Foundations of IT Auditing
IT systems are fundamental to many of the controls that need to be audited for organizations today. Auditors must have a foundational understanding of networks and systems and the controls that should be in place. During this course, we discuss the principles around IT controls, the primary regulatory drivers for IT audit, the audit process, and the primary IT audit controls that auditors should be aware of, including network controls, encryption controls, access controls, policies, physical security, logging requirements, SDLC and change control, BDP/DRP controls and more. Students will walk away with a foundational understanding of what an IT audit involves and be ready to participate in an IT audit with the guidance of an experienced IT auditor.
CPE:
21
Program Level:
Beginner
Delivery Method:
Live
Cost :
$990 for this live 3 day course
Course Contents/Objectives
I. Foundations
• Types of Audit Risk
• Major regulatory and industry drivers of IT audit
• A brief overview of SOX, PCI, GLBA, HIPAA, GDPR and more
• SOC reports
• IT audit frameworks
II. IT Audit Process
• Audit objectives
• Audit Preparation
• Entrance meeting
• Fieldwork
• Exit Meeting
• Reporting
III. Auditing networks
• OSI model
• Audit controls for networks
• Key infrastructure and network components
• Firewalls, including NextGen and Application Firewalls
• IDS/IPS
• Devices in the DMZ
• Vulnerability Scanning
• Threat Hunting
IV. Policy
V. Physical Security
• Physical Security Controls for Facilities
• Physical Security Controls for Data Center
• Physical Security Considerations for the Cloud
VI. Applications, Databases and Operating Systems
• Databases and database management systems operations
• Database security controls
• Common operating system controls
• Common application controls
VII. Encryption
• Symmetric
• Asymmetric
• Hashes
• Common attacks against crypto systems
• Steps to Audit Encryption
VIII. Users and Access Control
• SOD for IT
• User and Access Management
• User provisioning
• User termination procedures
IX. Auditing Third Party IT Risk
• Elements of a third-party risk program
• Third-party risk management process
• Contracts
• Monitoring
X. Logging
• Log Management
• SIEM
• Responding to Incidents
XI. Software and Applications
• Software, SDLC and Change Control
• Artificial Intelligence
• Configuration Management
• Application Architecture
• Change Management
• Development, Test and Production Environments
XII. BCP/DRP
• Business Continuity Planning
• Disaster Recovery
• Business Impact Analysis
• Checklist for Auditing BCP
Laptop Required
Students are required to have a laptop in order to complete the hands-on exercises. The laptop should meet the following specifications for the student to get the most from the exercises:
• 16 GB RAM or higher
• 25 GB available hard drive space
• Windows 10 professional or later (Home or similar editions will not have some of the features needed.)
• Administrator privileges including the capability to install and run tools, as well as disable anti-virus
• VMWare Player should be installed
Target Audience
• Internal Auditors
• IT Specialist Auditors
• IT Auditors
• IT Audit Managers
• Information System Auditors
• Information Technology Auditors
• Information Security Officers
Prerequisites
Participants should be familiar with Internet technologies and commonly used Internet security controls. No other advance preparation is required.
What People Say About Us
Kendall
Ashley
Joel