This intensive course provides the perfect starting point for someone new to Information Systems Auditing. This course aligns to the latest standards and best practice approaches and is updated each year.
Who is this course for?
This course is open to all, but an understanding of audit terminology and of the risk-based auditing process is assumed. This course is hosted by IIA Sweden.
What will I learn?
Upon completion you will be able to:
- Identify risks and controls that impact an organisation’s information processing;
- Perform reviews of live application systems;
- Perform reviews of systems under development;
- Review physical security within the organisation;
- Review contingency and business resumption plans;
- Review logical security; and
- Perform elementary network reviews.
The course is accompanied by a softcopy manual that contains course text, practical examples and will be accompained by work programmes to use on return to work.
Course programme
RISKS ASSOCIATED WITH SYSTEMS
- Generic IT risks – confidentiality, availability, integrity, and accountability
- Specific IT risks – those associated with applications or services
- Creating an Audit Plan for IT – the IT Audit Universe
AUDITING LIVE SYSTEMS USING A RISK BASED APPROACH
- Control by design
- Where to look for controls
AUDITING NEW SYSTEMS AND CHANGE
- Formal methods and Semi-formal methods
- Rapid application development – RAD
- Agile
AUDITING IT CONFIGURATION AND CHANGE MANAGEMENT
- Configuration Management – key questions for reviewers
- Change Management – key questions for reviewers
PHYSICAL SECURITY
LOGICAL SECURITY
- Registration, Identification, Authentication, Authorisation and Logging
- The user community – finding them, extracting them
- Permissions or authorisations
- Event logging – journals – trails
- Systems administration
CONTINGENCY AND DISASTER AVOIDANCE
- ISO 27031
- Determining the range of services that you require and their priority
- Additional supplier support options to supplement organisational capacity
- Maintaining the plan
- Testing the plan
SIMPLE NETWORKING TERMINOLOGY AND CONCEPTS
- Network terminology – short and long haul – LAN / WLAN and WAN
- Network diagrams – contextual, logical, physical
- LAN – Local Area Network
- WANs – Wide Area Networks
- Switches – separating parts of networks – segmenting networks
- Routers – the traffic policemen controlling flow according to rules and a route map
- Firewalls – blocking the unacceptable by checking moving traffic against rules
- General issues to consider with WANs, WLANs and LANs
- Key questions to probe concerning network risk
Teacher
- Stan Dormer, Takes place online, via Teams. Details will be sent to participants in advance of the course.
CPE points
- 13
