Utilizing World-Class IT Security & Control Resources

On-Demand – 2 CPE

Auditors in today's complex organizations must understand information systems and be able to function within a technical environment. To that end, auditors need to bring a systematic, disciplined approach to evaluate and improve the effectiveness of IT related risk management, control, and governance processes.

Financial auditors use standards such as GAAP and IFRS to assess financial reporting processes. Unfortunately, there is no required equivalent in the IT world. What framework or standard used (if any!) by IT Management depends on what they elect to use.

To fully maximize IT Audit planning, execution and reporting, auditors should use appropriate internationally recognized IT security and control frameworks and standards.

This on-demand class will provide a review of key internationally recognized frameworks and standards and a methodology of how to select the appropriate resource to use. At the conclusion of this session, the IT Auditor will be able to determine the best fit to enhance the overall effectiveness of the audit conclusions.

This class is designed for IT Auditors, Financial and Business Auditors, Internal and External Auditors, and Audit Management.

Security & control resources covered in this 2-CPE class will include:

·      Center for Internet Security (CIS) Critical Controls

·      GAO FISCAM - Federal Information System Controls Audit Manual

·      IIA Global Technology Audit Guides (GTAGs)                  

·      ISACA COBIT®

·      ISO-27001 - Information Security Management System (ISMS).

·      ISO-27002 - IT Security Standard

·      NIST Cybersecurity Framework (CSF)

·      NIST 800-53 - FISMA - Federal Information Security Modernization Act

·      OWASP – Open Web Application Security Project