BAREFOOT IT AUDITOR

Developing Risk-Based Audit Programs

WORKSHOP overview
IT Auditing is a critical mix of specialised IT skills, report writing skills and auditing principles. This workshop skips all the pains of learning through trial-and-error and focusing directly on what is important during an audit. Use your newly acquired skills at your job and raise the bar of compliance.

BENEFITS
- Expert and certified trainers with subject matter expertise
- Develop effective risk analysis programs
- Develop effective audit programs
- With the ability to audit your own organisation, you will allow the organisation to keep there risks at an acceptable level all the time.

WHO SHOULD ATTEND?
- Information Security Staff that require a foundation in security reviews and technological risk management-
- Network and System Administrators
- IT Auditor
- Line Managers
- Risk and Compliance Officers

COURSE STYLE
This course is theoretical and the candidate will develop skills to successfully audit their organisations IT Infrastructure.

LEVEL and PRE-REQUISITES
- Understanding of network concepts including TCP/IP
- Knowledgeable experience with Microsoft Windows®

COURSE MATERIAL
- Bare Foot IT Auditor Manual;
- Audit and Risk Manager Application Personal Edition licensed to the learner (part of SPISAT ERM);
- Backtrack Open source Audit CD;
- Helix Forensic CD;
- Many standard audit programs;
- IT Audit DVD;
- Collection of commercial and open source tools on CD

Course Content

INTRODUCTION
Roles and responsibilities of an IT Auditor and Supporting roles
• Audit Fundamentals
    - Auditing Standards
• IT Audit Process
    - Notice period
    - Scope definition
    - Work papers and feedback
• Evidence and Work papers
    - Types of evidence
    - Custody of evidence and “fingerprinting”
• LAB Work – Audit Tools
    - Audit software empowering the auditor
    - Auditee requirements for a “living” audit process

TCP/IP NETWORKS AND OTHER PROTOCOLS
• Legacy protocols (SNA, IPX/SPX)

• TCP and UDP

• Risks in the network

• Focusing on protocols

• Understanding audit techniques

• Risks with specific protocols
• Encryption in communications

“ETHICAL HACKING” AND THE ECT ACT
• Ensuring you do not step outside the lines
• Access to Information – ACT
    - Your rights and that of the auditee
• Monitoring of information - ACT
    - Your rights
    - The rights of the custodian

COBIT AND ISO17799/27001
- Using standards for audits

- Expanding the audit pass the generic steps

- LAB Work – Network Audit
• Supporting King II, Sarbanes-Oxley and Base

NETWORK SECURITY COMPONENTS
• Physical Perimeter
• Logical Security perimeter Objects
• Access between objects

APPLICATION AUDITS
• Flat file databases
• Relational databases
• SQL databases (MS SQL, Oracle, Standard SQL/92)
• LAB work – Database and Application Audit

RISK ANALYSIS
• Business Impact analysis
• Tools and Techniques
• A formal program

CONTROL RISK AND SELF ASSEMSSMENT
• The user has the knowledge
• Running CRSA sessions
• A different reporting line

AUTOMATED’ AUDITING
• Tools and techniques
• ACL and WinIDEA
• Audit Findings and auditee feedback
• Continuous and automated auditing
SUPPORTING IT INFRASTRUCTURE
• Disaster Recovery
• Business Contingency
• Design documentation
• Lab Work(Risk Repository and the continuous audit process)

A COMPLETE AUDIT
• IT Auditor Toolbox
• Reporting Writing Skills
• Folow-up process
• LAB Work – A complete Audit

For Quotation and booking form

This e-mail address is being protected from spambots. You need JavaScript enabled to view it

Last Updated on Tuesday, 31 August 2010 11:03

Products

8-Jun-10 - DORMant (Domain Object Redundancy Manager) has a new extension. A service that runs in a domain and automates your reporting of redundant computers and users.

Security Tip

Giving back is important to the community. We are distributing some books and items which may be usefull for many users. <LINK>

Training