The “IT AUDIT” trainings will allow participants to gain a wide set of knowledge to plan, perform IT audits and manage IT audit enterprise programs. You will have all required skills to face the most difficult problems, which include:
audit planning and reporting
business continuity audit
software development and system implementation lifecycle audit
operating systems, databases, network equipment configuration audit
Target Audience:
This is solely practical training! You immediately will work. The training adopted for an audience which represents students with completely different background. If you just a novice, you will be solving simple tasks. If you're professional, you will have a set of very sophisticated tasks. The obtained experience will mandatory increase your value for employees and customers, and bring a tremendous level of a professional confidence to you personally. We recommend this training for:
IT auditors
IT security specialists
IT quality specialists
IT manager
Section 1: IT audit
IT assurance framework (ITAF).
Audit charter/mandate for the audit.
Auditor independence.
Professional due care.
Audit assertions.
Audit criteria.
ISACA audit programs.
IIA audit guidelines.
Trust services principles and criteria
Cobit 5
ISO27001
Other sources of criteria
Audit planning. Risk-based planning.
Audit performance.
Materiality of audit findings.
Audit evidence.
Evidence collection methods
Audit sampling.
Using the work of other experts.
Reporting.
Handling illegal acts.
Audit follow-up.
Control environment
Control design
Control effectiveness
Control monitoring
Practical workshop.
Section 2: IT governance and management
IT strategy
IT architecture
IT metrics
IT organization
IT service management
Service catalog
Incident management
Change management
Release management
Problem management
IT investments
IT risks
End-user computing.
Shadow IT
Cloud IT
BYOD
IT outsourcing
Practical workshop.
Section 3: Information systems development and implementation
System implementation and development lifecycle.
Project management control frameworks.
System development methodologies.
Project business case.
Feasibility study.
Requirements specification.
Design and Architecture.
Procurement process.
Coding.
Implementation.
Testing
Handover to production.
Operational support.
Decommissioning.
Migrations.
Project closure.
Practical workshop.
Section 4: IT operations
Inventory and asset management.
Patch management.
Hardware maintenance.
Licensing.
Capacity planning.
Performance and availability monitoring.
Utilities
Datacenter management
Network physical infrastructure
Practical workshop.
Section 5: Business continuity and disaster recovery
Business continuity management
Business continuity project initiation and management.
Business impact assessment.
RTO/RPO
Recovery strategies.
Business continuity plan testing.
Disaster phases:
Preparation.
Initial response
Restoration
Recovery
Post-incident activities
Practical workshop.
Section 6: Information security assurance
Information security policies, standards and procedures
Information security roles and organizational structures.
Human resource security
Data classification and handling
Key processes.
Information security risk management.
Incident handling.
Awareness programs.
Identity and access management.
IDS/IPS
DLP
SIEM
PKI
802.11x, NAP and network access control
Remote access and teleworking risks
Rights management
Antimalware solutions
Physical security controls
Fraud controls
Practical workshop.
Section 7: Audit considerations
ERP audit
CRM audit
VOIP
Virtualization
Practical workshop.
Labs:
Windows audit
Linux audit
Networking, VPN and Firewall audit
PKI audit
Database audit (MySQL and Oracle)
Web application audit (PHP)
Mobile application audit (android)
