Intermediate IT Audit School

An IT auditor with the skills, knowledge, and competencies to help organizations navigate the complex environment of IT risks has never been in higher demand. Every organization in every industry has become aware of the importance of proactively identifying, evaluating, and monitoring IT risks.

This course will reinforce and enhance the principles of assessing IT risks. Participants will examine ways to incorporate and implement the elements of risk assessment and audit planning; identify and apply pertinent audit and security resources; utilize tools of evaluating logical security; evaluate risks within database management systems; monitor risks within change management; test network perimeter security and cloud computing; evaluate threats within the internet of things, and add value in the IT auditor’s organization regarding business continuity and disaster recovery planning and IT governance. The participant will also emerge with increased skills regarding effective communication and presentation of the results of the IT audit to various levels of leadership within the organization. The participant will be engaged through case studies of real-life examples and scenarios and acquire a wealth of resources, templates, and guides that can be adapted to and incorporated into any industry.

Why you should take this course.

For users with an introductory knowledge of this topic, and are searching for additional information and its application.

Here are the topics we'll cover.

1. Risk Assessment and Audit Planning

   • IT risk definition
   • IT threats and risks
   • Building the IT audit program

2. Audit and Security Resources

   • NIST cybersecurity framework
   • Center for Internet Security (CIS)
   • COSO
   • COBIT
   • IIA GTAGs
   • ISO 27000 Security Standards
   • FISMA – NIST SP800-53 R5

3. Logical Security

   • Logical security concepts
   • Social engineering
   • Malware
   • User identification and authentication
   • User authorization
   • Privileged access monitoring
   • Log management
   • Vulnerability assessments
   • Middleware
   • Virtualization
   • Audit considerations

4. Database Management Systems (DBMS)

   • Database management system concepts
   • Relational databases
   • Non-relational databases
   • DBMS audit considerations

5. Change Management

   • Change management
   • Patch management
   • Security configuration management (SCM)

6. Network Perimeter Security

   • Network perimeter security concepts
   • OSI network protocol model
   • Network ports and services
   • Network addressing
   • Firewalls
   • Demilitarized zone (DMZ)
   • Intrusion detection systems (IDS/IPS)
   • Zero-trust models
   • Endpoint security
   • Virtual private networks (VPNs)
   • Wireless

7. Cloud Computing

   • Cloud characteristics
   • Cloud service models
   • Cloud deployment models
   • Cloud security
   • Cloud security organizations
   • Cloud SOC reports
   • Cloud risks
   • Audit considerations – contract
   • Audit considerations – ongoing

8. Internet of Things (IoT)

   • Defining the internet of things (IoT)
   • IoT Improvement Act
   • Code of Practice for Consumer IoT Security
   • NIST considerations for IoT
   • IoT security foundation
   • OWASP Top 10 Risks

9. Business Continuity and Disaster Recovery Planning

   • Disaster recovery planning (DRP) concepts
   • Disaster recovery planning (DRP) components
   • Disaster recovery planning (DRP) audit considerations

10. IT Governance

    • Defining IT governance
    • IT governance – ISACA Guidance
    • IT governance – IIA Guidance

11. Organization and Presentation of Information

    • Key components and strategies