Background
The IT Security Audit course is designed to provide practical view in conducting IT audit and assurance in one organization. The course is designed to support professional staffs to expand their understanding of information technology (IT) audit.
The course presents a more in-depth view on the fundamentals of IT auditing by highlighting on topics such as: IT audit and control analysis, examination of control evidence in conducting IT audit, application control, Operating System and IT Infrastructure audit, and management of IT audit.
The course will include discussion and exercises related to general control examinations and application system auditing. The course will also focus on control research and analysis for IT-related topic areas. In addition, through discussion and exercises, participants will gain a working understanding of the process of developing audit work programs encompassing all elements of IT infrastructures.
Participants will be expected to gain a working understanding of how to identify, reference and implement IT management and control policies, standards and related auditing standards. Regarding the latter, the objective is to learn how to identify and interpret the requirements of the standards and. implement the standards in auditing process.
IT Secuity Auditing covers the latest auditing tools alongside real-world examples, ready-to-use checklists, and valuable templates.
Each class session will include discussion on an IT audit management, security, control or audit issues that participants should be familiar with.
Objectives
- Participants shall obtain an expanded understanding on the role of IT auditors in evaluating IT-related operational and control risk and in assessing the appropriateness and adequacy of management control practices and IT-related controls inside participants’ organization, with the focus on IT infrastructures
- The partipants shall obtain the capabilityon how to analyze Windows, UNIX, and Linux systems; secure databases; examine wireless networks and devices; and audit applications. Plus, participants get up-to-date information on legal standards and practices, privacy and ethical issues, and the CobiT standard.
- Participants shall obtain the capability in conducting IT audit and implement techniques in performing assurance, attestation, and audit engagements
- Capability to build and maintain an IT audit function within the organization with maximum effectiveness and value
- Participants shall obtain an expanded familiarity with the principle references in IT governance, control and security as related to IT audit
- Participants shall obtain the working ability to plan, conduct, and report on information technology audits with specific focus on infrastructure vulnarability assesment and assurance, and drill down upon application vulnarabilities
- Participants shall obtain an understanding of the role of IT auditors regarding IT-related compliance and regulatory audits, such as evaluating control standards
-
- Capability to use best prractices and methodologies such as: COSO, CobiT, ITIL, ISO, and NSA INFOSEC
Audience:
- IT Managers
- Security Managers
- Auditing Staffs
- IT Operation Staffs
Contents
- Audit Overview
- Building an Effective Internal IT Audit Function
- The Audit Process
- Auditing Techniques
- Auditing Entity-Level Controls
- Auditing Data Centers and Disaster Recovery
- Auditing Switches, Routers, and Firewalls
- Auditing Windows Operating Systems
- Auditing Unix and Linux Operating Systems
- Auditing Web Servers
- Auditing Databases
- Auditing Applications
- Auditing WLAN and Mobile Devices
Methods :
- Presentation
- Discussion
- Case Study
Lead Instruktur
Dr. Ir. Fauzi Hasan. MM, MBA, and Team