job Fordypning

Online: Introduction to Information Systems Auditing

This intensive course provides the perfect starting point for someone new to Information Systems Auditing. This course aligns to the latest standards and best practice approaches and is updated each year.

Who is this course for?

This course is open to all, but an understanding of audit terminology and of the risk-based auditing process is assumed.

In cooperation with IIA Sweden, we are happy to introduce you to the following:

What will I learn?

Upon completion you will be able to:

  • Understand relevant best practices;
  • Identify laws, risks and controls that impact an organisation’s information processing;
  • Perform reviews of live application systems;
  • Perform reviews of systems under development;
  • Review information security policies and physical security within the organisation;
  • Review contingency and business resumption plans;
  • Review logical security; and
  • Perform elementary network reviews.

The course is accompanied by a manual that contains full course text, practical and detailed work programmes to use on return to work.

Course programme

RISKS ASSOCIATED WITH SYSTEMS

  • Generic IT risks – confidentiality, availability, integrity, and accountability
  • Specific IT risks – those associated with applications or services
  • Creating an Audit Plan for IT – the IT Audit Universe

AUDITING LIVE SYSTEMS USING A RISK BASED APPROACH

  • Where to look for controls

AUDITING NEW SYSTEMS AND CHANGE

  • Formal methods
  • Semi-formal methods – prototyping
  • Rapid application development – RAD
  • Agile

AUDITING IT CONFIGURATION AND CHANGE MANAGEMENT

  • Configuration Management – key questions for reviewers
  • Change Management – key questions for reviewers

PHYSICAL SECURITY

LOGICAL SECURITY

  • Registration, Identification, Authentication, Authorisation and Logging
  • The user community – finding them, extracting them
  • Permissions or authorisations
  • Event logging – journals – trails
  • Granting permissions, rights and privileges
  • Systems administration

CONTINGENCY AND DISASTER AVOIDANCE

  • ISO 27031
  • Top management commitment
  • Determining the range of services that you require and their priority
  • Additional supplier support options to supplement organisational capacity
  • Insurance
  • Maintaining the plan
  • Testing the plan

SIMPLE NETWORKING TERMINOLOGY AND CONCEPTS

  • Network terminology – short and long haul – LAN / WLAN and WAN
  • Network diagrams – contextual, logical, physical
  • LAN – Local Area Network
  • WANs – Wide Area Networks
  • Switches – separating parts of networks – segmenting networks
  • Routers – the traffic policemen controlling flow according to rules and a route map
  • Firewalls – blocking the unacceptable by checking moving traffic against rules
  • General issues to consider with WANs, WLANs and LANs
  • Key questions to probe concerning network risk

Presented by 
Stan Grove, Mindgrove Ltd

Denne aktiviteten har gått ut