Intermediate IT Audit School

IT Audit

Overview

An IT auditor with the skills, knowledge, and competencies to help organizations navigate the complex environment of IT risks has never been in higher demand. Every organization in every industry has become aware of the importance of proactively identifying, evaluating, and monitoring IT risks.

This course will reinforce and enhance the principles of assessing IT risks. Participants will examine ways to incorporate and implement the elements of risk assessment and audit planning; identify and apply pertinent audit and security resources; utilize tools of evaluating logical security; evaluate risks within database management systems; monitor risks within change management; test network perimeter security and cloud computing; evaluate threats within the internet of things, and add value in the IT auditor’s organization regarding business continuity and disaster recovery planning and IT governance. The participant will also emerge with increased skills regarding effective communication and presentation of the results of the IT audit to various levels of leadership within the organization. The participant will be engaged through case studies of real-life examples and scenarios and acquire a wealth of resources, templates, and guides that can be adapted to and incorporated into any industry.

Why you should take this course.

For users with an introductory knowledge of this topic, and are searching for additional information and its application.

Here are the topics we'll cover.

  1. Risk Assessment and Audit Planning

    • IT risk definition
    • IT threats and risks
    • Building the IT audit program
  2. Audit and Security Resources

    • NIST cybersecurity framework
    • Center for Internet Security (CIS)
    • COSO
    • COBIT
    • IIA GTAGs
    • ISO 27000 Security Standards
    • FISMA – NIST SP800-53 R5
  3. Logical Security

    • Logical security concepts
    • Social engineering
    • Malware
    • User identification and authentication
    • User authorization
    • Privileged access monitoring
    • Log management
    • Vulnerability assessments
    • Middleware
    • Virtualization
    • Audit considerations
  4. Database Management Systems (DBMS)

    • Database management system concepts
    • Relational databases
    • Non-relational databases
    • DBMS audit considerations
  5. Change Management

    • Change management
    • Patch management
    • Security configuration management (SCM)
  6. Network Perimeter Security

    • Network perimeter security concepts
    • OSI network protocol model
    • Network ports and services
    • Network addressing
    • Firewalls
    • Demilitarized zone (DMZ)
    • Intrusion detection systems (IDS/IPS)
    • Zero-trust models
    • Endpoint security
    • Virtual private networks (VPNs)
    • Wireless
  7. Cloud Computing

    • Cloud characteristics
    • Cloud service models
    • Cloud deployment models
    • Cloud security
    • Cloud security organizations
    • Cloud SOC reports
    • Cloud risks
    • Audit considerations – contract
    • Audit considerations – ongoing
  8. Internet of Things (IoT)

    • Defining the internet of things (IoT)
    • IoT Improvement Act
    • Code of Practice for Consumer IoT Security
    • NIST considerations for IoT
    • IoT security foundation
    • OWASP Top 10 Risks
  9. Business Continuity and Disaster Recovery Planning

    • Disaster recovery planning (DRP) concepts
    • Disaster recovery planning (DRP) components
    • Disaster recovery planning (DRP) audit considerations
  10. IT Governance

    • Defining IT governance
    • IT governance – ISACA Guidance
    • IT governance – IIA Guidance
  11. Organization and Presentation of Information

    • Key components and strategies

Learning Style

Instructor Led

Level

Intermediate

Who this course is for

Senior IT Auditors, Technologists, and Information Security Managers and Analysts with 2+ years of experience looking to increase their ability to move into a position of IT audit.

NASBA Certified CPE

32 credits

Field of Study

Auditing

Length of course

32h

Prerequisites

IT Audit School
or equivalent experience

Advanced Preparation

None
Start Learning Today
Stay ahead of the curve and future-proof your business with training programs designed for you.
Contact Sales

Here are the learning objectives we'll cover

  • List key characteristics, advantages, and disadvantages of virtualization.
  • Assess key considerations when preparing audit programs of virtualized environments.
  • Outline key considerations when preparing audit programs of virtualization disaster recovery programs.
  • List key risks and controls related to virtualized environments.

Attendance policy for on-site and online instructor-led training

Students are expected to arrive on time for classes with the proper materials and attitude. An overall attendance rate of 100% is expected to fully absorb the materials and to complete labs. If you have an expected absence, please email support@acilearning.com or your instructor ahead of time. The number of CPEs awarded will be equivalent to the number of hours attended.

ACI Learning is registered with NASBA

ACI Learning is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website: https://www.nasbaregistry.org/