Intermediate IT Audit School: Risk Assessment, Planning and Security Resources

An IT auditor with the skills, knowledge, and competencies to help organizations navigate the complex environment of IT risks has never been in higher demand. Every organization in every industry has become aware of the importance of proactively identifying, evaluating, and monitoring IT risks. This course will reinforce and enhance the principles of assessing IT risks.

Participants will examine ways to incorporate and implement the elements of risk assessment and audit planning; identify and apply pertinent audit and security resources; utilize tools of evaluating logical security; evaluate risks within database management systems; monitor risks within change management; test network perimeter security and cloud computing; evaluate threats within the internet of things, and add value in the IT auditor’s organization regarding business continuity and disaster recovery planning and IT governance.

The participant will also emerge with increased skills regarding effective communication and presentation of the results of the IT audit to various levels of leadership within the organization. The participant will be engaged through case studies of real-life examples and scenarios and acquire a wealth of resources, templates, and guides that can be adapted to and incorporated into any industry.

Topics covered include business IT definitions, types of threats and risks, building the IT audit program, NIST Cybersecurity Framework, Center for Internet Security (CIS) controls, COSO, COBIT, IIA GTAGs, ISO 27000 security standards and FISMA – NIST SP 800-53 R5.

CPE: 6.5

Who should attend:

Senior IT Auditors, Technologists, and Information Security Managers and Analysts with 2+ years of experience looking to increase their ability to move into a position of IT audit leadership.

Here are the topics we'll cover.

1. Course Overview
2. IT Risk Assessment and Audit Planning
3. Audit and Security Resources