Assessing IT General Controls
On-Demand - 12 CPE
Internal and external auditors in today's complex organizations must understand information systems and be able to function within a technical environment. This on-demand class provides the important concepts of information technology you need to know in order to address key IT infrastructure risks.
During this class you will examine the IT general controls to assess the confidentiality, integrity and availability of protection over your information assets. The session will concentrate on determining risks in critical IT infrastructure areas and the key controls that can reduce those enterprise risks.
This class is designed for IT Auditors, Financial and Business Auditors, Internal and External Auditors, and Audit Management.
Topics covered in this 12-CPE class will include:
IT Risks
· IT Risk Definition
· Information Security Objectives
· Data Breach Commonalities
· Defense in Depth
· Security & Control Resources
o IIA Global Technology Audit Guides (GTAGs)
o ISACA COBIT
o NIST Cybersecurity Framework (CSF)
o Center for Internet Security (CIS) Controls
Performing Integrated Audits
· Defining Integrated Auditing
· Scoping Integrated Audits
· Business and Application Controls
· Integrated Audits - Challenges
· COSO – Principle-11
IT Operations
· IT Asset Management
· IT Vulnerability Management
· Incident Response Management
· Malware / Ransomware
Access Management
· User Identification and Authentication
· Single Sign-On
· Authorization Controls
· Separation of Duties
· Controlling Privileged Access
· Audit Trail & Review
· Log Management
Change, Patch & Configuration Mgt
· Change Management
· Patch Management
· Security Configuration Management
Network Perimeter Security
· Network Risks
· Firewalls
· Demilitarized Zone (DMZ)
· Intrusion Detection / Prevention Systems
· Protecting Sensitive Information / Encryption
Web Application Risks
· Web Application Risks
· Web Applications / Web Servers / DMZ
· OWASP Top-10 Web Application Security Risks
· Web Application Vulnerability Scanning
Cloud Computing
· Cloud Security Incidents
· Defining Cloud Characteristics
· Cloud Benefits and Risks
· Cloud Security Organizations- CSA, FedRamp
· Assessing Cloud Controls
Middleware, API, EDI
· Middleware
· API - Application Programming Interface
· EDI - Electronic Data Interchange
Assessing Systems Development Projects
· Software Development Risks
· Audit's Primary Objectives
· Staffing the Audit
· Traditional / Waterfall Development Model
· Agile Development Model
· Assessing Project Management
· Assessing System Implementation Plans
Disaster Recovery Planning
· Business Impact Analysis (BIA)
· Recovery Time Objective (RTO)
· Recovery Point Objective (RPO)
· Disaster Recovery Strategy
· Disaster Recovery Strategy Components
NOTE: This course material is covered in the 24-CPE Assessing IT Risks & Controls on-demand learning class. If you have taken the 24-CPE Assessing IT Risks & Controls course, please view our other course offerings for new materials.
Course Curriculum
Featured Courses
See featured courses below. Click on View All Products below to see all courses offered.
