This intensive course provides the perfect starting point for someone new to Information Systems Auditing. This course aligns to the latest standards and best practice approaches and is updated each year.
Who is this course for?
This course is open to all, but an understanding of audit terminology and of the risk-based auditing process is assumed. The course is offered in cooperation with IIA Sweden.
What will I learn?
Upon completion you will be able to:
- Identify risks and controls that impact an organisation’s information processing;
- Perform reviews of live application systems;
- Perform reviews of systems under development;
- Review physical security within the organisation;
- Review contingency and business resumption plans;
- Review logical security; and
- Perform elementary network reviews.
The course is accompanied by a softcopy manual that contains course text, practical examples and will be accompained by work programmes to use on return to work.
RISKS ASSOCIATED WITH SYSTEMS
- Generic IT risks – confidentiality, availability, integrity, and accountability
- Specific IT risks – those associated with applications or services
- Creating an Audit Plan for IT – the IT Audit Universe
AUDITING LIVE SYSTEMS USING A RISK BASED APPROACH
- Control by design
- Where to look for controls
AUDITING NEW SYSTEMS AND CHANGE
- Formal methods and Semi-formal methods
- Rapid application development – RAD
AUDITING IT CONFIGURATION AND CHANGE MANAGEMENT
- Configuration Management – key questions for reviewers
- Change Management – key questions for reviewers
- Registration, Identification, Authentication, Authorisation and Logging
- The user community – finding them, extracting them
- Permissions or authorisations
- Event logging – journals – trails
- Systems administration
CONTINGENCY AND DISASTER AVOIDANCE
- ISO 27031
- Determining the range of services that you require and their priority
- Additional supplier support options to supplement organisational capacity
- Maintaining the plan
- Testing the plan
- SIMPLE NETWORKING TERMINOLOGY AND CONCEPTS
- Network terminology – short and long haul – LAN / WLAN and WAN
- Network diagrams – contextual, logical, physical
- LAN – Local Area Network
- WANs – Wide Area Networks
- Switches – separating parts of networks – segmenting networks
- Routers – the traffic policemen controlling flow according to rules and a route map
- Firewalls – blocking the unacceptable by checking moving traffic against rules
- General issues to consider with WANs, WLANs and LANs
- Key questions to probe concerning network risk
Stan Dormer, Mindgrove Ltd
You will obtain 13 CPE’s for attending this class.