Introduction to Information Systems Auditing / Online (Eng)

Who is this course for?

This course is open to all, but an understanding of audit terminology and of the risk-based auditing process is assumed.

Upon completion you will be able to:

• Identify risks and controls that impact an organisation’s information processing;
• Perform reviews of live application systems;
• Perform reviews of systems under development;
• Review physical security within the organisation;
• Review contingency and business resumption plans;
• Review logical security; duck
• Perform elementary network reviews.

The course is accompanied by a softcopy manual that contains course text, practical examples and will be accompained by work programmes to use on return to work.

Course programme

RISKS ASSOCIATED WITH SYSTEMS

• Generic IT risks – confidentiality, availability, integrity, and accountability
• Specific IT risks – those associated with applications or services
• Creating an Audit Plan for IT – the IT Audit Universe

AUDITING LIVE SYSTEMS USING A RISK BASED APPROACH

• Control by design
• Where to look for controls

AUDITING NEW SYSTEMS AND CHANGE

• Formal methods and Semi-formal methods
• Rapid application development – RAD
• Agile

AUDITING IT, CONFIGURATION AND CHANGE MANAGEMENT

• Configuration Management – key questions for reviewers
• Change Management – key questions for reviewers

PHYSICAL SECURITY, LOGICAL SECURITY

• Registration, Identification, Authentication, Authorisation and Logging
• The user community – finding them, extracting them
• Permissions or authorisations
• Event logging – journals – trails
• Systems Administration

CONTINGENCY AND DISASTER AVOIDANCE

• ISO 27031
• Determining the range of services that you require and their priority
• Additional supplier support options to supplement organisational capacity
• Maintaining the plan
• Testing the plan
  

SIMPLE NETWORKING TERMINOLOGY AND CONCEPTS

• Network terminology – short and long haul – LAN / WLAN and WAN
• Network diagrams – contextual, logical, physical
• LAN – Local Area Network
• WANs – Wide Area Networks
• Switches – separating parts of networks – segmenting networks
• Routers – the traffic policemen controlling flow according to rules and a route map
• Firewalls – blocking the unacceptable by checking moving traffic against rules
• General issues to consider with WANs, WLANs and LANs
• Key questions to probe concerning network risk

Date and time

• 11-12th  of June 2024
• 10:00 – 18:00

Place

• Online, via Teams.
• Details will be sent to participants in advance of the course.

CPE points: 13

Cancellation policy:

• In case of cancellation 30 days before the start of the course, 0% of the participation fee must be paid.
• In case of cancellation 30-15 days before the start of the course, 50% of the participation fee must be paid.
• In case of cancellation 15 days or less before the start of the course, or no-show, 100% of the participation fee will be invoiced. This applies regardless of the reason, such as illness.

You can transfer your place to a colleague free of charge. Email sisaiset.tarkastajat@theiia.fi and let us know who will replace you.

Last registration day for this training is 4.6.2024. After that you can ask available spots by email at sisaiset.tarkastajat@theiia.fi.