Course/Product Description Title: Intermediate IT Audit School Duration: 4 days Find A Class Near You: View Dates And Locations For This Seminar Description: From the EU Data Protection Act to Sarbanes-Oxley, recent regulations require organizations to ensure appropriate levels of protection for their critical information assets. In this practical, four day seminar you will immerse yourself in a blended risk- and compliance-based approach to IT auditing that will ensure the confidentiality, integrity, and availability of your information assets throughout the enterprise. Learning Objectives: How to apply COBIT® and ISO-27002 as an overall framework for your IT audits Identify authoritative sources for audit program requirements associated with major US and international government and industry legislation, standards, and frameworks, including SOX, HIPAA, GLBA, FFIEC, GAO/FISMA, PCI DSS, ITIL, OWASP Determine risk and compliance levels in such critical management and technical areas of the IT environment as governance, information security, operating systems, database management systems, network infrastructure security, application software design and change controls, physical security, and business continuity planning Each topic will be accompanied by summary checklists of key audit procedures and audit points, representing IT controls best practices. (Note: This seminar covers topics found in all chapters of the CISA Review Manual.) Bonus: You will receive the Standard Edition of the MIS Swiss Army Knife Reference listing hundreds of valuable information security and IT audit resources. Agenda 1. Risk Assessment and Audit Planning IT threats, risks and exposures risk definition IT risk assessment IT infrastructure risks dealing with risks: cost/risk balance information classification tools for IT risk assessment 2. Compliance Management: Regulations, Standards, and Frameworks types of common laws regulatory compliance challenges US and international regulatory laws and standards data breach, encryption, and other important state statute topics identifying and leveraging IT, IT audit and security frameworks using COBIT®, ISO 27001/27002, ITIL, GAO/FISMA, and other standards as a foundation for your IT audit framework integrating compliance requirements in the audit plan 3. IT Governance IT governance risks, responsibilities, and components IT steering (oversight) committee information security governance information security policies, standards, and procedures IT organization structure/responsibilities separation of duties IIA and ISACA governance audit standards outsourced IT operations and development audit procedures and checklists 4. Logical Access Controls common access control issues logical access controls user identification, authentication, and account management authorization and user access controls audit logs and monitoring security administration access controls for distributed, multi-tiered applications mobile device and application security audit procedures and checklists 5. Encryption Demystified encryption concepts encryption key management digital signatures public key infrastructure (PKI) and certificate authorities (CAs) encryption applications audit scoping for encryption controls audit procedures and checklists 6. Network Infrastructure Security network terminology network security risks and strategies OSI and TCP/IP network protocol models TCP/IP application risk analysis network address management firewalls, DMZ, and perimeter security intrusion detection/prevention systems (IDS/IPS) remote access and virtual private network (VPN) security wireless local area network (WLAN) security audit procedures and checklists sources of network security and audit tools 7. Operating System Software types of system software server and workstation operating systems virtualization and hypervisors system software integrity and risks logical access controls for operating system software auditing system security policies: software parameters software patch management controlling privileged users and programs audit procedures and checklists sources of operating system security and audit tools 8. Database Management Systems (DBMS) relational databases and DBMS Architectures Structured Query Language (SQL) data dictionary/master catalog and other key DBMS control points DBMS system and application roles and risks database management risks DBMS access controls and recovery tools audit procedures and checklists sources of DBMS security and audit tools 9. System Development and Change Management system development life cycle (SDLC) models system development: business risks audit’s role, project staffing, and SDLC audit strategies assessing project management system acquisition projects rapid application development (RAD) and end-user computing considerations reducing the attack surface: Web application security exposures and safeguards configuration management and change controls in a distributed computing environment audit procedures and checklists sources of secure software design and testing best practice references and tools 10. Business Continuity and Disaster Recovery Planning business continuity planning (BCP) vs. disaster recovery planning (DRP) business impact analysis (BIA) application recovery prioritization recovery point objectives (RPO) recovery time objectives (RTO) recovery plans and testing methods recovery site and telecommunications alternatives off-site processing and data storage controls lessons learned from 9/11, Katrina, and other major disasters audit procedures and checklists 11. Executing IT Audits strategies in IT audit planning tools and techniques for testing IT controls sources of industry best practice checklists and other resources for IT audit Prerequisite: IT Auditing and Controls, IT Audit School, or equivalent experience. Familiarity with basic IT controls terminology and concepts is assumed. Advance Preparation: None Learning Level: Intermediate Delivery Method: Group-Live Dates & Times Classes start on the date(s) posted herein, and run from 8:30am to 5pm daily, except for the last day of class, which ends at 1pm. Licenses / Designations / Educational Credits: CPE All US States: 30 About The Provider: Founded in 1978, MIS Training Institute is the international leader in audit and information security training, with offices in the USA, UK, and Asia. MIS’ expertise draws on experience gained in training more than 200,000 delegates across five continents. Helping audit and infosecurity professionals stay at the top of their game has always been at the core of MIS’ mission. To that end, MIS has developed and focused its seminars, conferences, and symposia on the wide-ranging needs of internal and IT auditors and information security practitioners who are charged with controlling complex systems and business environments. MIS’ unparalleled course curriculum covers the most up-to-the-minute topics, provides proven audit and security practices, and delivers the information needed to be successful in today’s organizations. All MIS programs are led by industry experts…hands-on pros who have been in the field and who practice what they teach. Attendees of MIS Training Institute events benefit from unbiased practices, proven strategies, and lessons learned in the real-world. MIS Training Institute is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing education on the National Registry of CPE Sponsors. NASBA Sponsor Number: 103321 Cancellation/Refund Policy A full refund less a $100 administrative fee will be given for cancellations received 15 days or more before the event. Tuition is non-refundable for cancellations made 14 days or less before the event. You may, however, transfer your tuition to another MIS Training Institute event, less a $195 administrative fee. Transfers are valid for 12 months from the time of initial cancellation. Substitutions are welcome at any time. Those who do not cancel before the event date and who do not attend are responsible for the full non-refundable, non-transferable tuition. Price: $2,595.00 More Info: Contact Us For More Information Tweet

Keywords For This Course:
Auditing