cupLiz NetBook

Tingkatkan Rasa Percaya Dirimu

2009-05-19T22:57:00.006+07:00

Kebanyakan orang jika ditanya apakah mereka ingin meningkatkan kepercayaan dirinya, jawabannya pasti "ya". Sebenarnya apa sih yang dimaksud dengan kepercayaan diri? Orang yang percaya diri adalah orang yang merasa aman dengan mengetahui bakatnya, sangat rilek dan ingin mendengar maupun belajar dari orang lain.

Kepercayaan diri bukanlah arogansi atau perilaku memamerkan kepandaian, membanggakan diri dan sombong, yang seringkali merupakan model pembelaan yang digunakan oleh mereka yang tidak memiliki kepercayaan diri. Orang yang arogan, cenderung berorientasi pada diri sendiri (self-oriented), ingin dirinya selalu berbicara, dan sangat khawatir jika mereka tidak cukup baik sehingga mereka membanggakan diri di setiap kesempatan.

Berbeda dengan orang yang arogan, orang yang percaya diri akan mempunyai ciri-ciri berikut:

Merasa nyaman berbicara dengan orang asing untuk pertama kalinya
Selalu memberikan kesan pertama yang baik
Dapat merasa positif saat masuk ke sebuah ruangan yang dipenuhi dengan orang asing
Bisa merasa santai saat pergi ke tempat2 sosial dimana dia bertemu dengan sejumlah orang-orang baru
Tidak menemui kesulitan berbicara dengan berbagai tipe orang
Merasa nyaman secara sosial
Antusias dan bersemangat dikampus, tempat kerja, dan dirumah
Berpikir bahwa dia memiliki sifat positif tentang dirinya
Cenderung berpikir positif tentang masa depan
Fokus kepada kesuksesan daripada kegagalan
Saat menghadapi kesulitan, dapat menyelesaikan nya
Bersikap positif terhadap orang lain
Menghargai dan memuji orang disekelilingnya
Menguasai emosi dengan baik, dan dapat mengekspresikannya secara tepat
Dapat berbicara didepan umum dengan mudah
Suka kepada tantangan, karena tantangan akan menjadikannya lebih semangat.

Kira-kita, anda sudah mempunyai karakter seperti poin-poin diatas belum. Kalau memang belum semua anda miliki, sudah saat nya anda rubah diri anda dan muli mempraktekan ciri-ciri dari orang percaya diri diatas.

CISA Demands for IS Audit

2009-05-18T17:08:00.002+07:00

New regulations for more stringent financial and internal controls are driving business leaders into
a controlled frenzy. You may have heard of the following: Sarbanes-Oxley Act (corporations),Gramm-Leach-Bliley Act (financial transactions), Federal Information Security Management Act (government), Health Information Portability and Accountability Act (HIPAA), Supervisory Control and Data Acquisition (utilities), Fair and Accurate Credit Transactions Act (credit processing), Federal Financial Institutions Examination Council regulations (financial), and numerous privacy laws worldwide.

These are just a sample of the regulations and regulators facing today’s businesses.
[ad#cisa]
All of these regulations require businesses to possess two simple components:
- Evidence of business integrity
- Evidence of internal controls to protect valuable assets An asset is defined as anything of value, including trademarks, patents, secret recipes, durable goods, data files, competent personnel, and clients. Although people are not listed as corporate assets, the loss of key individuals is a genuine business threat. We can define a threat as a negative event that would cause a loss if it occurred. The path that allows a threat to occur is referred to as vulnerability
. Your job as an IS auditor is to verify that assets, threats, and vulnerabilities are properly identified and managed to reduce risk.

In the past, businesses were allowed to operate with fewer restrictions. The problem with
past regulation (or lack thereof) was that many organizations were taking risks that would
have been unacceptable to investors and business partners had they been fully informed of corporate actions. Financial auditors were focused on bank balances and transaction totals proving to be correct. Now increasing automation enables little mistakes to cascade into massive
catastrophes. Stockholders, customers, and the government are looking for reassurance that
management has taken the necessary precautions to prevent loss or corruption.

Our economy is founded on banking and investment. The majority of our global economy
invests directly or indirectly in stock and financial markets. You may be an indirect investor
through pension funds or bank accounts. Unfortunately there exists a group of individuals
who view stock as their own private monetary system. How wonderful that must be to have
our money at their disposal, without any terms of repayment, without interest or consideration,
and without the requirement to ever pay the money back. Sounds ridiculous, doesn’t it.
[ad#cisa]
But frankly, that is exactly how the stock market operates. You invest money with the hope
that one day you will see something in return, knowing that you could lose it all.
One of the purposes of a controls audit is to ensure that there is reason to believe investors’
money is protected from stupid mistakes. Our free enterprise strives to prevent another market
collapse and protect the world banking system from crashing. We expect management to specify
policies and to create procedures, processes, and safeguards to prevent loss and corruption.

It is the job of management to design a solution that effectively protects corporate assets.
As an IS auditor, you must be familiar with the various policies, standards, and procedures
that an organization or company you are auditing has. In addition, you must understand the
purpose of your audit. You will look at those topics in this section.

Understanding Policies, Standards, Guidelines, and Procedures
A plethora of documentation exists in the operation of any organization. Management uses
this documentation to specify operating and control details. Consistency would be impossible
without putting the information into writing.

Organizations typically have four types of documents in place:

Policies
These are high-level documents signed by a person of significant authority (such as
a corporate officer, president, or vice president). The policy is a simple document stating that
their particular high-level control objective is important to the organization’s success. Policies
may be only one page in length. Policies require mandatory compliance.

Standards
These are mid-level documents to ensure uniform application of a policy. After a
standard is approved by management, compliance is mandatory. All standards are used as reference points to ensure organizational compliance. Testing and audits compare a subject to the
standard, with the intention of certifying a minimum level of uniform compliance.

Guidelines
These are intended to provide advice pertaining to how organizational objectives
might be obtained in the absence of a standard. The purpose is to provide information that
would aid in making decisions about intended goals (should do), beneficial alternatives (could
do), and actions that would not create problems (won’t hurt). Guidelines are often discretionary.

Procedures
These are “cookbook” recipes for accomplishing specific tasks necessary to meet a standard. Details are written in step-by-step format from the very beginning to the end. Good procedures include common troubleshooting steps in case the user encounters a known problem. Compliance with established procedures is mandatory to ensure consistency and accuracy. On occasion a procedure may be deemed ineffective. The correct process is to update the ineffective procedure using the change control process described later. The purpose of a procedure is to maintain control over the outcome

Understanding the ISACA Code of Professional Ethics
The Information Systems Audit and Control Association (ISACA) set forth a code governing
the professional conduct and ethics of all certified IS auditors and members of the association.
As a Certified Information Systems Auditor (CISA), you are bound to uphold this code. The
following eight bullet points represent the true spirit and intent of this code:
- You agree to support the implementation of appropriate policies, standards, guidelines,
and procedures for information systems. You will also encourage compliance with this
objective.
- You agree to perform your duties with objectivity, professional care, and due diligence in
accordance with professional standards. You will support the use of best practices.
- You agree to serve the interests of stakeholders in an honest and lawful manner that
reflects a credible image upon your profession.
- You promise to maintain privacy and confidentiality of information obtained during your
audit except for required disclosure to legal authorities. Information you obtain during
the audit will not be used for personal benefit.

- You agree to undertake only those activities in which you are professionally competent
and will strive to improve your competency.
- You promise to disclose accurate results of all work and significant facts to the appropriate
parties.
- You agree to support ongoing professional education to help stakeholders enhance their
understanding of information systems security and control.
- The failure of a CISA auditor to comply with this code of professional ethics may result
in an investigation with possible sanctions or disciplinary measures.
Ethics statements are necessary to demonstrate the level of honesty and professionalism expected of every auditor. Overall, your profession requires you to be honest and fair in all representations you make. The goal is to build trust with clients. Your behavior should reflect a positive image on your profession. All IS auditors are depending on you to help maintain the high quality and integrity that clients expect from a CISA.

Copyright 2007 Best E-Book

CISA Introduction

2009-05-18T16:44:00.001+07:00

Introduction
This book is designed for anyone interested in taking the Certified Information Systems Auditor
(CISA) exam. The CISA certification is one of the hottest in the market, with annual growth in
excess of 28 percent, according to the Information Systems Audit and Control Association
(ISACA), the administering organization.

It is a trend worldwide for organizations to have to implement and prove the existence of strong
internal controls. You may have heard of a few of these, such as the Basel II accord in banking, the
Sarbanes-Oxley Act for public corporations, the Federal Information Security Management Act
(FISMA), and the Health Insurance Portability and Accountability Act (HIPAA). These are just
four of more than twenty high-profile regulations that demand audited proof of internal controls.

Frankly, these result in a long list of opportunities for a CISA. This may be the opportunity that you
have been looking for, especially if you come from a background of finance or technology.
What is the job market for certified IS auditors? The CISA world is exploding. Corporations
are hiring more consultants than ever before in an effort to obtain compliance before they get caught short.

Consulting companies are hiring as many people as they can represent as qualified in an effort to service the same corporations. Small organizations are finding themselves at a competitive disadvantage if theyâ€™re unable to demonstrate the same level of internal controls to their larger customers. One of the fundamental rules of auditing is that participating in the remediation (fixing) of problems found during the audit would compromise the auditorâ€™s independence.

Under the rules of independence, the independent auditor must remain independent to certify the results as valid. A second, unrelated auditor should work on the remediation. The requirements for regulatory compliance are ongoing, and that means remediation at some level will be ongoing too. This means that the auditor requirement is actually doubled. The opportunity for you is right now.

For many years, organizations have undergone the scrutiny of financial audits. As financial
systems have become more and more complex, automation has introduced a situation in which
the integrity of financial records may be in question. An organization would hire a certified public
accountant to review their financial records and attest to their integrity.

Larger organizations
would hire certified internal auditors to assist with normal internal controls of the business.
Now, the long list of regulations requiring internal controls has focused attention on the information
systems. Computers are now the house in which the financial records live. The CISA is
the top credential for auditing IS and related internal controls.

This book is designed to help you become a well-respected CISA. We have been teaching
CISA classes for several years and have some truly outstanding success stories. The test alone
is a stepping stone in your career. Our goal is to take you through the CISA test better than
anyone else by showing you the â€œhow and whyâ€� of IS auditing. If you are familiar with technology,
this book will help you understand how the auditor must act to be successful. If you come from a financial background, weâ€™re going to take you through an introductory tour of technology.

Our explanations are technically correct and designed to be simple to understand.
There are many opinions about how the information systems audit should be performed.
This book covers the official auditing standards necessary for you to be successful. Youâ€™ll
find that this book contains the majority of information necessary to operate a successful consulting practice. Initially our focus is on helping you pass your exam. This information will help you earn a great deal more than just a paper certificate, if you apply it.

What Is the CISA Certification?
ISACA offers the most recognized certification in the world for IS auditors. The CISA certification
is recognized worldwide by all corporations and governments. ISACA has more than 45,000 members in over 140 countries. ISACA is recognized as the leader in IT governance, control, and assurance.

The association was founded in 1969, with an objective to develop international IS auditing and control standards. As a result, it has created the number one information systems audit certification in the world, the Certified Information Systems Auditor (CISA). ISACA controls and administers the CISA exam worldwide. Over 40,000 professionals have earned their CISA to date. Still, the demand exceeds the supply.

Why Become a CISA?
So, why become a CISA? The answer: credibility and opportunity. Many people proclaim themselves to be IS auditors. The majority of uncertified auditors are no more than wellmeaning
individuals who habitually violate the official audit standards. Here is a short list of the benefits associated with becoming a CISA:

Demonstrates proof of professional achievement The CISA certification provides evidence
that you have prior experience and are able to pass a rigorous certification exam. The exam
tests your knowledge of auditing practices related to information systems. The test itself is
loaded with technical challenges that require a significant understanding of technology. The
CISA certification shows that you understand the audit requirements and are able to lead a
successful audit in accordance with widely accepted audit practices. The certification demonstrates
to the world that your experience represents a significant value.

Provides an assurance of quality to your clients
Audit clients are a demanding breed of individuals.
The fate of their organization may rest on the findings detailed in the auditorâ€™s report.
There is little room for mistakes. The CISA credential indicates that you are a person who can
be trusted to deliver accurate results. Who would you trust to represent yourself: a person with
no proof, or someone who can demonstrate a measure of their credibility? The person reading the audit report needs to understand that your work is accurate.

They will direct capital and resources to be expended according to the report you provide. The CISA certification represents a third-party audit of your personal knowledge. It helps prove your credibility.

Increases your marketability
The IS audit market is exploding at a phenomenal rate. The CISA credential helps separate you from the mass of self-proclaimed auditors. Many organizations regard the CISA as the hallmark of professionalism. There is no better way to attract the favorable attention of management. It does not matter if youâ€™re internal or external to the organizationâ€”the credential speaks for itself. The requirements called for in government regulations are becoming a growing concern for executives. Your customer may not understand all the details necessary to describe the job of an auditor; however, your client will recognize that an auditor with the CISA certification should be able to fulfill their needs.

Provides a greater opportunity for advancement
Every organization strives to hire good people who are motivated. What does the lack of certification say about someone? Is it that they are unmotivated? Could it be that they are not capable? Or is it simply that they are afraid to try? No manager in their right mind would promote an individual who has not proven their value. Taking the time to get trained and certified shows the world that you are motivated, that you are somebody who wants to get things done. That trait alone can get you promoted.

Instead of using words to describe your ability, you can prove it with your CISA credential.
People will know that youâ€™re serious about your job and will treat you accordingly.
Builds respect and confidence from other people
The world today is extremely specialized.

Consider that many things of premium value in todayâ€™s world are certified. We have certified
used cars, certified mail, certified public accountants, certified travel agents, certified lawyers,
and even certified Subway sandwich artists. The people you meet may not completely understand
what is involved in being a CISA. However, they will understand that you have expended
time and energy to obtain the certification. You will gain their respect because of the effort
youâ€™ve demonstrated. If given the choice, almost everyone would choose to use a person who is
certified. The CISA is a major step toward the widespread credibility that you desire.

How to Become a CISA
The CISA designation is given to individuals who have demonstrated their ability to fulfill the
following five requirements:

Pass the CISA exam
The CISA examination is offered two times a year, once in June and again in December. You have to register for the test three months before it is administered. You can register online at www.isaca.org or by mail. You take the test with pencil and paper
in front of a live test proctor. The examination is 200 multiple-choice questions that will take
approximately 4 hours. A grade of 75 percent is required to pass the CISA examination. There
is a 4-hour time limit. Professional experience in information systems auditing, control, or security
To qualify for certification, you must demonstrate five years of IS auditing experience. ISACA will accept up to two years of substitution toward the work experience requirement, as follows:

Related experience substitution
You can substitute a maximum of one year of experience from financial or operational auditing, or from information systems experience.

College credit hour substitution
The equivalent of an associate or bachelorâ€™s degree can
be substituted for one or two years, respectively (60 hours or 120 hours).

University instructor experience substitution
A full-time university instructor can substitute two years of on-the-job experience toward one year of the IS auditing control or security requirement.

Your CISA test results are valid for five years from the examination date. Even without any
experience at this time, you can take the examination. Certification will be awarded only after
you have provided verification of desired work experience (of five years or the equivalent).
ISACA limits acceptable experience to that which has occurred within 10 years prior to your
application date.

Continuous adherence to ISACAâ€™s code of professional ethics
Trust and integrity are paramount to the auditorâ€™s profession. You will be required to pledge your ongoing support for adherence to the IS auditorâ€™s code of professional ethics.
Continuing education in the profession You are required to continuously improve your
skills. Continuing education is the best method of maintaining an individualâ€™s competency.
Learning new skills will improve your professional abilities. Demonstrating a commitment to
continuing education differentiates qualified CISAs from those who have not fulfilled their
professional responsibilities.

You will be required to demonstrate a minimum of 20 contact hours of training each year, which must total 120 contact hours in a three-year period. Adherence to well-established IS auditing standards The purpose of auditing standards is to ensure quality and consistency. An auditor who fails to meet the standards places themselves and the profession in peril. ISACA provides excellent information to guide auditors through their professional responsibilities. The auditing standards are based on well-recognized professional practices applied worldwide.

Copyright 2007 Best E-Book

CISA Answer Assessment Test

2009-05-18T16:42:00.002+07:00

1. D. The first person on the scene is the incident commander regardless of rank or position. The
incident commander may be relieved by a person with more experience or less experience,
according to the situation. The incident commander will change throughout the crisis.

2. C. Undue restrictions on scope would be a major concern as would a lack of time or the
inability to obtain sufficient reliable evidence.

3. D. All of the audit types are valid except procedural, SAS-74, verification, and regulatory
(which are all distracters). The valid audit types are financial, operational (SAS-70), integrated
(SAS-94), compliance, administrative, forensic, and information systems. A forensic audit is used
to discover information about a possible crime.

4. C. The recovery point objective (RPO) indicates the fallback position and duration of loss
that has occurred. A valid RPO example is to recover by using backup data from last night’s
backup tape, meaning that the more-recent transactions would be lost. The recovery time
objective (RTO) indicates a point in time that the restored data should be available for the user
to access.

5. D. Computer assisted audit tools are able to perform detailed technical tasks faster than
humans and produce more-accurate data during particular functions such as system scanning.
Cost, training, and security of output are major considerations.

6. C. The risk analysis does not ensure absolute safety. The purpose of using a risk-based audit
strategy is to ensure that the audit adds value with meaningful information.

7. B. According to ISACA, the general steps in business process reengineering are envision the
need, initiate the project, diagnose the existing process, redesign a process, use change management to reconstruct the organization in transition, and evaluate the results.

8. B. Authorization should be separate from all other activities. A second person should review
changes before implementation. Authorization will be granted if the change is warranted and
the level of risk is acceptable.

9. C. According to ISACA, the gateway operates at application layer 7 in the OSI model. The
function of the gateway is to convert data contained in one protocol into data used by a
different protocol. An example is a PC-to-mainframe gateway converting ASCII to mainframe
Extended Binary Coded Decimal Interchange Code (EBCDIC).

10. B. The purpose of the audit committee is to review and challenge assurances made, and to
maintain a positive working relationship with management and the auditors

11. B. The third layer of the OSI model is the Network layer. Use the memory tool of “Nor Do
I Throw Apples” to remember the layers of the TCP/IP model. The third layer of the TCP/IP
model is the Internet layer.

12. C. The four perspectives on the IT balanced scorecard are the customer perspective, business process perspective, financial perspective, and the growth perspective. Each of these seek to define the highest return by IT.

13. C. The sender and receiver each have their own public and private (secret) key pair. All the
other statements are false. Asymmetric keys are definitely used for creating digital signatures.
The sender would never use the recipient’s private key, only the recipient’s public key.

14. B. All emergency changes should still undergo the formal change management process after
the fact. The review determines whether the change should remain in place or be modified.

15. C. Any standing data should be purged from the equipment prior to disposal. Standing data
refers to information that can be recovered from a device by using any means.

16. A. The insurance company may dictate salvage to save money. Salvage will increase the delay before recovery. Any replacement purchases by the organization may not be covered under
reimbursement.

17. D. The wireless network may be using wired equivalent protocol (WEP); however, a firewall is still required to protect the internal network. The WEP design has been broken and is considered insecure under all conditions. In addition, new CISP regulations of the Senate Banking Committee with VISA, Mastercard, American Express, and Discover place $100,000 penalties per occurrence for any loss due to noncompliance.

18. B. Digital signatures provide authentication assurance of the email sender. Digital signatures
use the private key of the sender to verify identity.

19. A. Database views are used to implement least privilege and restrict the data that can be
viewed by the user.

20. B. It is not possible to create business continuity plans without a current Business Impact
Analysis (BIA). The BIA identifies critical processes and their dependencies. The critical processes will change as the business changes with new products and customers.

21. B. Procedures should be implemented to ensure that only approved program changes are
implemented. The purpose of separation of duties is to prevent intentional or unintentional
errors. A logical separation of duties may exist if a single person performs two job roles. The
ultimate objective is to ensure that a second person has reviewed and approved a change before
it is implemented.

22. C. Standards are mandatory, and any deviation would require justification. Exceptions are
rarely accepted.

23. B. The auditor must be independent of personal and organizational relationships with the
auditee, which could imply a biased opinion. The auditor is not permitted to audit a system for
which they participated in the support, configuration, or design. An auditor may not audit any
system that they helped to remediate.

24. A. Notice that analyzing the business impact is always the first step. Then criteria are
selected to guide the strategy selection. A detailed plan is written by using the strategy. The
written plan is then implemented. After implementation, the plan and staff are tested for
effectiveness. The plan is revised, and then the testing and maintenance cycle begins.

CISA Assessment Test

2009-05-18T16:36:00.004+07:00

1. What are the qualifications of the incident commander when responding to a crisis?
A. Member of management
B. First responder
C. Trained crisis manager
D. First person on scene

2. Which of the following would be a concern that the auditor should explain in the audit report
along with their findings?
A. Detailed list of audit objectives
B. The need by the current auditor to communicate with the prior auditor
C. Undue restrictions placed by management on evidence use or audit procedures
D. Communicating results directly to the chairperson of the audit committee

3. What are the different types of audits?
A. Forensic, accounting, verification, regulatory
B. Financial, compliance, administrative, SAS-74
C. Information system, SAS-70, regulatory, procedural
D. Integrated, compliance, operational, administrative

4. What indicators are used to identify the anticipated level of recovery and loss at a given point
in time?
A. RTO and SDO
B. RPO and ITO
C. RPO and RTO
D. SDO and IRO

5. What is the principal issue surrounding the use of CAAT tools?
A. The capability of the software vendor.
B. Documentary evidence is more effective.
C. Inability for automated tools to consider the human characteristics of the environment.
D. Possible cost, complexity, and the security of output.

6. Which is not a purpose of risk analysis?
A. Supports risk-based audit decisions
B. Assists the auditor in determining audit objectives
C. Ensures absolute safety during the audit
D. Assists the auditor in identifying risks and threats

7. Which of the following answers contains the steps for business process reengineering (BPR) in
proper sequence?
A. Diagnose, envision, redesign, reconstruct
B. Envision, initiate, diagnose, redesign, reconstruct, evaluate
C. Evaluate, envision, redesign, reconstruct, review
D. Initiate, evaluate, diagnose, reconstruct, review

8. Which of the following functions should be separated from the others if segregation of duties
cannot be achieved in an automated system?
A. Origination
B. Authorization
C. Correction
D. Reprocessing

9. At which layer of the OSI model does a gateway operate?
A. Layer 6
B. Layer 3
C. Layer 7
D. Layer 5

10. What is the purpose of the audit committee?
A. To provide daily coordination of all audit activities
B. To challenge and review assurances
C. To govern, control, and manage the organization
D. To assist the managers with training in auditing skills

11. What does the third layer of the OSI model equate to in the TCP/IP model?
A. Network
B. Internet
C. Data-Link
D. Transport

12. What are three of the four key perspectives on the IT balanced scorecard?
A. Business justification, service-level agreements, budget
B. Organizational staffing, cost reduction, employee training
C. Cost reduction, business process, growth
D. Service level, critical success factors, vendor selection

13. Which of the following statements is true concerning asymmetric-key cryptography?
A. Sender encrypts the files by using the recipientâ€™s private key.
B. Sender and receiver use the same key.
C. Sender and receiver have different keys.
D. Asymmetric keys cannot be used for digital signatures.

14. How should management act to best deal with emergency changes?
A. Emergency changes cannot be made without advance testing.
B. All changes should still undergo review.
C. The change control process does not apply to emergency conditions.
D. Emergency changes are not allowed under any condition.

15. What is one of the bigger concerns regarding asset disposal?
A. Residual asset value
B. Employees taking disposed property home
C. Standing data
D. Environmental regulations

16. Which of the following is the most significant issue to consider regarding insurance coverage?
A. Salvage, rather than replacement, may be dictated.
B. Premiums may be very expensive.
C. Coverage must include all business assets.
D. Insurance can pay for all the costs of recovery.

17. Which of the following is required to protect the internal network when a wireless access point
is in use?
A. Wireless encryption
B. Wired equivalent protection
C. Wireless application protocol
D. Network firewall.

18. Digital signatures are designed to provide additional protection for electronic messages in
order to determine which of the following?
A. Message deletion
B. Message sender verification
C. Message modification
D. Message read by unauthorized party

19. What is the primary purpose of database views?
A. Restrict the viewing of selected data.
B. Provide a method for generating reports.
C. Allow the user access into the database.
D. Allow the system administrator access to maintain the database.

20. Which of the following indicates why continuity planners can create plans without the Business
Impact Analysis (BIA) process?
A. Management already dictated all the key processes to be used.
B. Not possibleâ€”critical processes constantly change.
C. Business Impact Analysis is not required.
D. Risk assessment is acceptable.

21. Segregation of duties may not be practical in a small environment. A single employee may be
performing the combined functions of server operator and application programmer. The IS
auditor should recommend controls for which of the following?
A. Automated logging of changes made to development libraries
B. Procedures that verify that only approved program changes are implemented
C. Automated controls to prevent the operator logon ID from making program modifications
D. Hiring additional technical staff to force segregation of duties

22. The auditor is permitted to deviate from professional audit standards when they feel it is necessary
because of which of the following?
A. Standards are designed for discretionary use.
B. The unique characteristics of each client will require auditor flexibility.
C. Deviating from standards is almost unheard of and would require significant justification.
D. Deviation depends on the authority granted in the audit charter.

23. What does the principle of auditor independence mean?
A. It is not an issue for auditors working for a consulting company.
B. It is required for an external audit.
C. An internal auditor must undergo certification training to be independent.
D. The audit committee would bestow independence on the auditor.

24. What are the five phases of business continuity planning according to ISACA, for use on the
CISA exam? (Select the answer showing the correct phases and order.)
A. Analyze business impact, develop strategy, develop plan, implement, test plan
B. Analyze business impact, develop strategy, develop plan, test plan, implement
C. Analyze business impact, develop plan, implement, test plan, write the plan
D. Analyze business impact, write the plan, test strategy, develop plan, implement

Copyright 2007 Best E-book

My Last Words

2007-12-30T00:25:00.000+07:00

A human being is part of the whole, called by us the 'universe',
a part limited in time and space. He experiences himself,
his thoughts and feelings, as something separate from the rest
-a kind of optical delusion of consciousness.
This delusion is a kind of prison for us, restricting us to
our personal desires and to affection for a few persons nearest to us.
Our task must be to free ourselves from this prison by widening
our circle of compassion to embrace all living creatures
and the whole of nature in its beauty."

"It has become appallingly obvious that our technology has exceeded our humanity."

"With all my heart I believe the present system of sovereign nations
can lead only to war, barbarism, inhumanity, and
only through world law can we assure progress toward civilization."

" The ideals that lighted my way, and time after time have given me new courage
to face life cheerfully have been Kindness, Beauty and Truth."

Catatan Rumus Q

2007-08-22T17:51:00.000+07:00

Hubungan Gain Dengan Daya :

G=10Log(Po/Pi)

G= Gain (dB)
Po= Daya Output (watt)
Pi= Daya Input (watt)

*Jika hasil minus bararti terjadi redaman atau loss

Free Space Loss (Redaman Ruang Bebas)

Lfs=92,5+20Log S+20Log f

Lfs= Free Space Loss (dB)
S= Jarak (km)
f= Frekuensi (Hz)

Rx Signal Level (RSL)

RSL=Ptx+Gtx+Grx-Lfs

RSL= Rx Signal Level (dB)
Gtx= Gain Transmiter (dB)
Grx= Gain Receiver (dB)
Lfs= Free Space Loss (dB)

Gain Antena Parabolic

G=10Log Eff+20Lof f+20Log D+20,4

G= Gain (dB)
Eff= Effisiensi
D= Diameter Parabolic
f= Frekuensi

Lebar sudut pancaran (beamwidth) antena parabolic

BW = ((3*10^8/f)*57.29)/D * √Eff

BW= Beamwidth (deg)
f= Frekuensi
D= Diameter Parabolic
Eff= Effisiensi
*Beda dengan bandwith (lebar pita), kalau bandwidth : lebar suatu jalur yang dilewati data, kalau beamwidth : lebar sudut pancaran sinyal.

Jarak Titik Fokus Parabolic

F=D^2/(16*d)

F= Titik Fokus (m)
D= Diameter Parabolic
d= Kedalaman Parabolic