 0 1 1 0 1 0 1 0 1 0 1 1 0 1 0 1 0 1 0 1 1 0 1
Annual losses
0 0 1
1 0 1
0 1 0 1 0 1 0 1 0 0 1 0 1 0 RISK
1 0SCENARIO
1 0 0 1 0 1 0 1 0 1 0 0 1 0
to cybercrime
Auditors with
1
0
1 1 0
0
1
0
1
1
0
1
0
1
0
1
1
0
1
0
1
0
1
0
1
1
0
1
0
1
0
1
0
1
1
0
1
categories addressed in
NO PLANS TO INCLUDE
0 1 0 0 1
1SOCIAL
0 MEDIA
1
0
1 0 1 0 1 0 0 1 0 1 0 1COBIT
0 51for Risk
0 0 1 0 1 0 1 0 1 0 0 1 0
RISK
0 1 0 1 1 0
0 1 in audits
0
1
0 1 0 1 0 1 1 0 1 0 1 0 1 0 1 1 0 1 0 1 0 1 0 1 1 0 1
1 0 1 0 0 1
1 0 1
0
1 0 1 0 1 0 0 1 0 1 0 1 0 1 0 0 1 0 1 0 1 0 1 0 0 1 0
0 1
0 1 0 1 1 0
1 0 1 0 1$ 0 1 1 0 1 0 1 0 1 0 1 1 0 1 0 1 0 1 0 1 1 0 1
0 1 0
1 0 1 0 0 1
1
1 0 1 0 1 0
1 0 1 0 1 0 0 1 0 1 0 1 0 1 0 0 1 0 1 0 1 0 1 0 0 1 0
0
0 1 0 1 1 0
0 1 0
0 1 0 1 0 1 1 0 1 0 1 0 1 0 1 1 0 1 0 1 0 1 0 1 1 0 1
1 0 1 +0 0 1
0
1 0 1
1 0 Amount
1 0 at1risk 0for every
0 1 0 1 0 1 0 1 0 0 1 0 1 0 1 0 1 0 0 1 0
$1 billion that
0 1 0 1 1 0
1
0 1 0
0 1 0 1 0 1 1 0 1 0 1 0 1 0 1 1 0 1 0 1 0 1 0 1 1 0 1
companies spend
1 0 PER1 WEEK
0
0 0 1
1 0 1
1 0 1 0 1 0 0 1 0 1 0 1 0 1 0 0 1 0 1 0Ranking
1 of
0 FAILURE
1 0 0 1 0
Average number of
0 1 0 1 1FRAUD
0
1 0 1 0 1 1
0 1 0 1 0 1 1 0 1 0 1 0 1 0 1 1 0 1 0 1 TO
0 INNOVATE
1 0 1 1 0 1
EMPLOYEE-RELATED
on
Top
10
Global
1 incidents
0 1 in0 past0 1
0 1 0 1 0 0
1 0 1 0 1 0 0 1 0 1 0 1 0 1 0 0 1 0 1 0 1 0 1 0 0 1 0 1
1 1 0
0 1 0 1 0 1 1
0 1 0 1 0 1 1 0 1 0 1 0 1 0 1 1 0 1 0 1 0 Risk
1 list0 1 1 0 1 0 1 0 1 12 0months
0 1 500
0 0 1 0 1 0 1 0 1 0 0 1 0 1 0 1 0 1 0 0 1 0 1 0 1 0 1 0 0 1 0 1 0 1 0 1 0 0 1
1 0 1 FORTUNE
1 0 EXECUTIVES
1 1 0 1 0 1 0 1 0 1 1 0 1 0 1 0 1 0 1 1 0 1 0 1 0 1 0 1 1 0 1 0 1 0 1 0 1 1 0
0 1 CHIEF
0 AUDIT
with no plans to increase
1 0 1 0 1 0 0 1 0 1 0 1 0 1 0 0 1 0 1 0 1 0 1 0 0 1 0 1 0 1 0 1 0 0 1 0 1 0 1 0 1 0 0 1
focus on IT
0
0 1 0 1 1 0 1 0 1 0 1 0 1 1 0 1 0 1 0 1 0 1 1 0 1 0 1 0 1 0 1 1 0 1 0 1 0 1 0 1 1 0
1 0 1 0 1 0 0 1 0 1 0 1 0 1 0 0 1 0 1 0 1 0 1 0 0 1 0 1 0 1 0 1 0 0 1 0 1 0 1 0 1 0 0 1
0 1 0 1 0 1 1 0 1 0 1 0 1 0 1 1 0 1 0 1 0 1 0 1 1 0 1 0 1 0 1 0 1 1 0 1 0 1 0 1 0 1 1 0
1 0 1 0 1 0 0 1 0 1 0 1 0 1 0 0 1 0 1 0 1 0 1 0 0 1 0 1 0 1 0 1 0 0 1 0 1 0 1 0 1 0 0 1
0 1 0 1 0 1 1 0 1 0 1 0 1 0 1 1 0 1 0 1 0 1 0 1 1 0 1 0 1 0 1 0 1 1 0 1 0 1 0 1 0 1 1 0
0 Reputational
1 0 1 0 0 1
1 0 1 0 1 0 0 1 The0Economic
1 Impact
0 of1Cyber 0Crime 1and Cyber
0 Espionage,
0 1Center0for Strategic
1 0and International
1 0 Studies,
1 July0 2013.02013 Cost
1 of 0Data Breach
1 Study:
0 Global
1 Analysis,
0 1 Ponemon
0 Institute,
0 May
1 2013.
0 20121 IBM Global
1 2013,
0 1 1 0 Risk1and IT0Study.1The Risk
0 Aon1Risk 0 1 1 0
0 1 0 1 SOURCES:
0 of Insider
1 Fraud,
0 Ponemon
1 1Institute,
0 February
1 2013.
0 Pulse
1 of the
0 Profession,
1 0IIA, 2013.
1 20131Internal
0 Audit1Capabilities
0 1and Needs
0 Survey
1 Report,
0 Protiviti.
1 1Global 0Risk Management
1 0 Survey
Solutions. 2013 Pulse of the Profession, Project Management Institute, March 2013. COBIT 5 for Risk, ISACA, 2013.
1 0 1 0 1 0 0 1 0 1 0 1 0 1 0 0 1 0 1 0 1 0 1 0 0 1 0 1 0 1 0 1 0 0 1 0 1 0 1 0 1 0 0 1
0 1 0 1 0 1 1 0 1 0 1 0 1 0 1 1 0 1 0 1 0 1 0 1 1 0 1 0 1 0 1 0 1 1 0 1 0 1 0 1 0 1 1 0
1 0 1 0 1 0 0 1 0 1 0 1 0 1 0 0 1 0 1 0 1 0 1 0 0 1 0 1 0 1 0 1 0 0 1 0 1 0 1 0 1 0 0 1
0 1
0
1 0 1 0
1 0
0 1
0 1
1 0 1 0
0 1
1 0 1 0
0 1
1 0 1 0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
1
1
1
1
1
1
1
1
THE IT RISK EFFECT
Failing to include technology risk in enterprise risk can have major impact
46%
157
20
45%
100
1
0
0
1
0
1
0
1
0
1
0
1
0
1
0
1
0
1
0
BILLION
135
MILLION
#6
62%
ISACA Published
White Papers
0
1
0
1
0
1
0
1
0
1
0
1
0
1
1
0
1
0
1
0
1
0
1
0
1
0
1
0
1
1
0
1
0
1
0
1
0
1
0
1
0
1
0
1
0
1
0
1
0
1
0
1
0
1
0
1
0
1
0
1
0
1
0
1
0
1
0
1
0
1
0
1
0
1
0
1
0
1
0
1
0
0
1
0
1
0
1
0
1
0
1
0
1
0
1
0
1
0
1
0
1
0
1
0
1
0
1
0
1
0
1
0
1
0
1
0
1
0
1
0
1
0
1
0
1
0
1
0
1
0
1
0
1
0
1
0
1
0
1
0
1
0
1
0
1
0
1
0
1
0
1
0
1
0
1
0
1
0
1
0
1
0
1
0
1
0
1
0
1
0
1
0
1
0
1
0
1
0
Advanced Persistent
Threat Awareness Study
Results
Big Data: Impacts and
Benefits
Generating Value From

Big Data Analytics
Guiding Principles
for Cloud Computing
Adoption and Use
Business Continuity
Management: Emerging
Trends
Incident Management and

Response
C alculating Cloud ROI:

From the Customer
Perspective
Security As A Service
Cloud Computing Market

Maturity Study Results
Cloud Governance:
Questions Boards of
Directors Need to Ask
Privacy and Big Data Aug

Security Considerations
for Cloud Computing
Virtualization Desktop
Infrastructure (VDI)
Please visit www.isaca.org/whitepapers to

download and comment on these valuable resources.
Book Review
40
AUDIT, CONTROL, SECURITY

Section: 05
ESSENTIALS
SPECIFIC ENVIRONMENTS
ISACAs diverse library of audit/assurance programs includes a wide range of topics focused on
a boundless mix of interests, talents and experiences. ISACA Audit/Assurance programs provide
a globally tested approach for balancing risk, value and the use of resources. It helps leaders
deliver on their business strategy through effective information and technology execution.
Book Review
42
Audit, Control, Security

ESSENTIALS
Access Control, Security, and Trust:
A Logical Approach
Shiu-Kai Chin and Susan Beth Older
This book equips readers with an access control logic

that they can use to specify and verify their security
designs. Throughout the text, the authors
use a single access control logic based on
a simple propositional modal logic.
Build Your Own Security Lab:

A Field Guide for Network Testing
Michael Gregg
Member: US $100.00
48CRC
Those whose job is to design or implement IT security

solutions, or who are studying for any security
certification, will benefit from this how-to guide. This
publication teaches readers how to assess needs, gather
the tools and create a controlled environment in which
to experiment, test and develop solutions that work.
With liberal examples from real-world
scenarios, it tells the reader how to
implement a strategy to secure systems
Accounting Information Systems,

9th Edition
Member: US $50.00
76WSL
Ulric J. Gelinas, Richard B. Dull and Patrick Wheeler

Todays accounting professionals are challenged to
identify enterprise risks and provide quality assurance
for a companys information systems focuses on critical
accounting information systems in use today
and controls for maintaining these systems.
Member: US $261.00
1IT9
Auditing and Assurance Services:

Understanding the Integrated Audit
Karen L. Hooks
This publication discusses the auditing professions

requirement to focus on the integrated audit in the
wake of the Sarbanes-Oxley Act. It also outlines the
impact of the Public Company Accounting
and Oversight Board (PCAOB) on the
auditing of public companies.
Building an Effective Information Security

Policy Architecture
Sandy Bacik
Information security teams are charged with developing

and maintaining a set of documents that will protect
the assets of an enterprise from constant threats and
risks. For these safeguards and controls to be effective,
they must suit the particular business needs of the
enterprise. This guide for security professionals explains
how to review, develop and implement a security
architecture for any size enterprise,
whether it is a global company or a
server message block.
Member: US $88.00
43CRC
43

ESSENTIALS (Continued)
Essentials
Data Protection: Governance, Risk

Management, and Compliance
The Definitive Guide to the

C&A Transformation
David G. Hill
David Coderre
Failure to appreciate the full dimensions of data

protection can lead to poor data protection
management, costly resource allocation issues and
exposure to unnecessary risks. Data Protection:
Governance, Risk Management, and Compliance
explains how to gain a handle on the
vital aspects of data protection.
Member: US $80.00
51CRC
Effective Project Management:

Traditional, Agile, Extreme, 6th Edition
Robert K. Wysocki
Many projects fail to deliver on time and within budget,

and often poor project management is to blame. The
newest edition of this expert and top-selling book helps
project managers avoid the pitfalls and manage projects
successfully. Covering the major project management
techniques including traditional (linear and incremental),
agile (iterative and adaptive) and extreme, this book
lays out a comprehensive overview of all of the bestof-breed project management
approaches and tools today.
Member: US $60.00
50WPM6
The first comprehensive manual that sets out to

explain current standards and best practices. This
book provides all the information needed to recognize,
implement and manage the relevant authorization
requirements, and, therefore, to
achieve compliance with federal,
local and agency laws and policies.
Member: US $70.00
13ITCAT
The Essential Guide to Internal Auditing,

2nd Edition
K. H. Spencer Pickett
This guide is essential for internal auditors. Learn

the audit context and how it fits into the wider
corporate agenda. This edition is set firmly within the
corporate governance, risk management and internal
control arena. It includes expanded coverage of risk
management and is updated throughout to reflect
the new Institute of Internal Auditors (IIA) standards
and current practice advisories. It
also includes many helpful models,
practical guidance and checklists.
Member: US $55.00
92WIA
Member: US $237.00
93WAAS
Book Review
44
Essentials
Essentials of Corporate Fraud
Information Security and Privacy:

A Practical Guide for Global Executives,
Lawyers and Technologists
Interpretation and Application of

International Standards on Auditing
Tracy Coenen
Full of valuable tips, techniques, illustrative real-world

examples, exhibits and best practices, this handy and
concise paperback will help you stay up to date on the
thinking, strategies, developments and technologies
in corporate fraud. Essentials of Corporate Fraud
challenges the readers concept of corporate fraud,
providing an introductory look at fraud
and the kinds of fraud that can occur
in various areas of a company.
Member: US $48.00
71WCF
Fraud Analysis Techniques Using ACL

David Coderre
Fraud Analysis Techniques Using ACL offers auditors &

investigators:
Authoritative guidance on the use of computerassisted audit tools and techniques in fraud detection
A CD-ROM containing an educational version of ACL
A n accompanying CD-ROM containing a thorough
fraud tool kit with two sets of customizable scripts to
serve your specific audit needs
C ase studies and sample data files that you can
use to try out the tests
Step-by-step instructions on how to run the tests
A self-study course on ACL script
development with exercises, data files and
suggested answers.
Member: US $211.00
82WCL
Thomas J. Shaw Esq. (Editor)
Today more than ever, legal practitioners need to

fully understand the obligations, liabilities, risks and
treatments involved in information security and privacy.
Top executives must have a firm grasp of the information
security and privacy statutes and regulations in each
country in which they do business, including any industry
sector-specific rules. This book provides a practical
and comprehensive approach to information security
and privacy law for both international and domestic
statutes. It provides all the tools needed to handle the
business, legal and technical risk of
protecting information on a global scale.
Member: US $120.00
2ABA
Information Technology
Control and Audit, 4th Edition
Sandra Senft and Frederick Gallegos

The new edition of a bestseller, Information
Technology Control and Audit, Fourth Edition
provides a comprehensive and up-to-date overview
of IT governance, controls, auditing applications,
systems development, and operations. Aligned to and
supporting the Control Objectives for Information and
Related Technology (COBIT), it examines emerging
trends and defines recent advances in technology
that impact IT controls and audits
including cloud computing, web-based
applications, and server virtualization.
45
Steven Collings
IT Auditing Using Controls to Protect

Information Assets, 2nd Edition
Chris Davis, Mike Schiller and Kevin Wheeler
In recent years, auditing has undergone significant

changes, due in large part to well-publicized corporate
disasters such as Enron and Parmalat, which have
shaken the profession. In response, many countries
have replaced preexisting domestic standards with
International Standards on Auditing (ISAs) in an attempt
to ensure that auditors throughout the world apply
the same level of work during all audit
assignments, and that audit quality
remains consistent on a global basis.
Member: US $110.00
95WISA
IT Audit, Control, and Security
Filled with solid techniques, checklists, forms, coverage

of leading-edge tools and systematic procedures for
common IT audits, IT Auditing, 2nd Edition covers
real-life scenarios and fosters the skills necessary for
auditing complex IT systems. Fully updated to cover new
technology including cloud computing, virtualization
and storage, the book provides guidance on creating
an effective and value-added internal IT audit function.
Information is presented in easy-tofollow sections, allowing you to quickly
grasp critical and practical techniques.
Member: US $70.00
15MIT2
Robert Moeller
When it comes to computer security, the role of
auditors today has never been more crucial. Auditors
must ensure that all computers, in particular those
dealing with e-business, are secure. The only source for
information on the combined areas of computer audit,
control and security, the book describes the types of
internal controls, security and integrity procedures
that management must build into its automated
systems. This timely book provides auditors with the
guidance they need to ensure that their systems are
secure from both internal and external threats.
Member: US $90.00
90WACS
Member: US $90.00
4CRC4
Book Review
46
47
IT Control Objectives for Basel II:
The Importance of Governance and Risk
Management for Compliance
ISACA
IT Control Objectives for Basel II provides a framework

for managing operational and information risk in the
context of Basel II. It presents an outline of risk under
Basel II, links between operational risk and IT risk,
and an approach for managing information risk. This
publication addresses three groupsinformation
risk managers, IT practitioners and financial services
experts. The executive summary states that financial
services organizations using the framework presented
are able to apply recognized IT control objectives and
management processes to address
the role of IT in operational risk.
Member: US $20.00
Available in print ITCOB and
eBook WITCOB
IT Control Objectives for Cloud Computing:

Controls and Assurance in the Cloud
ISACA
Cloud computing has become an important emergent issue

in business today. As a follow-up to the white paper it issued
in October 2009, ISACA has produced this book to examine
assurance in the cloud.
The book focuses on controls and countermeasures that can be
used in the cloud, and closely examines how to use the cloud
to create value in systems. The book details the issue, why it is
important to business, risks, why assurance is critical and how
COBIT can help.
The book contains an audit program in the appendix, which is
also available as a Word document.
Member: US $35.00
Available in print ITCOC
and eBook WITCOC
IT Security Metrics:
A Practical Framework for Measuring
Security & Protecting Data Lance Hayden
Lance Hayden
IT Security Metrics provides a comprehensive approach
to measuring risks, threats, operational activities and
the effectiveness of data protection in your organization.
The book explains how to choose and design effective
measurement strategies and addresses the
data requirements of those strategies.
Member: US $50.00
22MSM
Book Review
Book Review
48

IT Strategic and Operational Controls
John Kyriazoglou
Nowadays, integrated information systems can

significantly magnify the accrued benefits of a given
project and greatly strengthen an organization, but such
benefits are balanced by a serious risk. If IT systems
are not used in a disciplined manner, they can create
havoc and frequently bring about unexpected results
and catastrophe, as shown by the rise in security
incidents and computer-based crimes.
This book is an ideal tool for those without
specialized technical expertise who are seeking to
understand IT controls and their
design, implementation, monitoring,
review and audit issues.
Member: US $60.00
6ITSOC
A New Auditors Guide to Planning,

Performing, and Presenting IT Audits
Nelson Gibbs, Divakar Jain, Amitesh Joshi,
Surekha Muddamsetti and Sarabjot Singh
Information technology is a highly dynamic, rapidly

changing environment. IT auditors are expected to
stay current with the latest tools, technologies and
trends, and may need to do additional research to
prepare for specific audits. This book is designed to
help aspiring and active internal auditors take a step
back and understand the general
processes and activities involved in
conducting an audit around technology.
Member: US $70.00
1IIA
49

PCI Compliance, 3rd Edition Understand

and Implement Effective PCI Data Security
Standard Compliance
Anton Chuvakin and Branden R. Williams
The credit card industry established the PCI Data Security

Standards to provide a minimum standard for how
vendors should protect data to ensure it is not stolen by
fraudsters. PCI Compliance, 3e, provides the information
readers need to understand the current PCI Data Security
standards, which have recently been updated to version
2.0, and how to effectively implement
security within your company to be
compliant with the credit card industry
guidelines and protect sensitive and
personally identifiable information.
Member: US $60.00
7SYN10
SAP Security and Risk Management,

2nd Edition
Mario Linkies and Horst Karin
The revised and expanded second edition of this bestselling book describes all requirements, basic principles
and best practices of security for an SAP system.
Readers learn how to protect each SAP component
internally and externally while also complying with legal
requirements. Furthermore, the book describes how to
master the interaction of these requirements to provide
a holistic security and risk management solution. Using
numerous examples and step-by-step
instructions, this book teaches the reader
the technical details of implementing
security in SAP NetWeaver.
Member: US $70.00
2SAPP
Security Metrics: A Beginners Guide

Caroline Wong
Once more the Unto the Breach: Managing

information Security in an Uncertain World
Andrea Simmons
Learn how to communicate the value of an information

security program, enable investment planning and
decision making, and drive necessary change to
improve the security of the enterprise. Security Metrics:
A Beginners Guide explains, step by step, how to
develop and implement a successful
security metrics program.
Member: US $40.00
28MSM
SOC 2: A User Guide

ISACA
SOC 2 is a Report on Controls at a Service Organization

Relevant to Security, Availability, Processing Integrity,
Confidentiality or Privacy. This guide is intended for
those evaluating a service organizations SOC 2 report
as part of a governance, risk and compliance (GRC)
program; vendor assessment; security evaluation;
business continuity plan, or other control evaluation.
It may also be useful to those considering requesting
a SOC 2 report from an existing vendor that does not
currently provide a report or from a new vendor as
part of the due-diligence or request-for-proposal (RFP)
process. AICPA and ISACA have jointly released this
guide to provide user entities with the information
they need when interpreting
the SOC 2 reports received
from service organizations.
Member: US $35.00
Available in print SOC and
eBook WSOC
In Once more unto the Breach, Andrea C Simmons speaks

directly to information security managers and provides
an insiders view of the role, offering priceless gems from
her extensive experience and knowledge. Based on a
typical year in the life of an information
security manager, the book examines how
the general principles can be applied to all
situations and discusses the lessons learnt
from a real project
Member: US $46.00
14ITOM
Auditors Guide to IT Auditing and

Software Demo, 2nd Edition
Richard E. Cascarino
Many Auditors are unfamiliar with the techniques they

need to know to efficiently and effectively determine
whether information systems are adequately protected.
Now in a Second Edition, Auditors Guide to IT Auditing
presents an easy, practical guide for auditors that can
be applied to all computing environments.

Follow
the approach used by the Information System

Audit and Control Associations model curriculum,
making this book a practical approach for IS auditing

Serves
as an excellent study guide for those

preparing for the CISA and CISM exams

Includes
discussion of risk evaluation methodologies,

new regulations, SOX, privacy,
banking, IT governance, COBIT,
outsourcing, network management
and the Cloud
Member: US $95.00
53WAG2
Book Review
50

Applied Oracle Security: Developing
Secure Database and Middleware
Environments
David Knox, Scott Gaetjen, Hamza Jahangir, Tyler

Muth, Patrick Sack, Richard Wark and Bryan Wise
This Oracle Press guide demonstrates practical
applications of the most compelling methods for
developing secure Oracle Database and Oracle
Middleware environments. Readers will find full
coverage of the latest and most popular Oracle
products, including Oracle Database and Audit
Vaults, Oracle Application Express, and Secure
Business Intelligence Applications. Applied Oracle
Security demonstrates how to build and assemble
the various Oracle technologies required to create
the sophisticated applications
demanded in todays IT world.
Member: US $60.00
18MAO
Identity Management:
Concepts, Technologies, and Systems
Elisa Bertino and Kenji Takahashi
Digital identity can be defined as the digital

representation of the information known about a
specific individual or organization. Digital identity
management technology is an essential function
in customizing and enhancing the network user
experience, protecting privacy,
underpinning accountability in
transactions and interactions, and
complying with regulatory controls.
Member: US $109.00
10ART
Protecting Industrial Control Systems

From Electronic Threats
Joe Weiss
Aimed at both the novice and expert in IT security and

industrial control systems (ICS), this book will help readers
gain a better understanding of protecting ICSs from
electronic threats. Cybersecurity is getting much more
attention and SCADA security (supervisory control and
data acquisition) is a particularly important part of this field,
as are distributed control systems (DCS), programmable
logic controllers (PLCs), remote terminal units (RTUs),
intelligent electronic devices (IEDs), and all other field
controllers, sensors, drives and emission
controls that make up the intelligence of
modern industrial buildings and facilities.
Member: US $109.00
1MPPI
Security, Audit and Control Features

Oracle Database, 3rd Edition
ISACA
51

SPECIFIC ENVIRONMENTS (Continued)
Specific Environments
Security, Audit and Control Features

Oracle E-Business Suite, 3rd Edition
Security, Audit and Control Features Oracle

PeopleSoft, 3rd Edition
ISACA Deloitte Touche Tohmatsu Research Team
This updated edition of one of ISACAs most popular

guides reflects the many changes that the business
environment and the Oracle ERP application have
undergone since the second edition was published.
In response to customer needs and an increased
market awareness of governance, risk and compliance
(GRC), Oracle Corp. has continued to boost its GRC
offerings and released the updated and improved
Oracle E-Business Suite R12.1 (EBS) in 2009.
This in-demand guide also provides an update on current
industry standards and identifies future trends in Oracle
EBS risk and control. It enables audit, assurance, risk
and security professionals (IT and non-IT) to evaluate
risks and controls in existing ERP implementations,
and facilitates the design and implementation of
better practice controls into system
upgrades and enhancements.
Between the covers of this book, readers will find all

the details needed to confidently plan and execute a
detailed review of risk and controls in a PeopleSoft
environment. A lot has changed in terms of new product
features, new releases and various regulatory compliance
requirements for enterprises since the second edition of
this guide was published in 2005. This third edition aims
to ensure that the audit programs, risk and controls are
functional and relevant with current research for Oracle
PeopleSoft HRMS release 9.1. In addition, chapter 12,
New Directions for PeopleSoft and ERP Audit, discusses
the changing compliance landscape, tools to assist with
compliance and Oracle Fusion, and the
pathway for PeopleSoft installations.
Member: US $60.00
1SOA3
Member: US $65.00
ISPS3
Protecting information assets is challenging for every

enterprise, regardless of size and industry, and it has
become an even more complex task for enterprises
adopting distributed computing environments.
Security, Audit and Control Features Oracle
Database, 3rd Edition provides a new perspective
of security and controls over Oracle. This updated
edition includes a background and review of security
controls and addresses the risks associated with
protecting information in a distributed computing
environment of various platforms,
versions, interfaces and tools.
Member: US $40.00
ODB9
Book Review
52
53

SPECIFIC ENVIRONMENTS (Continued)
Security, Strategies in Windows Platform
and Applications, 2nd Edition
Introduction to Healthcare Information

Technology, 1st Edition
More than 90 percent of individuals, students, educators,

businesses, organizations, and governments use Microsoft
Windows, which has experienced frequent attacks against
its well-publicized vulnerabilities. Revised and updated
to keep pace with this ever changing field, Security
Strategies in Windows Platform and Applications, Second
Edition focuses on new risks, threats, and vulnerabilities
associated with the Microsoft Windows operating
system. Particular emphasis is placed on Windows XP,
Vista, and 7 on the desktop, and Windows Server 2003
and 2008 versions. It highlights how to use tools and
techniques to decrease risks arising from
vulnerabilities in Microsoft Windows
operating systems and applications.
The healthcare industry is growing at a rapid pace and

undergoing some of its most significant changes as the
use of electronic health records increase. Designed
for technologists or medical practitioners seeking
to gain entry into the field of healthcare information
systems, this book teaches the fundamentals of
healthcare IT (HIT) by using the CompTIA Healthcare IT
Technician (HIT-001) exam objectives as the framework.
It takes an in-depth and comprehensive view of HIT
by examining healthcare regulatory requirements,
the functions of a healthcare organization and its
medical business operations in addition to IT hardware,
software, networking, and security.
Member: US $72.00
3JBSS2
Member: US $73.00
16IT
Security Audit and Control Features SAP

ERP, 3rd Edition
Wireless Network Security

A Beginners Guide
Security, Audit and Control Features SAP ERP, 3rd Edition,

part of the Technical and Risk Management Reference
Series, enables assurance, security and risk professionals to
evaluate risks and controls in existing ERP implementations
and facilitates the design and building of controls into system
upgrades and enhancements. The publication is based on
SAP ERP (also known as SAP ERP Central Component [ECC]),
the latest version of which is SAP ECC 6.0.
Protect wireless networks against all real-world hacks

by learning how hackers operate. Wireless Network
Security: A Beginners Guide discusses the many attack
vectors that target wireless networks and clients-and explains how to identify and prevent them. Actual
cases of attacks against WEP, WPA, and wireless
clients and their defenses are included. This practical
resource reveals how intruders exploit vulnerabilities
and gain access to wireless networks. Youll learn
how to securely deploy WPA2 wireless networks,
including WPA2-Enterprise using digital
certificates for authentication.
Michael G. Solomon
Member: US $60.00
ISAP3
Book Review
Mark Ciampa & Mark Revels
INTERNET AND RELATED

SECURITY TOPICS
Section: 06
Tyler Wrightson
Member: US $40.00
30MWNS
ISACA keeps security professionals ahead of the curve on best practices, emerging trends, potential
threats and fresh insightsmaking them more skilled, successful and prepared for the challenges of
the fast-changing world of information security.
Just as information security is evolving every day, so is ISACA to keep a focus on security issues
relevant to today and the future and to inspire and equip leaders in information security to be prepared,
skilled and successful than anyone else. Our robust library of topics creates new avenues to drive
enterprise
and enhance your career.
Book
Review value
54
Internet and Related

Security Topics

Security Topics
Cloud Computing: Implementation,

Management, and Security
Cybersecurity:
The Essential Body of Knowledge
This guide provides an understanding of what cloud

computing really means, explores how disruptive it may
become in the future, and examines its advantages
and disadvantages. It gives business executives
the knowledge necessary to make
informed, educated decisions regarding
cloud initiatives.
Cybersecurity: The Essential Body of Knowledge

provides a comprehensive, trustworthy framework of
practices for assuring information security. This book is
organized to help readers understand how the various
roles and functions within a cybersecurity practice
can be combined and leveraged to produce a secure
organization. In this unique book, concepts are not
presented as stagnant theory; instead,
the content is interwoven in a real-world
adventure story that runs throughout.
John W. Rittinghouse and James F. Ransome
Member: US $84.00
45CRC
Dan Shoemaker and WM. Arthur Conklin
Member: US $97.00
10IT
Cybercrime: The Investigation, Prosecution

and Defense of a Computer-Related Crime,
3rd Edition
Ralph D. Clifford (Editor)
As technology grows increasingly complex, so does

computer crime. In this third edition, the author leads
a team of nationally reknowned experts in cybercrime
(gathered from the diverse fields of academia, private
and governmental practice) to unfold the legal mysteries
of computer crime. The book explores the variety of
crimes that involve computer technology and provides
essential details on procedural and
tactical issues associated with the
prosecution and defense of cybercrime.
Member: US $38.00
1CAP3
55
Gray Hat Hacking: The Ethical Hackers

Handbook, 3rd Edition
Hacking Exposed 7:
Network Security Secrets & Solutions
Featuring in-depth, advanced coverage of vulnerability

discovery and reverse engineering, Gray Hat Hacking,
3rd Edition provides eight new chapters on the latest
ethical hacking techniques. In addition to the new
chapters, the rest of the book is updated
to address current issues, threats, tools
and techniques.
Hacking Exposed 7: Network Security Secrets &

Solutions is filled with all new information on todays most
devastating attacks and proven countermeasures. The
book covers advanced persistent threats, infrastructure
hacks, industrial automation and embedded devices,
wireless security, the new SCADA protocol hacks,
Microsoft Windows Server 2010,
Web 2.0, Unbuntu Linux, hardware,
Cisco, RFID, malware, and more!
Allen Harper, Shon Harris, Jonathan Ness, Chris Eagle,

Gideon Lenkey and Terron Williams
Member: US $60.00
4MGH3
Hacking Exposed Web Applications,

3rd Edition
Joel Scambray
Protect web applications from malicious attacks

by mastering the weapons and thought processes
of todays hacker. Written by recognized security
practitioners and thought leaders, Hacking Exposed
Web Applications, 3rd Edition is fully updated to cover
new infiltration methods and countermeasures. Find
out how to reinforce authentication and authorization,
plug holes in Firefox and Internet
Explorer, reinforce against injection
attacks, and secure web 2.0 features.
Member: US $50.00
23MHE
Stuart McClure, Joel Scambray and George Kurtz
Member: US $50.00
2MCG7
Hacking Exposed Wireless:

Wireless Security Secrets & Solutions,
2nd Edition
Johnny Cache, Joshua Wright and Vincent Liu
Protect wireless systems from crippling attacks using

the detailed security information in this comprehensive
volume. Thoroughly updated to cover todays established
and emerging wireless technologies, Hacking Exposed
Wireless, 2nd Edition reveals how attackers use readily
available and custom tools to target, infiltrate and hijack
vulnerable systems. The book discusses the latest
developments in Wi-Fi, Bluetooth, ZigBee and DECT
hacking, and explains how to perform penetration tests,
reinforce WPA protection schemes, mitigate packet
injection risk, and lock down Bluetooth and RF devices.
Cutting-edge techniques for exploiting Wi-Fi clients,
WPA2, cordless phones, Bluetooth pairing and ZigBee
encryption are also covered in this fully
revised guide.
Member: US $50.00
17MHE2
Book Review
56

Security Topics
Honeypots: A New Paradigm to
Information Security
R. C. Joshi and Anjali Sardana
A well-rounded, accessible exposition of honeypots

in wired and wireless networks, this book addresses
honeypots from a variety of perspectives. Case studies
enhance the practical understanding of the subject, along
with a strong theoretical foundation. The book covers the
latest technology in information security
and honeypots, including honeytokens,
honeynets and honeyfarms.
Member: US $140.00
49CRC
Mobile Application Security
Himanshu Dwivedi, Chris Clark and David Thiel

Implement a systematic approach to security in mobile
application development with help from this practical
guide. Featuring case studies, code examples and
best practices, Mobile Application Security details
how to protect against vulnerabilities in the latest
smartphone and PDA platforms. Maximize isolation,
lockdown internal and removable storage, work with
sandboxing and signing, and encrypt sensitive user
information. Safeguards against viruses, worms,
malware and buffer overflow exploits are also covered
in this comprehensive resource.
Member: US $50.00
21MMS
Book Review
57

Security Topics
Network Security Bible, 2nd Edition
Eric Cole
Network security is constantly evolving, and this

comprehensive guide has been thoroughly updated to
cover the newest developments. Those responsible
for network security will find value in this reference.
Covering new techniques, technology and methods for
approaching security, it also examines
new trends and best practices being
used by many organizations.
Member: US $60.00
86WNS
Information Security:
The Complete Reference, 2nd Edition
Mark Rhodes-Ousley
This thorough update to this authoritative volume on

network security covers the latest security standards and
regulations. Network Security: The Complete Reference,
2nd Edition guides security practitioners on how to plan,
implement and maintain a secure network: protect
confidential information; and ensure corporate networks
are in compliance with the latest regulations. The book
covers essential standards, such as ISO 27001, COBIT and
SAS 70. Important legal regulations (and their context and
relevance), such as Sarbanes-Oxley, SB 1386, SB 1841,
FFIEC, Gramm-Leach-Bliley and HIPAA, are highlighted
throughout as their relevance intersects
with topicsenhancing this editions
value and practicality.
Member: US $70.00
10MOC2
Book Review
58

Security Topics
Security Considerations for
Cloud Computing
ISACA
Another publication in the Cloud Computing Vision

Series, Security Considerations for Cloud Computing
presents practical guidance to facilitate the
decision process for IT and business professionals
concerning the decision to move to the cloud. It
helps enable effective analysis and measurement
of risk through use of decision trees and checklists
outlining the security factors to be
considered when evaluating the
cloud as a potential solution.
Member: US $35.00
Available in print SCC and
eBook WSCC

Security Topics
Securing the Clicks:
Network Security in the Age of
Social Media
Gary Bahadur, Jason Inasi and Alex de Carvalho

Securing the Clicks: Network Security in the Age of
Social Media explains the latest threats along with
detailed fixes, best practices, and from the headlines
case studies. Readers will find ways how to analyze
risk, implement robust security protocols, and enforce
social media usage policies. Regulatory compliance,
online reputation management, and
incident response are also covered in this
comprehensive volume.
Member: US $40.00
27MSC
Web Application Security:

A Beginners Guide
Pragmatic Security Metrics:

Applying Metametrics to Info Sec
Secure web applications from todays most devious

hackers. Web Application Security: A Beginners Guide
helps the reader stock a security toolkit, prevent common
hacks, and defend quickly against malicious attacks. This
practical resource includes chapters on authentication,
authorization, and session management, along with
browser, database, and file securityall
supported by true stories from industry.
Other books on information security metrics

discuss number theory and statistics in academic
terms. Light on mathematics and heavy on utility,
PRAGMATIC Security Metrics: Applying Metametrics
to Information Security breaks the mold. This is the
ultimate how-to-do-it guide for security metrics.
Packed with time-saving tips, the book offers
easy-to-follow guidance for those struggling with
security metrics. Step by step, it clearly explains
how to specify, develop, use,
and maintain an information
security measurement system (a
comprehensive suite of metrics).
Bryan Sullivan and Vincent Liu
Member: US $40.00
29MWAS
Theres A New Sheriff In Town

Mary Lou Heastings
Security Information and Event

Management (SIEM) Implementation
David R. Miller, Shon Harris, Allen Harper, Stephen

VanDyke and Chris Blask
Written by IT security experts, Security Information
and Event Management (SIEM) Implementation
shows the reader how to deploy SIEM technologies
to monitor, identify, document and respond to
security threats and to reduce false-positive
alerts. The book explains how to implement SIEM
products from different vendors and discusses the
strengths, weaknesses and advantages of these
systems. Readers also learn how to use SIEM
capabilities for business intelligence.
Real-world case studies are included
in this comprehensive resource.
Member: US $65.00
24MSIEM
59
System Forensics, Investigation,

and Response
John R. Vacca and K. Rudolph
Computer crimes call for forensics specialists, people

who know how to find and follow the evidence. System
Forensics, Investigation, and Response begins by
examining the fundamentals of system forensics, such
as what forensics is, the role of computer forensics
specialists, computer forensic evidence and application
of forensic analysis skills. It also gives an overview of
computer crimes, forensic methods and laboratories.
The book then addresses the tools, techniques and
methods used to perform computer
forensics and investigation.
Member: US $90.00
2JBSF
This compilation is a reminder to security professionals

that security is no longer about implementing the latest
technologies; the role has evolved to one of adding value
to the company. Security leaders must help the business
understand operational risks and the business value of risk
management. These writers have given some valuable insight
that is worth the read. --Cynthia Whitley, CISO Fortune 100
Insurance Company.
Its like having a whos who of security at your beck and call.
Many of these contributors have the knowledge to draft a
book of their own, but combined with each contributing from
their field of expertise makes this book a must have for any
serious Security Executive. --Frank Artes, Vice President,
Converged Security (North America) Deluxe
Entertainment Services Group, Inc.
Member: US $20.00
2EA
Book Review
W. Krag Brotby; Gary Hinson
Member: US $70.00
55CRC
The Web Application Hackers Handbook:

Finding and Exploiting Security Flaws,
2nd Edition
Dafydd Stuttard, Marcus Pinto
Web applications are the front door to most

organizations, exposing them to attacks that may disclose
personal information, execute fraudulent transactions, or
compromise ordinary users. This practical book has been
completely updated and revised to discuss the latest
step-by-step techniques for attacking and defending
the range of ever-evolving web applications. Youll
explore the various new technologies employed in web
applications that have appeared since the first edition
and review the new attack techniques
that have been developed, particularly
in relation to the client side.
Member: US $50.00
97WWAH
60

Security Topics
The Root Kit Arsenal: Escape and Evasion
in the Dark Corners of the System, 2nd Ed
Bill Blunden
While forensic analysis has proven to be a valuable

investigative tool in the field of computer security, utilizing
anti-forensic technology makes it possible to maintain a
covert operational foothold for extended periods, even in
a high-security environment. Adopting an approach that
favors full disclosure, the updated Second Edition of The
Rootkit Arsenal presents the most accessible, timely,
and complete coverage of forensic countermeasures.
This book covers more topics, in greater depth, than
any other currently available. In doing so the author
forges through the murky back alleys of the Internet,
shedding light on material that has
traditionally been poorly documented,
partially documented, or intentionally
undocumented.
Member: US $74.00
4JBSS

Security Topics
Reverse Deception: Organized Cyber
Threat Counter Exploitation
Sean Bodmer, Dr. Mak Kilger, Gregory Carpenter,

Jade Jones, Jeff Jones
Expose, pursue, and prosecute the perpetrators of
advanced persistent threats (APTs) using the tested
security techniques and real-world case studies featured
in this one-of-a-kind guide. Reverse Deception: Organized
Cyber Threat Counter-Exploitation shows how to assess
your networks vulnerabilities, zero in on targets, and
effectively block intruders. Discover how to set up
digital traps, misdirect and divert attackers, configure
honeypots, mitigate encrypted crimeware, and identify malicious software
groups.
Member: US $40.00
31MRDO
Lee Newcombe
This book provides an overview of security architecture

processes and explains how they may be used to derive
an appropriate set of security controls to manage the
risks associated with working in the Cloud. It is aimed
at business decision makers, senior IT stakeholders,
enterprise architects, information security
professionals and anyone else who is interested in
working with cloud services, but might
be concerned about the potential
security implications.
Member: US $40.00
16IITSCS
Official Certified Ethical Hacker

Review Guide: For Version 7.1, 1st Edition
Information Security Governance Simplified:

From the Boardroom to the Key Board
Official Certified Ethical Hacker Review Guide: For Version

7.1 is a valuable resource to help you pursue the most
recognized, respected hacking certification in the world.
As experienced instructors of the International Council
of Electronic Commerce Consultants (ED-Council), the
authors draw on firsthand experience training top-caliber
information security professionals for success on the
councils Certified Ethical Hacker (CEH) exam. The only
exam review guide officially endorsed by the EC-Council,
this proven resource focuses on the core concepts that
are covered on the newest certification course (version
7.1), as well as a wide array of
useful learning tools, including
chapter objectives, step-by-step
tutorials.
Security practitioners must be able to build cost-effective security

programs while also complying with government regulations.
Information Security Governance Simplified:
From the Boardroom to the Keyboard lays out these regulations
in simple terms and explains how to use control frameworks
to build an air-tight information security (IS) program and
governance structure. Defining the leadership skills required by
IS officers, the book examines the pros and cons of different
reporting structures and highlights the various control frameworks
available. It details the functions of the
security department and considers the
control areas, including physical, network,
application, business continuity/disaster
recover, and identity management.
Steven DeFino
Member: US $40.00
15IT
Responding to Targeted Cyberattacks

ISACA
Securing Cloud Services: A pragmatic

guide to security architecture in the Cloud
61
The threat environment had radically changed over the

last decade. Most enterprises have not kept pace and
lack the necessary fundamentals required to prepare and
plan against cyberattacks. To successfully expel attackers,
the enterprise must be able to conduct an investigation,
feed the threat intelligence into a detailed remediation/
eradication plan and executive the remediation/
eradication plan. This publication covers a few of the
basic concepts that will help answer the key questions
posed by a new outlook that a breach
WILL eventually occur.
Member: US $35.00
Available in print RTC and
eBook WRTC
Advanced Persistent Threats:

How to Manage the Risk to Your Business
ISACA
This book explains the nature of the security
phenomenon known as the advanced persistent threat
(APT). It also provides helpful advice on how to assess
the risk of an APT to the organization and recommends
practical measures that can be taken to prevent, detect
and respond to such an attack. In addition, it highlights
key differences between the controls needed to counter
the risk of an APT attack and those
commonly used to mitigate everyday
information security risk.
Member: US $35.00
Available in print APT and
eBook WAPT.
Book Review
Todd Fitzgerald
Member: US $80.00
54CRC
Computer Forensics InfoSec Pro Guide

David Cowen
Find out how to excel in the field of computer forensics

investigations. Learn what it takes to transition from an IT
professional to a computer forensic examiner in the private sector.
Written by a Certified Information Systems Security Professional,
Computer Forensics: InfoSec Pro Guide is filled with real-world
case studies that demonstrate the concepts covered in the
book. Youll learn how to set up a forensics lab, select hardware
and software, choose forensic imaging procedures, test your
tools, capture evidence from different sources, follow a sound
investigative process, safely store evidence, and verify your
findings. Best practices for documenting your results, preparing
reports, and presenting evidence in court
are also covered in this detailed resource.
Member: US $40.00
34MCF
62
63

Security Topics
Cloud Computing - Assessing the Risks

Jared Carstensen, Bernard Golden and JP
Morgenthal
Written by three internationally renowned experts,

this book discusses the primary concerns of most
businesses leaders Cloud Computing are the words
on everyones lips
its the latest technology, the way forward. But
how safe is it? Is it reliable? How secure will your
information be? Cloud Computing: Assessing
the risks answers these questions and many
more. Using jargon-free language and relevant
examples, analogies and diagrams, it is an up-todate, clear and comprehensive guide the security,
governance, risk, and compliance elements of
Cloud Computing.
the security and risk elements of the Cloud.
But security and risk are just two elements of
Cloud Computing, and this book focuses on all
the critical components of a successful cloud
programme including
compliance, risk, reliability, availability, areas
of responsibility, Cloud
Computing borders, legalities,
digital forensics and business
continuity.
Member: US $40.00
17ITCC
Big DataA Revolution That Will

Transform How We Live, Work
and Think
Viktor Mayer-Schonberger, Kenneth Cukier
A revelatory exploration of the hottest trend in

technology and the dramatic impact it will have
on the economy, science, and society at large.
Big data refers to our burgeoning ability to
crunch vast collections of information, analyze
it instantly, and draw sometimes profoundly
surprising conclusions from it. This emerging
science can translate myriad phenomena
from the price of airline tickets to the text of
millions of booksinto searchable form, and
uses our increasing computing power to unearth
epiphanies that we never could have seen
before. A revolution on par with the Internet or
perhaps even the printing press, big data will
change the way we think about business, health,
politics, education, and innovation in the years
to come. It also poses fresh threats, from the
inevitable end of privacy as we know it to the
prospect of being penalized for
things we havent even done
yet, based on big datas ability
to predict our future behavior.
IT GOVERNANCE AND
BUSINESS MANAGEMENT
Section: 07
Member: US $16.00
1HMBD
EARN FREE CPE CREDITS BY PARTICIPATING IN ISACA

WEBINARS, FEATURING RELEVANT IT TOPICS PRESENTED BY
INDUSTRY LEADERS.
WWW.ISACA.ORG/WEBCASTS
The complexity of the IT environment continues to grow, with increasing legal and regulatory
requirements, as well as more diverse and sophisticated security threats. IT has emerged as a core
strategic imperative that can differentiate and organization from its competitors. Browse our library of
Governance and Management titles developed to help you bring order to the growing complexity of IT.
ISACA develops and delivers industry-renowned, research, publications and business frameworks.
We equip and inspire individuals to be leaders in the fast changing world of information systems,
information technology and business. ISACA inspires and equips individuals to be more capable, valued
and successful in the fast-changing world of information systems, information technology and business.
Book Review
64
IT Governance and
Business Management
An Executive Guide to IFRS:
Content, Costs and Benefits to Business
Peter Walton
International Financial Reporting Standards have been

mandatory in the European Union since 2005 and are
rapidly being adopted by countries around the world.
In this environment, it is increasingly important for
managers, executives and chief executive officers to
understand the background of IFRS and their main
requirements. In An Executive Guide to IFRS: Content,
Costs and Benefits to Business, Peter Walton provides
a concise and accessible guide to the principal features
of IFRS, explains why they are useful,
looks at their impact on businesses,
and helps define their global role.
IT Governance and
Business Management
CIO Best Practices: Enabling Strategic
Value With Information Technology,
2nd Edition
Joseph P. Stenzel, Gary Cokins, Karl D. Schubert,
and Michael H. Hugos
Member: US $40.00
94WIFRS
Anyone working in information technology feels the

opportunities for creating and enabling lasting value.
The chief information officer (CIO) helps define those
opportunities and turn them into realities. Now in a
second edition, CIO Best Practices is an essential guide
offering real-world practices used by CIOs and other IT
specialists who have successfully mastered the blend
of business and IT responsibilities. For anyone who
wants to achieve better returns on their IT investments,
CIO Best Practices, 2nd Edition presents the leadership
skills and competencies required of
a CIO, addressing comprehensive
enterprise strategic frameworks
to fully leverage IT resources.
The Business Model for Information Security
Member: US $70.00
54WCIO
ISACA
The Business Model for Information Security provides

an in-depth explanation to a holistic business model that
examines security issues from a systems perspective.
Explore various media, including journal articles,
webcasts and podcasts, to delve into the Business
Model for Information Security (BMIS) and to learn
more about how to have success in the information
security field in todays market.
65
Creating a Culture of Security

ISACA and Steven J. Ross
Creating a Culture of Security discusses how to achieve

a meaningful, intentional security culture. It provides
information on the benefits of, and inhibitors to, a
culture of security. It discusses positive and negative
reinforcement strategies and the steps
to take to achieve the right balance
in a security culture program.
Available in eBook format
WCCS
Empowering Green Initiatives With IT:

A Strategy and Implementation Guide
Joel Scambray
A straightforward guide to the role of IT departments

and vendors in assisting organizations in going green
with the aid of IT-related resources and offerings. This
book provides organizations with strategy, planning,
implementation and assessment
guidance for their green initiatives.
Information Security Management

Metrics: A Definitive Guide to Effective
Security Monitoring and Measurement
W. Krag Brotby
This publication shows readers how to develop

metrics that can be used across an organization
to assure its information systems are functioning,
secure, and supportive of the organizations
business objectives. It provides a comprehensive
overview of security metrics, discusses the
current state of metrics in use today and looks
at promising new developments. Later chapters
explore ways to develop effective strategic and
management metrics for information security
governance, risk management,
program implementation and
management, and incident
management and response.
50Member: US $84.00
50CRC
Member: US $50.00
89WEG
Member: US $45.00
Available in print BMIS
and eBook
Book Review
66
IT Governance and
Business Management
IT Governance and
Business Management
Fraud 101: Techniques and Strategies for

Understanding Fraud, 3rd Edition
Hacking Exposed Malware and Rootkits:

Malware & Rootkits Secrets & Solutions
Fraud continues to be one of the fastest growing and

most costly crimes around the world. The more an
organization can learn about fraud and the potential
fraud risks that threaten the financial stability of the
organizations cash flow, the better that organization
will be equipped to design and implement measures
to prevent schemes from occurring in the first place.
This third edition offers guidance;
understanding; and new, real-world case
studies on the major types of fraud.
Defend against the ongoing wave of malware and

rootkit assaults. Real-world case studies and examples
reveal how todays hackers use readily available
tools to infiltrate and hijack systems. Step-by-step
countermeasures provide proven prevention techniques.
Readers will find out how to detect and eliminate
malicious embedded code, block pop-ups and web
sites, prevent keylogging, and terminate rootkits.
The latest intrusion detection, firewall, honeynet,
antivirus, antirootkit and antispyware
technologies are covered in detail.
Stephen Pedneault
Member: US $60.00
85WF101
Governance, Risk and Compliance

Handbook: Technology, Finance,
Environmental, and International
Guidance and Best Practices
Michael A. Davis, Sean Bodmer and Aaron LeMasters
Member: US $50.00
20MHE
Human Factors in Project Management:

Concepts, Tools, and Techniques for
Inspiring Teamwork and Motivation
Anthony Tarantino
Zachary Wong
Compliance has emerged from a peripheral concern of

auditors and lawyers to an area that encompasses an
entire enterprise as well as its suppliers, customers
and other stakeholders. All business managers, from
midlevel to executive, need to understand the multitude of
compliance initiatives designed to improve transparency
in financial reporting and good corporate
governance.
This book provides a summary of people-based

management skills and techniques that can be
applied when working in a team environment. This
comprehensive resource brings together in one
book new and current models in team motivation
and integrates the most significant concepts in team
motivation and behaviors into a single set of principles
called human factors. The author shows how these
factors can be applied to the most
challenging issues facing project
managers today.
Member: US $163.00
64WGRC
67
Member: US $55.00
67WHF
Identifying and Aligning Business Goals

and IT Goals: Full Research Report
ISACA and IT Alignment and Governance Research
Institute of the University of Antwerp Management
School
The focus of this research is better understanding of the

cascading relationship amongst business goals, IT goals
and IT processes. It presents a solid and strong list of 17
generic business goals and 18 generic IT goals, validated
and prioritized among different sectors. Together with the
linking information between both, it provides a good basis
upon which to build a generic cascade from business goals
to IT goals. A strong list of the most important business
and IT goals was identified among the different sectors and
further analysis by sector and geographic location identified
interesting deviations, which increase the practical
relevance for enterprises operating in a specific sector
that want to use these lists to help them
identify a good set of business/IT goals.
Member: US $20.00
WGOALS
Implementing Information Technology

Governance: Models, Practices and Cases
Wim Van Grembergen and Steven De Haes
In many organizations, IT has become crucial in the

support, sustainability and growth of the business.
This pervasive use of technology has created a critical
dependency on IT that calls for a specific focus on IT
governance. This book presents insight gained through
literature reviews and case studies to provide practical
guidance for enterprises that want to start implementing
IT governance or improve existing governance
models. It provides a detailed set of IT governance
structures, processes and relational
mechanisms that can be leveraged to
implement IT governance in practice.
Member: US $100.00
4ID
Implementing the Project Management

Balanced Scorecard
Jessica Keyes
Implementing Service Quality

Based on ISO/IEC 20000
Michael Kunas
ISO/IEC 20000 is an important international standard for

IT service providers. Implementation and certification
will improve your business processes and practices.
It will reassure your customers that
your company is efficient, reliable and
trustworthy. Customers will return
because they know from experience
that your service is second to none.
Member: US $30.00
10ITISQ
Book Review
Business managers have long known the power of the

balanced scorecard in executing corporate strategy.
Implementing the Project Management Balanced
Scorecard shows project managers how they too can
use this framework to meet strategic objectives. It
supplies valuable insight into the project management
process as a whole and contains detailed explanations on
how to effectively implement the balanced scorecard to
measure and manage performance and
projects.
Member: US $88.00
46CRC
68
IT Governance and
Business Management
Information Security Governance:
Guidance for Information Security
Managers
ISACA and W. Krag Brotby
ISO/IEC 20000 is an important international standard for

IT service providers. Implementation and certification will
improve your business processes and practices. It will
reassure your customers that your company is efficient,
reliable and trustworthy. Customers will return because
they know from experience that your
service is second to none.
Member: US $35.00
Available in print 3ITG and
eBook W3ITG
Information Security Policies Made Easy,

Version 12
Charles Cresson Wood
Information Security Policies Made Easy is an all-in-one

resource with more than 1500 prewritten information
security policies, including commentary and expert advice
for each policy. Organized around the security domains
of ISO 27002, it is ideal for organizations with regulatory
requirements for security and privacy.
All content available on an easy-to-use CD-ROM featuring:

Policies

Easy
available in, PDF, MS-Word format
cut-and-paste into existing corporate documents

E xtensive
cross-references between policies that

help the user quickly understand
alternative solutions and
complimentary controls
Member: US $795.00
1BS12
69
IT Governance and
Business Management
Information Security Roles &
Responsibilities Made Easy, Version V3
Charles Cresson Wood
Save money while building a leading security organization.

This new version provides practical, step-by-step instructions
on how to develop and document specific information security
roles and responsibilities. This valuable reference will save
you time and money by providing prewritten job descriptions,
mission statements and organization charts that you can use
and customize for your own organization. This book can be
used effectively by anyone who needs to develop, refine or
otherwise specify information security organizational design
documents, no matter what level of experience one has in the
information security field. Providing best practices, this book
will help you develop, refine and gain management approval
of the information security function in an organization.
Information Technology for Management:

Improving Strategic and Operational
Performance, 8th Edition
Efraim Turban and Linda Volonino
A major revision of a highly respected text that has

sold more than 250,000 copies, this book teaches
that the major role of IT is to provide enterprises with
strategic advantage by facilitating problem solving,
increasing productivity and quality, improving customer
service, enhancing communication
and collaboration, and enabling
business process restructuring.
Member: US $219.00
80WITM8
CD-ROM format includes PDF and Word

documents for easy editing.
Member: US $495.00
2PS3
IT Governance: A Pocket Guide

Alan Calder
This pocket guide outlines the key drivers for IT

governance in the modern global economy, with particular
reference to corporate governance requirements and the
need for companies to protect their information assets.
The guide examines the role of IT governance in the
management of strategic and operational risk. It also
looks at the most important considerations when setting
up an IT governance framework, and introduces the
reader to the Calder-Moir IT Governance
Framework, which the author helped
to create. The approach throughout
avoids technical jargon and emphasizes
business opportunities and needs.
Member: US $15.00
4ITIG
IT Governance: Policies & Procedures,

2014 Editio
Michael Wallace and Larry Webber
Information Technology Governance and

Service Management: Frameworks and
Adaptations
Aileen Cater-Steel
Increasingly, IT governance is being considered an integral part

of corporate governance. There has been a rapid increase in
awareness and adoption of IT governance as well as a desire
to conform to national governance requirements to ensure
that IT is aligned with the objectives of the organization.
This book provides an in-depth view into the critical
contribution of IT service management to IT governance
and the strategic and tactical value provided
by effective service management.
IT Governance Policies and Procedures, 2014 Edition is

the premier decision-making reference to help you to
devise an information systems policy and procedure
program uniquely tailored to the needs of your
organization. Not only does it provide extensive sample
policies, but this valuable resource
gives you the information you need to
develop useful and effective policies
for your unique environment.
Member: US $315.00
5AS14
Member: US $195.00
3IGI
Book Review
70
IT Governance and
Business Management
THE NEVER-ENDING BATTLE TO
KEEP INFORMATION SAFE

IT Governance and Process Maturity
ISACA
The project on which this report is based achieved the

research objective of developing robust benchmark
information and providing a means for enterprises to
answer the question, How do we compare with our
peers? The report breaks down data by geography,
industry and size. Detailed analysis of the data collected
reveals dramatic differences among the individual
attribute levels. The report offers instructions and
recommendations to help organizations
perform a self-assessment against the
benchmark data in the study and begin
implementing strategies for improvement.
DOWNLOAD A COPY OF COBIT 5 FOR

INFORMATION SECURITY OR LEARN MORE AT
WWW.ISACA.ORG/COBIT5INFO-SEC
OF SECURITY BREACHES ARE AVOIDABLE THROUGH

SIMPLE OR INTERMEDIATE CONTROLS
INTRUSIONS & DISCLOSURES
95%
$174 MILLION
RECORDS INVOLVED IN DATA THEFTS
1 U.S. DATA BREACH
COSTS $5.5 MILLION
13 MAJOR SECURITY
315 NEW MOBILE
BREACHES AT NASA IN 2011
58%
39%
EMPLOYEE
NEGLIGENCE
Available in eBook format

WGPM
OF RECORDS COMPROMISED IN 2011

CONTAINED PERSONAL INFOMATION
49
70%
VULNERABILITES
IN 2011
COMMON DATA INTRUSION IN THE ENTERPRISE

HACKTIVISTS
PRIVACY
EVERY 15 SECONDS
FLAME SPYWARE GRABS A
SCREEN IMAGE ON A
COMPROMISED PC
PERCENTAGE OF US ORGANIZATIONS THAT DONT PROTECT

EMPLOYEE MOBILE DEVICES CONTAINING PATIENT HEALTH
INFORMATION
PERCENTAGE OF EUROPEANS WORRIED ABOUT MISUSE OF
THEIR PERSONAL DATA
BUSINESS CONTINUITY
COMPLIANCE
DISASTER RECOVERY/BUSINESS CONTINUITY RANKS #4 ON

THE LIST OF THE TOP BUSINESS ISSUES AFFECTING IT
COST OF
COMPLIANCE
NON-COMPLIANCE
+
$5,000/
MINUTE
AVERAGE COST
OF DATA
CENTER
$222
37
OF SMBS MOTIVATED BY
DISASTER PREPAREDNESS TO
MOVE TO PRIVATE CLOUD
COMPUTING
DOWNTIME
$820
PER EMPLOYEE
HIPPA
IT Governance to Drive High Performance:

Lessons From Accenture
Robert E. Kress
This pocket guide provides readers with an insiders

detailed description of Accentures IT governance policy
and details its governance structure. It will show how
effective IT governance links IT strategy and IT decisions
to Accentures business strategy and business priorities.
Following the best practices approach set out in this
pocket guide serves as an excellent
starting point for any organization with
ambitions to achieve high performance.
PER EMPLOYEE
UK DATA PROTECTION ACT 1988 U.K. BRIBERY ACT

COPPA
SARBANES-OXLEY
FOREIGN CORRUPT PRACTICES ACT
INFORMATION TECHNOLOGY RULES
DO NOT TRACK
DODD-FRANK
EUROPE DATA PROTECTION DIRECTIVE
PERSONAL INFORMATION PROTECTION LAW
SAFE HARBOR ACT
14,215
71
Member: US $15.00
8ITHP
IT Outsourcing Contracts:
A Legal and Practical Guide (Pocket Guide)
Jimmy Desai
Outsourcing the IT function looks attractive. It can

offer greater flexibility and cost savings, and enable
one to focus on the core business. At the same time,
outsourcing IT has its problems. It can involve extra
risks and hidden costs. The companys relationship with
its IT supplier will not just run itself. The relationship
will need to be managed to obtain
the services the business requires.
Member: US $15.00
5ITOC
IT Outsourcing:
Part 1 Contracting the Partner
Denis Verhoef and Gerard Wijers
This essential guide looks at the procedures needed

to achieve all these benefits when contracting an
outsourcing partner. It explains the benefits of a
well-thought-out and practical approach to selecting
a partner whose performance may make or break an
enterprises delivery to market. This book is a key
reference guide to anyone procuring IT services and
also to those who are responsible for
maintaining the contract once signed.
Member: US $33.00
11VH
REGULATORY ANNOUNCEMENTS IN 2011
SOURCES
Ponemon Institute 2011 Cost of Data Breach Study: United States
Verizon 2012 Data Breach Investigations Report
Reuters, http://reut.rs/zzrcec
Symantec Internal Threat Report 17
WIRED, http://www.wired.com/threatlevel/2012/05/flame/all/1
European Commission-Justice, Data Protection
Ponemon Institute Second Annual Benchmark Study on Patient
Privacy and Data Security
ISACA 2011 Top Business/Technology Issues Survey

Symantec 2012 SMB Disaster Preparedness Survey
Ponemon Institute True Cost of Compliance Report
Thomson Reuters State of Regulatory Reform 2012
eWeek, http://www.eweek.com/c/a/IT-Infrastructure/Unplanned-IT-DowntimeCan-Cost-5K-Per-Minute-Report-549007/
Book Review
72
IT Governance and
Business Management
IT Governance and
Business Management
IT Project Management:
30 Steps to Success
IT Project Management:
On Track From Start to Finish, 3rd Edition
Premanand Doraiswamy
Joseph Phillips
Few businesses could function effectively without their

IT systems and they depend on IT for more than their
day-to-day operations. Companies must constantly
innovate to remain competitive and keep up with everchanging customer requirements; IT projects deliver
these innovations. The IT project manager is the person
responsible for implementing the project and realizing
the objectives it was designed to achieve. This pocket
guide is designed to help IT project managers succeed
and is based on the authors years of experience in IT
project management. The guides step-by-step approach
will enable those new to IT project management,
or intending to make a career in this field, to master
the essential skills. For seasoned
professionals, the pocket guide offers
an invaluable concise reference guide.
This practical, up-to-date guide explains how to

successfully manage an IT project and prepare
for CompTIA Project+ certification. IT Project
Management: On Track From Start to Finish, 3rd
Edition walks the reader through each step of the
IT project management process, covering critical
strategies for on-time and within-budget projects. The
book includes proven methods for initiating a project,
selecting qualified team members, conferring with
management, establishing communication, setting
realistic timetables, tracking costs and
closing a project. CD-ROM included.
This guide delivers practical guidance for everyday IT

practices and activities, helping users establish and
implement reliable, cost-effective IT services. The
goal of MOF is to provide guidance to IT organizations
to help them create, operate and support IT services
while ensuring that the investment in
IT delivers expected business value
at an acceptable level of risk.
Member: US $52.00
25MIPM
Monitoring Internal Control

Systems and IT
Member: US $15.00
12ITPM
Key Performance Indicators: Developing,

Implementing, and Using Winning KPIs,
2nd Edition
David Parmenter
By exploring measures that have transformed businesses,

the author has developed a methodology that is
breathtaking in its simplicity and yet profound in its impact.
Now in an updated and expanded second edition, Key
Performance Indicators is a proactive
guide representing a significant shift in the
way KPIs are developed and used, with
an abundance of implementation tools.
Member: US $50.00
91WKPI
73
Master Data Management and Data

Governance, 2nd Edition
Alex Berson and Larry Dubov
Regain control of master data and maintain a master

entity-centric enterprise data framework using the detailed
information in this authoritative guide. Master Data
Management and Data Governance, 2nd Edition provides
up-to-date coverage of the most current architecture
and technology views and system development and
management methods. Discover how to construct and
master data management (MDM) business case and
road map, build accurate models,
deploy data hubs, and implement
layered security policies.
MOFMicrosoft Operations Framework

V4.0: A Pocket Guide
David Pultorak, Clare Henry and Paul Leenards
Member: US $22.00
9VH
ISACA
Monitoring Internal Control Systems and IT provides

useful guidance and tools for enterprises interested
in applying information technology to support and
sustain the monitoring of internal control. Guidance is
provided for the design and operation of monitoring
activities over existing IT controls;
however, customization of the
provided approaches, reflecting
the specific circumstances of
each enterprise, is required.
Member: US $55.00
MIC
Outsourcing IT: A Governance Guide

Rupert Kendrick
Businesses are increasingly choosing to outsource their IT

function. The attraction of outsourcing IT is that it enables
a company to obtain an efficient and responsive IT
system, while at the same time allowing the company to
focus on its core strengths. The current economic climate
is also putting companies under increasing pressure to
find new ways of cutting costs. However, all too often
IT outsourcing projects fail because
companies have not applied appropriate
governance processes to the project.
Member: US $50.00
2ITO
A Practical Guide to
Reducing IT Costs
Anita Cassidy and Dan Cassidy

Eliminating and driving down costs has long
been second nature for many IT organizations. In
challenging economic times, even further cutting of
IT costs is a requirement for the survival of many
organizations. Whether in the midst of an economic
downturn or upturn, effective cost management
is critical as IT costs can be a significant portion
of an organizations overhead cost
structure and can even impact an
organizations competitive position.
Member: US $45.00
3JR
Member: US $60.00
26MDM
Book Review
74
IT Governance and
Business Management
Swanson on Internal Auditing:
Raising the Bar
Dan Swanson
As a profession, internal audit sits somewhere

between having a low profile that is barely mentioned
in governance regulations, to making a key contribution
to better corporate transparency by improving how
risk is perceived and addressed. A low-key approach
has the danger that the value of internal audit may
be overlooked, while a higher profile creates greater
expectations that must be fully met as auditors reach
out toward a new, more challenging role. This book
provides concise commentary on strategic issues
regarding the way internal audit is established, planned
and performed. High-level issues sit
alongside practical guidance to ensure
that the book has an appeal to all
levels of internal audit management
and staff, as each reader can dip
into a range of important topics.
Member: US $30.00
9ITSIA
75
IT Governance and
Business Management
The Service Catalog
Mark OLoughlin
The Service Catalog means many different things to

many different people. However most would agree that
a catalog that helps customers and users to quickly
identify the services that they require clearly adds value.
In turn this helps organizations identify key services that
support business processes, understand the contribution
made by those services and manage them appropriately.
This well-constructed book provides practical advice
and information that will help organizations to
understand how to design and develop
a service catalog and understand the
role that the service catalog performs
within the service portfolio.
Member: US $56.00
13VH
Technology Scorecards: Aligning IT

Investments With Business Performance
Unlocking Value: An Executive Primer

on the Critical Role of IT Governance
ISACA
The goals of this publication are to:

Increase awareness, understanding and
adoption of

Create
a call to enterprises for the need to adopt

the concepts of IT governance

Assist
CIOs in their effort to increase their

enterprises leadership awareness of the need to
adopt the concepts of IT governance and obtain
their support

Assist
CIOs in their effort to facilitate an

understanding of the topic and obtain their buyin and commitment

Assist
CIOs in their effort to

provide leadership for successful
implementation, adoption and
execution of IT governance
Member: US $7.00
Nonmember: US $7.00
4ITG
Sam Bansal
Readers can learn how to establish key performance

indicators and value scorecards for
IT to ensure maximum value in their
corporation with the step-by-step
approach in Technology Scorecards.
This book will show the reader how to:
Member: US $50.00
77WTS
Visible Ops Security: Achieving Common

Security and IT Operations Objectives in 4
Practical Steps
Gene Kim, Paul Love and George Spafford
Visible Ops Security builds upon the methodology

presented in the original Visible Ops Handbook. It guides
information security professionals in strengthening
relationships with IT operations and development
groups to advance IT objectives and business goals. It
addresses the people side of IT, empowering security to
work with operations teams to achieve closely aligned
objectives and with development and
release teams to integrate security
requirements into preproduction work.
Member: US $22.00
2ITPI
World Class IT: Why Businesses

Succeed When IT Triumphs
Peter A. High
Technology is all around. It is so pervasive that one

may not even recognize when interacting with it.
Despite this fact, many companies have yet to leverage
information technology as a strategic weapon. What
then is an information technology executive to do
to raise the prominence of his/her department? In
World Class IT, recognized expert in IT strategy Peter
High reveals the essential principles IT executives
must follow and the order in which they should follow
them whether they are at the helm
of a high-performing department or
one in need of great improvement:
Member: US $38.00
87WWC
Book Review
76
IT Governance and
Business Management
IT Governance and
Business Management
IT Governance for CEOs and

Members of the Board
Robust Control System Networks:

How to Achieve Reliable Control
7 Steps To Better Written

Policies And Procedures
This book gives a concise overview of Information

Technology Governance and is geared towards those
who need to understand it the most, but usually
have the least time to do so :- CEOs and members
of the Board!! It provides a summary of the reasons
IT Governance is required, a brief description of the
elements of IT Governance, and, most importantly,
gives guidance with regards to the responsibilities
of the Board. This book also gives guidance as
to what is required of the Board
and CEO, and what should be
delegated to the CIO and others.
Other security experts advocate risk management,

implementing more firewalls and carefully managing
passwords and access. Not so this book: those measures,
while necessary, can still be circumvented. Instead, this
book shows in clear, concise detail how a system that
has been set up with an eye toward quality design in the
first place is much more likely to remain secure and less
vulnerable to hacking, sabotage or malicious control. It
blends several well-established concepts and methods
from control theory, systems theory,
cybernetics and quality engineering to
create the ideal protected system.
Member: US $13.00
1CSITG
Member: US $97.00
15ITIP
7 Steps to Better Written Policies and Procedures

provides information on how to use a template for
gathering content for your policy or procedure document.
Ask the author (stevebpage at gmail.com) for a free
template, or you can make your own based on the
examples I provide in this book. This book is the answer
you have been seeking...an easy way to fill in the blanks
in a template...and the end result is a completed policy
or procedure draft document. While this book focuses
on writing clear, consistent, and accurate policies and
procedures, this author has also included a five-step
writing process that will not only help you research,
organize, and write your policy and procedure documents
but the five-step writing process can be used for
virtually any type of written material
such as memos, presentations,
or other correspondence.
Brynn TT Phillips
Illustrating Prince2:
Project Management in Real Terms
77
Ralph Langner
Stephen Page
Safeguarding Critical E-Documents:

Implementing a Program for Securing
Confidential Information Assets
Robert & Smallwood, Barclay T. Blair
Practical, step-by-step guidance for corporations,

universities and government agencies to protect and
secure confidential documents and business records.
Managers and public officials are looking for
technology and information governance solutions to
information leakage in an understandable, concise
format. Safeguarding Critical E-Documents provides
a road map for corporations, governments, financial
services firms, hospitals, law firms, universities and
other organizations to safeguard
their internal electronic documents
and private communications.
Member: US $75.00
98WSC
Member: US $20.00
3PAGE
Susan Tuttle
PRINCE2 is a versatile project management

method that can be tailored to any project, of
any size, in any environment, by any company. It
is widely recognized and extensively used. This
book will show you how PRINCE2 will enable you
to obtain the best possible results from all your
projects. Written by an experienced practitioner
and trainer, this step-by-step guide breaks down
the PRINCE2 methodology
into bite-size chunks, giving
clear explanations and practical
illustrations in each section.
Member: US $46.00
2MPRC
Book Review
78
Inventory Reduction
Sale Listing
RISK RELATED
55WRC Risk, Control and Security:
Concepts and Application
5PL
INVENTORY REDUCTION
SALE LISTING
Section: 08
SAVE
RISK RELATED
40-50%
AUDIT, CONTROL AND SECURITY
ESSENTIALS
AUDIT, CONTROL AND SECURITY
Risk Management & Risk

Assessment
AUDIT, CONTROL AND SECURITYESSENTIALS

Member
Nonmember
$70.00
$75.00
$64.00
$69.00
AUDIT, CONTROL AND SECURITYSPECIFIC

ENVIRONMENTS
19-CRC
$46.00
$51.00
4IGI
Computer Security, Privacy

and Politics: Current Issues,
Challenges and Solutions
$40.00
$45.00
52-WFD The Handbook of Fraud
$62.00
$67.00
68-WHF Healthcare Fraud: Auditing
$50.00
$55.00
53CRC FISMA Principles and
$110.00
$115.00
Best Practices: Beyond

Compliance
$20.00
$25.00
$45.00
$50.00
Role Engineering for

Enterprise Security
Management
$65.00
$70.00
1-IGI
Securing the Information

Infrastructure
$75.00
$80.00
6PL
Auditing IT Infrastructures
$64.00
$69.00
31CRC Complete Guide to Security
$70.00
$75.00
1ABES Enterprise Security for the
$30.00
$35.00
7ART
FImplementing the ISO/IEC

27001 Information Security
Management System
Standard
$65.00
$70.00
IT Auditing: The Process
$64.00
$69.00
Stepping Through the

InfoSec Program
$25.00
$30.00
and Detection Guide
Member
Nonmember
$50.00
$55.00
5IGI
ICT Ethics & Security in the

21st Century
83WIS Information Storage &
PLIN
Linux: Security, Audit and

Control Features
$18.00
$23.00
4DC
Audit Guidelines for DB2
$45.00
$50.00
PW
Managing Risk in the

Wireless Environment:
Security, Audit and Control
Issues
$20.00
$25.00
IT GOVERNANCE AND
BUSINESS MANAGEMENT
Books offered in the ISACA Bookstore
Special Sale may contain dated
material, overall these books are still
of value. Sale prices effective while
quantities are available.
Get access to cutting-edge, front-line perspectives on emerging trends, developing risks and
professional development. Stay up to date on the latest industry topics and gain unique insights from
the industrys most innovative thought leaders.
Nonmember
Deterrence
INTERNET AND RELATED

SECURITY TOPICS
Save on ISACA exam study aids, and receive discounted IT industry publications. Equip yourself with
knowledge critical to thinking strategically and navigating todays complex IT issues. From surveys and
whitepapers to frameworks, standards and research publications, ISACA has what you need.
Member
Building a Global Information

Assurance Program
See www.isaca.org/salebooks for descriptions.
Management: Storing,
Managing, and Protecting
Digital Information
69-WPS Public Sector Auditing: Is it

Value for Money?
8-ART
and Privacy Metric:

Measuring Regulatory
Compliance, Operational
Resilience, and ROI
Executive: Setting the Tone

from the Top
8PL
2BAY
79
80
Inventory Reduction
Sale Listing
INTERNET AND RELATED SECURITY TOPICS
Nonmember
19M24 24 Deadly Sins of Software
$30.00
$35.00
1-NBS The Big Switch: Rewiring the
$12.00
$17.00
2SCC
Cybercrimes: A
Multidisciplinary Analysis
$115.00
$120.00
Network Security
Fundamentals
$45.00
Security: Programming Flaws

and How to Fix Them
World, from Edison to Google
59WNS
56WPC Phishing and Counter
Measures: Understanding
the Increasing Problem of
Electronic Identify Theft
30CRC Securing Converged IP

Networks
$60.00
$55.00
$50.00
$65.00
$60.00
1HA
Scrappy Information Security:
$15.00
$20.00
6-EL
XSS Exploits-Cross Site

Scripting Attacks and Defense
$43.00
$48.00
The Little Black Book of

Computer Security, 2nd
Edition
$18.00
$23.00
29ST3
1WCNR No Root for You: A Series of
Tutorials, Rants and Raves,

and Other Random Nuances
Therein
11EL
Cyber Attacks:
Protecting National
Infrastructure
Inventory Reduction
Sale Listing
IT GOVERNANCE AND BUSINESS MANAGEMENT
Member
Member
Nonmember
$60.00
$65.00
Disaster Recovery Directory

15th Edition
$105.00
$110.00
Emerging Topics and

Technologies in information
System.
$140.00
Enterprise Information
Security and Privacy
$60.00
41-WES Enterprise Security-IT
$40.00
37CRC Digital Privacy: Theory,
Technologies, and Practices
1-DR
2-IGI
9ART
Security Solutions: Concepts,

Practical Experiences,
Technologies
1JR
Essential Project Investment

Governance and Reporting
Preventing Project Fraud and
Ensuring Sarbanes-Oxley
Compliance
23WIT The Executive Guide to
2nd Edition
72-WGP Global Perspectives in

$20.00
$40.00
$25.00
$45.00
81
IT GOVERNANCE AND BUSINESS MANAGEMENT (Continued)

Member
Nonmember
$85.00
$90.00
3VH
$33.00
$37.00
40-WSO Making IT Governance Work
$39.00
$44.00
49-WMG Managers Guide to
$45.00
$50.00
8-VH
52CRC Lean IT: Enabling and

Sustaining Your Lean
Transformation
$145.00
in a Sarbanes-Oxley World
$42.00
$65.00
ComplianceSarbanesOxley, COSO, ERM, COBIT,

IFRS, BASEL II, OMBs A-123,
ASX 10, OECD Principles,
Turnbull Guidance, Best
Practices, and Case Studies
$45.00
$47.00
$50.00
$62.00
$67.00
Harmonization: Classification
of Global Guidance
$25.00
$258.00
WSA & Security Awareness: Best

PSA Practices to Secure Your
$15.00
$20.00
$5.00
$5.00
58-WSOA Service Oriented
Architecture: A Planning and

Implementation Guide for
Business and Technology
5-ID
IT Portfolio Management
WSH
$235.00
6-VH
6-ART
$3.00
The Privacy Management

Toolkit
$95.00
$40.00
$3.00
1IS
$90.00
$35.00
Governance: Guidance for
Boards of Directors and
Executive Management, 2nd
Edition
$60.00
$20.00
IT Financial Management
2ITG
$55.00
404 Implementation Toolkit:

Practice Aids for Auditors
and Managers
$15.00
12VH
$35.00
75WSO The Sarbanes-Oxley Section
The IBM Data Governance

Unified Process
$130.00
$30.00
$60.00
1IBM
$125.00
Governance: Guidance
for Information Security
Managers
$55.00
$35.00
Ethics: Cultural Perspectives
3ITG
Principles and Practices of

Business Continuity: Tools
and Techniques
$30.00
3-ID
$51.00
6RO
7ITGR
Manager: Text & Cases
$46.00
$48.00
$65.00
$55.00
Frameworks for IT
Management
$43.00
Compliance Using Open

Source Tools, 2nd Editions
$60.00
Nonmember
5-SYN Sarbanes-Oxley IT
Green IT in Practice
65-WISM Information System for
IT Service Management
Global Best Practices
Member
73-WSOA Service Oriented Architecture
$45.00
Enterprise
1ITG
$35.00
$40.00
Six Sigma for IT

Management
$54.00
$59.00
Social and Human Elements

of Information Security:
Emerging Trends and
Countermeasures
$155.00
$160.00
Field Guide for Executives
Book Review
$40.00
Board Briefing on IT
Governance, 2nd Edition
82
83
Title Index
Symbols
CISA Review Questions, Answers & Explanations Manual 2013 (Chinese)

5
2
.
CISA Review Questions, Answers & Explanations Manual,
7 Steps To Better Written Policies And Procedures ........................77
2013 Supplement ...............................................................................15
24 Deadly Sins of Software Security: Programming Flaws and How to
CISA Review Questions, Answers & Explanations Manual
Fix Them .................................................................................................80
2013 Supplement (Chinese) ............................................................25
2012
CISA Review Questions, Answers & Explanations Manual 2014
(CISM) .......................................................30
Supplement ..........................................................................................15
2013CISA& ..........................29
CISA Review Questions, Answers & Explanations Manual 2014
2013CISA&
Supplement (Chinese) .......................................................................25
) ...............................................................................................30
CISM Practice Question Database v14 ..............................................16
2014CISA
CISM Review Manual 2013 ....................................................................16
...........................................................................................30
CISM Review Manual 2014 ....................................................................16
2014
CISM Review Questions, Answers & Explanations Manual 2014 . . . 16
(CISA (Japanese) ............................29
CISM Review Questions, Answers & Explanations Manual
2014 Supplement ...............................................................................16
Cloud Computing - Assessing the Risks .............................................62
A
Cloud Computing: Implementation, Management, and Security . . . 54
Access Control, Security, and Trust: A Logical Approach ............42
COBIT 4.1 .....................................................................................................11
Accounting Information Systems, 9th Edition .................................42
COBIT 5: A Business Framework for the Governance and
Advanced Persistent Threats: How to Manage the Risk to Your Business
16 ,7.3
Management of Enterprise IT .........................................................6
AManaging Risk in the Wireless Environment: Security, Audit and
COBIT 5: Enabling Information ............................................................6
Control Issues .......................................................................................79
COBIT 5: Enabling Processes ...................................................................24
A New Auditors Guide to Planning, Performing, and Presenting IT8Audits
4
.
COBIT 5: Enabling Processes ................................................................6
An Executive Guide to IFRS: Content, Costs and Benefits to Business .64
COBIT 5: Enabling Processes (Chinese) ...............................................26
Applied Oracle Security: Developing Secure Database and
COBIT 5: Enabling Processes (German) ...............................................32
Middleware Environments ..............................................................50
COBIT 5: Enabling Processes (Japanese) ............................................31
A Practical Guide to Reducing IT Costs ...............................................73
COBIT 5: Enabling Processes (Romanian) ..........................................34
Audit Guidelines for DB2 .........................................................................79
COBIT 5: Enabling Processes (Turkish) ................................................35
Auditing and Assurance Services: Understanding the Integrated Audit
2 .
4
COBIT 5 for Assurance .............................................................................6
Auditing IT Infrastructures ......................................................................79
COBIT 5 for Information Security ........................................................6
Auditors Guide to IT Auditing and Software Demo, 2nd Edition . . . 49
COBIT 5 For Information Security .........................................................24
COBIT 5 for Risk .........................................................................................7
B
COBIT 5 Framework ...................................................................................24
COBIT 5 Framework (Arabic) ...................................................................32
Base de Datos de Preguntas de Prctica v14 CISA .........................21
COBIT 5 Framework (Chinese) ...............................................................26
Big DataA Revolution That Will Transform How We Live, Work and
2 Think
.
6
COBIT 5 Framework (German) ...............................................................32
Board Briefing on IT Governance, 2nd Edition ................................81
COBIT 5 Framework (Japanese)..............................................................31
Building a Global Information Assurance Program .......................79
COBIT 5 Framework (Lithuanian) ..........................................................33
Building an Effective Information Security Policy Architecture .42
COBIT 5 Framework (Romanian) ...........................................................34
Build Your Own Security Lab: A Field Guide for Network Testing . . . 42
COBIT 5 Framework (Russian) ................................................................34
COBIT 5 Framework (Thai) .......................................................................35
C
COBIT 5 Implementation .........................................................................24
COBIT 5 Implementation .......................................................................6
CGEIT Review Manual 2014 ..................................................................17
COBIT 5 Implementation (Chinese) .....................................................26
CGEIT Review Questions, Answers & Explanations Manual 2013 . . . 17
COBIT 5 ( Hebrew) .........................................................................33
CGEIT Review Questions, Answers & Explanations Manual
COBIT 5 Implementation (Japanese) ...................................................31
2013 Supplement ...............................................................................17
COBIT AG (Audit Guidelines) ................................................................12
CGEIT Review Questions, Answers & Explanations Manual
COBIT and Application Controls: A Management Guide ...........11
2014 Supplement ...............................................................................17
COBIT Assessor Guide: Using COBIT 4.1 .........................................11
CIO Best Practices: Enabling StrategicValueWith InformationTechnology,
COBIT Assessor Guide: Using COBIT 5 .................................................7
2nd Edition ............................................................................................64
COBIT Control Practices: Guidance to Achieve Control Objectives
CISA Practice Question Database v14 ...............................................15
for Successful IT Governance, 2nd Edition .................................11
CISA Review Manual 2014 .....................................................................15
COBIT CSA (Control Self-assessment) ..............................................12
CISA Review Manual 2014(Chinese) ..................................................25
COBIT Delphos ..........................................................................................12
CISA Review Questions, Answers & Explanations Manual 2013 . . . . 15
COBIT KP (Knowledge Provider) .........................................................12

COBIT MG (Management Guidelines) ...............................................12
COBIT Process Assessment Model (PAM): Using COBIT 4.1 .....11
COBIT Process Assessment Model (PAM): Using COBIT 5 .............7
COBIT Security Baseline: An Information Security Survival Kit, 2nd
1 Edition
1
.
COBIT Self-assessment Guide: Using COBIT 4.1 ..........................11
COBIT Self-Assessment Guide: Using COBIT 5 .................................7
COBIT Suite Datasec .............................................................................12
COBIT User Guide for Service Managers ..........................................11
Computacin Forense: Descubriendo Los Rastros Informticos . . . . 23
Computer Forensics InfoSec Pro Guide ..............................................61
Computer Security, Privacy and Politics: Current Issues, Challenges
and Solutions ........................................................................................79
Configuration Management: Using COBIT 5 ....................................9
Controles estratgicos y operacionales de la TI ..............................23
Creating a Culture of Security ................................................................65
CRISC Practice Question Database ...................................................19
CRISC Review Manual 2014 .................................................................18
CRISC Review Questions, Answers & Explanations Manual 2013 . . 18
Cyber Attacks: Protecting National Infrastructur ............................54
Cybercrimes: A Multidisciplinary Analysis .........................................80
Cybercrime: The Investigation, Prosecution and Defense of a
Computer-Related Crime, 3rd Edition .........................................54
Cybersecurity: The Essential Body of Knowledge ...........................54
G
Global Perspectives in Information Security ....................................80
Governance, Risk and Compliance Handbook: Technology, Finance,
Environmental, and International Guidance and Best Practices .66
Gray Hat Hacking: The Ethical Hackers Handbook, 3rd Edition .55
Green IT in Practice ....................................................................................80
H
Hacking Exposed 7: Network Security Secrets & Solutions ........55
Hacking Exposed Malware and Rootkits: Malware & Rootkits
Secrets & Solutions .............................................................................66
Hacking Exposed Web Applications, 3rd Edition ............................55
Hacking Exposed Wireless: Wireless Security Secrets & Solutions,
2nd Edition ............................................................................................55
Healthcare Fraud: Auditing and Detection Guide ..........................79
Honeypots: A New Paradigm to Information Security .................56
How to Complete a Risk Assessment in 5 Days or Less Thomas R. Peltier
7 .
3
Human Factors in Project Management: Concepts,Tools, andTechniques
for Inspiring Teamwork and Motivation .....................................66
ICT Ethics & Security in the 21st Century ...........................................79

Identifying and Aligning Business Goals and IT Goals: Full Research
7 Report
6
.
D
Identity Management: Concepts, Technologies, and Systems ..50
Illustrating Prince2: Project Management in Real Terms .............76
Data Protection: Governance, Risk Management, and Compliance . 43
Implementing and Continually Improving IT Governance .........11
Digital Privacy: Theory, Technologies, and Practices .....................80
Implementing Information Technology Governance: Models,
Disaster Recovery Directory 15th Edition ..........................................80
Practices and Cases ............................................................................67
Implementing Service Quality Based on ISO/IEC 20000 ..............67
E
Implementing the Project Management Balanced Scorecard ..67
Information Security and Privacy: A Practical Guide for Global Executives,
Effective Project Management: Traditional, Agile, Extreme, 6th Edition
3.
4
Lawyers and Technologists ..............................................................44
Emerging Topics and Technologies in information System. .......80
Empowering Green Initiatives With IT: A Strategy and Implementation
5
6Guide Information Security Governance: Guidance for Boards of Directors
.
and Executive Management, 2nd Edition ..................................81
Enterprise Information Security and Privacy ....................................80
Information Security Governance: Guidance for Information
Enterprise Security for the Executive: Setting the Tone from the Top .79
Security Managers ..............................................................................68
Enterprise Security-IT Security Solutions: Concepts, Practical
Information Security Governance: Guidance for Information
Experiences, Technologies ...............................................................80
Security Managers ..............................................................................81
Enterprise Value: Governance of IT Investments, Getting Started With
Information Security Governance Simplified: From the Boardroom to
Value Management ............................................................................12
the Key Board .......................................................................................61
Enterprise Value: Governance of IT Investments,The Val IT Framework
2
12.0
.
Information Security Harmonization: Classification of Global Guidance
1 .
8
Essential Project Investment Governance and Reporting Preventing
Information Security Management Metrics: A Definitive Guide to
Project Fraud and Ensuring Sarbanes-Oxley Compliance ....80
Effective Security Monitoring and Measurement ...................65
Essentials of Corporate Fraud ................................................................44
Information Security Policies Made Easy, Version 12 ....................68
Information Security Roles & Responsibilities Made Easy, Version V3 .68
F
Information Security: The Complete Reference, 2nd Edition ....56
FImplementing the ISO/IEC 27001 Information Security Management
Information Storage & Management: Storing, Managing, and Protecting
System Standard .................................................................................79
Digital Information .............................................................................79
FISMA Principles and Best Practices: Beyond Compliance ..........79
Information System for Manager: Text & Cases ...............................80
Frameworks for IT Management ...........................................................81
Information Technology Control and Audit, 4th Edition .............44
Fraud 101: Techniques and Strategies for Understanding Fraud,63rd Edition
6
.
Information Technology Ethics: Cultural Perspectives .................80
Fraud Analysis Techniques Using ACL ................................................44
84
Title Index
Information Technology for Management: Improving Strategic and
Operational Performance, 8th Edition ........................................69
Information Technology Governance and Service Management:
Frameworks and Adaptations ........................................................68
Information Technology Risk Management in Enterprise Environments
7 .
3
Interpretation and Application of International Standards on Auditing
5 .
4
Introduction to Healthcare Information Technology, 1st Edition . . 52
IT Assurance Guide: Using COBIT .......................................................11
IT Audit, Control, and Security ...............................................................45
IT Auditing: The Process ...........................................................................79
IT Auditing Using Controls to Protect Information Assets, 2nd Edition
5.
4
IT Control Objectives for Basel II: The Importance of Governance and Risk
Management for Compliance ........................................................46
IT Control Objectives for Cloud Computing: Controls and Assurance
in the Cloud ...........................................................................................46
IT Control Objectives for Cloud Computing: Controls and Assurance
in the Cloud (Italian) ..........................................................................29
IT Financial Management ........................................................................80
IT Governance and Process Maturity ...................................................71
IT Governance: A Pocket Guide .............................................................69
IT Governance for CEOs and Members of the Board .....................76
IT Governance: Policies & Procedures, 2014 Editio .........................69
IT Governance to Drive High Performance: Lessons From Accenture 1.
7
IT Outsourcing Contracts: A Legal and Practical Guide (Pocket Guide)
1 .
7
IT Outsourcing: Part 1 Contracting the Partner ...............................71
IT Portfolio Management ........................................................................80
IT Project Management: 30 Steps to Success ...................................72
IT Project Management: On Track From Start to Finish, 3rd Edition .72
IT Risk: Turning Business Threats Into Competitive Advantage .38
IT Security Metrics: A Practical Framework for Measuring Security &
Protecting Data Lance Hayden ......................................................46
IT Service Management Global Best Practices .................................81
IT Strategic and Operational Controls ................................................48
Manual de Preguntas, Respuestas y Explicaciones de Preparacin al

Examen CISA Suplemento 2013 ..................................................22
Examen CISA Suplemento 2014 ..................................................21
Examen CISM Suplemento 2014 .................................................22
Examen CISM Suplemento 2014 .................................................23
Manual de Preparacin al Examen CISA 2014 ...............................21
Manual de Preparacin al Examen CISM 2014 ..............................22
Manuale di Esercitazione CISA 2013: Domande, Risposte e Spiegazioni
8 .
2
Manuale di Esercitazione CISA: Domande, Risposte e Spiegazioni
Supplemento 2013 .............................................................................28
Spiegazioni Supplemento 2014 .................................................28
Manuale Tecnico CISA 2014 ..................................................................28
Manuel Complmentaire CISA 2013: Questions, Rponses
et Explications ......................................................................................27
Manuel Complmentaire CISA 2014: Questions, Rponses
et Explications........................................................................................27
Manuel de Prparation CISA 2014 .....................................................27
Master Data Management and Data Governance, 2nd Edition .72
Mobile Application Security ...................................................................56
MOFMicrosoft Operations Framework V4.0: A Pocket Guide . . . . 73
Monitoring Internal Control Systems and IT ....................................73
N
Network Security Bible, 2nd Edition ....................................................56
Network Security Fundamentals ..........................................................80
No Root for You: A Series of Tutorials, Rants and Raves, and Other
Random Nuances Therein ................................................................80
KeyPerformanceIndicators:Developing,Implementing,andUsingWinning
KPIs, 2nd Edition ..................................................................................72
Official Certified Ethical Hacker Review Guide: For Version 7.1, 1st
1 Edition
6
.
OncemoretheBreach:ManaginginformationSecurityinanUncertainWorld49
Outsourcing IT: A Governance Guide ..................................................73
Lean IT: Enabling and Sustaining Your Lean Transformation .....81

Linux: Security, Audit and Control Features .....................................79
PCI Compliance, 3rd Edition Understand and Implement Effective

PCI Data Security Standard Compliance .....................................48
Phishing and Counter Measures: Understanding the Increasing Problem
of Electronic Identify Theft ..............................................................80
Pragmatic Security Metrics: Applying Metametrics to Info Sec .59
Principios de Auditoria y Control de Sistemas de Informacion
(Segunda Edicion) ...............................................................................23
Principles and Practices of Business Continuity: Tools and Techniques
1.
8
Protecting Industrial Control Systems From Electronic Threats . . . . 50
Public Sector Auditing: Is it Value for Money? .................................79
M
Making IT Governance Work in a Sarbanes-Oxley World .............81
Managers Guide to ComplianceSarbanes-Oxley, COSO, ERM, COBIT,
IFRS, BASEL II, OMBs A-123, ASX 10, OECD Principles, Turnbull
Guidance, Best Practices, and Case Studies ...............................81
Manual de Preguntas, Respuestas y Explicaciones de Preparacin
al Examen CISA 2013 .......................................................................22
R
Responding to Targeted Cyberattacks ...............................................60
Reverse Deception: Organized Cyber Threat Counter Exploitation . . 60
Risk, Control and Security: Concepts and Application .................79
Risk Management Approach to Business Continuity: Aligning Business
Continuity With Corporate Governance .....................................13
Risk Management & Risk Assessment .................................................79
Robust Control System Networks: How to Achieve Reliable Control . 76
Role Engineering for Enterprise Security Management ...............79
S
Safeguarding Critical E-Documents: Implementing a Program for
Securing Confidential Information Assets .................................77
SAP Security and Risk Management, 2nd Edition ..........................48
Sarbanes-Oxley IT Compliance Using Open Source Tools, 2nd Editions 1.
8
Scrappy Information Security ................................................................80
Securing Cloud Services: A pragmatic guide to security architecture
in the Cloud ...........................................................................................60
Securing Converged IP Networks .........................................................80
Securing Mobile Devices: Using COBIT 5 for Information Security . . . . . 9
Securing the Clicks: Network Security in the Age of Social Media . . . 58
Securing the Information Infrastructure ............................................79
Security, Audit and Control Features Oracle Database, 3rd Edition . 50
Security, Audit and Control Features Oracle E-Business Suite, 3rd Edition
1 .
5
Security, Audit and Control Features Oracle PeopleSoft, 3rd Edition* .51
Security Audit and Control Features SAP ERP, 3rd Edition ..........52
Security Awareness: Best Practices to Secure Your Enterprise ...81
Security Considerations for Cloud Computing ...............................58
Security Information and Event Management (SIEM) Implementation .58
Security Metrics: A Beginners Guide ..................................................49
Security, Strategies in Windows Platform and Applications, Second2Edition
5
.
Service Oriented Architecture: A Planning and Implementation Guide for
Business and Technology .................................................................81
Service Oriented Architecture Field Guide for Executives ...........81
SharePoint Deployment Governance Using COBIT 4.1:
A Practical Approach .........................................................................12
Six Sigma for IT Management ................................................................81
SOC 2: A User Guide ..................................................................................49
Social and Human Elements of Information Security: Emerging Trends
and Countermeasures .......................................................................81
Stepping Through the InfoSec Program ............................................79
Swanson on Internal Auditing: Raising the Bar ...............................74
System Forensics, Investigation, and Response ..............................58
T
Technology Scorecards: Aligning IT Investments With Business
Performance .........................................................................................74
The Big Switch: Rewiring the World, from Edison to Google .....80
The Business Case Guide Using Val IT 2.0 .....................................12
The Business Model for Information Security ..................................64

The Business Value of IT: Managing Risks, Optimizing Performance
and Measuring Results ......................................................................12
The Definitive Guide to the C&A Transformation ...........................43
The Essential Guide to Internal Auditing, 2nd Edition ..................43
The Executive Guide to Information Technology 2nd Edition ...80
The Failure of Risk Management: Why Its Bro ken and How to Fix It .37
The Handbook of Fraud Deterrence ....................................................79
The IBM Data Governance Unified Process .......................................80
The Little Black Book of Computer Security, 2nd Edition ............80
The Operational Risk Handbook for Financial Companies ..........38
The Privacy Management Toolkit .........................................................81
Theres A New Sheriff In Town ................................................................59
The Risk IT Framework ..............................................................................13
The Risk IT Practitioner Guide ................................................................13
The Root Kit Arsenal: Escape and Evasion in the Dark Corners of the
System, 2nd Ed .....................................................................................60
The Sarbanes-Oxley Section 404 Implementation Toolkit: Practice Aids
for Auditors and Managers ..............................................................81
The Service Catalog ...................................................................................74
The Web Application Hackers Handbook: Finding and Exploiting
Security Flaws, 2nd Edition ..............................................................59
Transforming Cybersecurity: Using COBIT 5 .....................................9
U
Unlocking Value: An Executive Primer on the Critical Role of IT
Governance ISACA ..............................................................................75
V
Visible Ops Security: Achieving Common Security and IT Operations
Objectives in 4 Practical Steps ........................................................75
W
Web Application Security: A Beginners Guide ...............................59
Wireless network Security A beginners Guide ................................52
World Class IT: Why Businesses Succeed When IT Triumphs ......75
X
XSS Exploits-Cross Site Scripting Attacks and Defense ................80
85
86
ISACA is a global association

that builds trust in, and value from,
information systems. Established
over 40 years ago, ISACA is a trusted
source of knowledge, networking,
education and career development for
audit, assurance, risk, security, control,
privacy and governance professionals.
Through our worldwide community,
ISACA inspires and equips individuals
to be more capable, valued and
successful in the fast changing world
of information systems, information
technology and business.
@ISACANews
facebook.com/ISACAHQ
linkedin.com/groups/ISACA-Official-3839870
www.isaca.org

Bookstore-2014-Catalog Bro Eng 0314

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Bookstore-2014-Catalog Bro Eng 0314

Uploaded by

Copyright:

Available Formats

YOUR LEADING

RESOURCE FOR SUCCESS

2014 BOOKSTORE CATALOG

2014 BOOKSTORE CATALOG

Member Complimentary PDF Download

2014 BOOKSTORE CATALOG

EXAMINATION REFERENCE MATERIALS

AUDIT, CONTROL and SECURITY RELATED

INTERNET & RELATED SECURITY TOPICS

IT GOVERNANCE & BUSINESS MANAGEMENT

INVENTORY REDUCTION SALE

RESEARCH & RESOURCES

2014 BOOKSTORE CATALOG

COBIT 5 & RELATED PRODUCTS

COBIT 5 Enabler Guides

COBIT 5: Enabling Processes

COBIT 5: A Flexible Framework

COBIT 5: Enabling Information

COBIT 4.1 & RELATED PRODUCTS

COBIT 5 Professional Guides

Globally Endorsed & Validated

COBIT 5 For Risk

Robust Family of Products

2014 BOOKSTORE CATALOG

PROFESSIONAL GUIDES (Continued)

COBIT ASSESSMENT PROGRAM

COBIT 5: A Business Framework for

COBIT Process Assessment Model (PAM):

This volume documents the five principles and seven

Information and related information technologies are

COBIT 5 for Risk

A Business Framework for the

COBIT 5 for Information Security

COBIT 5 for Information Security examines COBIT 5

A reference guide that provides a structured way of

Effectively managing IT risk helps drive better business

The Process Assessment Model (PAM) for COBIT 5

COBIT Assessor Guide: Using COBIT 5

This publication contains a detailed reference guide

COBIT 5: Enabling Information

COBIT 5 for Assurance

Building on the COBIT 5 framework, this guide focuses

COBIT 5 Special Bulk

COBIT 5 Bundle Discount:

MEMBER PRICE: US $95.00

Provide organizations with an understandable,

COBIT Self-Assessment Guide:

Building on the COBIT 5 framework, this guide

Member Complimentary PDF Download

2014 BOOKSTORE CATALOG

EXTRACTING VALUE FROM

COBIT PRACTICAL GUIDANCE

BYOD [BRING YOUR OWN DEVICE]

Enterprises continuously experience changes and

BUSINESS GOVERNANCE AND

COBIT 5 Training Programs

COBIT 5 Foundation Course & Exam

Download a complimentary copy of COBIT 5 today or learn more at

This publication describes the vendor management process

This publication is intended for several audiences who

Cybersecurity has evolved as a new field of interest,

Securing Mobile Devices:

THE AVERAGE CORPORATE

SOCIAL MEDIA RISK