IT Audit. Practical Cases

The “IT AUDIT” trainings will allow participants to gain a wide set of knowledge to plan, perform IT audits and manage IT audit enterprise programs.

You will have all required skills to face the most difficult problems, which include:

• audit planning and reporting
• business continuity audit
• software development and system implementation lifecycle audit
• operating systems, databases, network equipment configuration audit

This is solely practical training! You immediately will work. The training adopted for an audience which represents students with completely different background. If you just a novice, you will be solving simple tasks. If you’re professional, you will have a set of very sophisticated tasks.

The obtained experience will mandatory increase your value for employees and customers, and bring a tremendous level of a professional confidence to you personally.

We recommend this training for:

• IT auditors
• IT security specialists
• IT quality specialists
• IT managers

COURSE AGENDA

Section 1: IT audit

• IT assurance framework (ITAF).
• Audit charter/mandate for the audit.
• Auditor independence.
• Professional due care.
• Audit assertions.
• Audit criteria.

• ISACA audit programs.
• IIA audit guidelines.
• Trust services principles and criteria
• Cobit 5
• ISO27001
• Other sources of criteria
• Audit planning. Risk-based planning.
• Audit performance.
• Materiality of audit findings.
• Audit evidence.
• Evidence collection methods
• Audit sampling.
• Using the work of other experts.
• Reporting.
• Handling illegal acts.
• Audit follow-up.
• Control environment
• Control design
• Control effectiveness
• Control monitoring
• Practical workshop.

Section 2: IT governance and management

• IT strategy
• IT architecture
• IT metrics
• IT organization
• IT service management

• Service catalog
• Incident management
• Change management
• Release management
• Problem management
• IT investments
• IT risks
• End-user computing.
• Shadow IT
• Cloud IT
• BYOD
• IT outsourcing
• Practical workshop.

Section 3: Information systems development and implementation

• System implementation and development lifecycle.
• Project management control frameworks.
• System development methodologies.
• Project business case.
• Feasibility study.
• Requirements specification.
• Design and Architecture.
• Procurement process.
• Coding.
• Implementation.
• Testing
• Handover to production.
• Operational support.
• Decommissioning.
• Migrations.
•  Project closure.
•  Practical workshop.

Section 4: IT operations

• Inventory and asset management.
• Patch management.
• Hardware maintenance.
•  Licensing.
• Capacity planning.
• Performance and availability monitoring.
• Utilities
•  Datacenter management
•  Network physical infrastructure
•  Practical workshop.

Section 5: Business continuity and disaster recovery

• Business continuity management
• Business continuity project initiation and management.
•  Business impact assessment.
• RTO/RPO
• Recovery strategies.
• Business continuity plan testing.
• Disaster phases:

• Preparation.
•  Initial response
• Restoration
• Recovery
• Post-incident activities
• Practical workshop.

Section 6: Information security assurance

• Information security policies, standards and procedures
• Information security roles and organizational structures.
• Human resource security
•  Data classification and handling
•  Key processes.
• Information security risk management.
•  Incident handling.
• Awareness programs.
•  Identity and access management.
• IDS/IPS
• DLP
• SIEM
•  PKI
• 802.11x, NAP and network access control
• Remote access and teleworking risks
• Rights management
• Antimalware solutions
•  Physical security controls
• Fraud controls
• Practical workshop.

Section 7: Audit considerations

• ERP audit
• CRM audit
• VOIP
• Virtualization
• Practical workshop.

Labs:

• Windows audit
• Linux audit
• Networking, VPN and Firewall audit
• PKI audit
• Database audit (MySQL and Oracle)
• Web application audit (PHP)
• Mobile application audit (android)

For whom it is intended:

• System administrator
• System engineer