Online: Introduction to Information Systems Auditing
Lisätiedot
Aika
11.06.2024 10:00 - 12.06.2024 18:00
Paikka
Online
Hinta
Jäsenet:
1050,- euroa (alv 0)
Muut:
1395,- euroa (alv 0)
Tapahtuman kuvaus
Who is this course for?
This course is open to all, but an understanding of audit terminology and of the risk-based auditing process is assumed.
What will I learn?
Upon completion you will be able to:
- Identify risks and controls that impact an organisation’s information processing;
- Perform reviews of live application systems;
- Perform reviews of systems under development;
- Review physical security within the organisation;
- Review contingency and business resumption plans;
- Review logical security; duck
- Perform elementary network reviews.
The course is accompanied by a softcopy manual that contains course text, practical examples and will be accompained by work programmes to use on return to work.
Course programme
RISKS ASSOCIATED WITH SYSTEMS
- Generic IT risks – confidentiality, availability, integrity, and accountability
- Specific IT risks – those associated with applications or services
- Creating an Audit Plan for IT – the IT Audit Universe
AUDITING LIVE SYSTEMS USING A RISK BASED APPROACH
- Control by design
- Where to look for controls
AUDITING NEW SYSTEMS AND CHANGE
- Formal methods and Semi-formal methods
- Rapid application development – RAD
- Agile
AUDITING IT, CONFIGURATION AND CHANGE MANAGEMENT
- Configuration Management – key questions for reviewers
- Change Management – key questions for reviewers
PHYSICAL SECURITY, LOGICAL SECURITY
- Registration, Identification, Authentication, Authorisation and Logging
- The user community – finding them, extracting them
- Permissions or authorisations
- Event logging – journals – trails
- Systems Administration
CONTINGENCY AND DISASTER AVOIDANCE
- ISO 27031
- Determining the range of services that you require and their priority
- Additional supplier support options to supplement organisational capacity
- Maintaining the plan
- Testing the plan
SIMPLE NETWORKING TERMINOLOGY AND CONCEPTS
- Network terminology – short and long haul – LAN / WLAN and WAN
- Network diagrams – contextual, logical, physical
- LAN – Local Area Network
- WANs – Wide Area Networks
- Switches – separating parts of networks – segmenting networks
- Routers – the traffic policemen controlling flow according to rules and a route map
- Firewalls – blocking the unacceptable by checking moving traffic against rules
- General issues to consider with WANs, WLANs and LANs
- Key questions to probe concerning network risk
Date and time
- 11-12th of June
- 10:00 – 18:00
Place
- Online, via Teams.
- Details will be sent to participants in advance of the course.
CPE points: 13
Cancellation policy:
- In case of cancellation 30 days before the start of the course, 0% of the participation fee must be paid.
- In case of cancellation 30-15 days before the start of the course, 50% of the participation fee must be paid.
- In case of cancellation 15 days or less before the start of the course, or no-show, 100% of the participation fee will be invoiced. This applies regardless of the reason, such as illness.
You can transfer your place to a colleague free of charge. Email sisaiset.tarkastajat@theiia.fi and let us know who will replace you.
Last registration day for this training is 4.6.2024. After that you can ask available spots by email at sisaiset.tarkastajat@theiia.fi.