“Great overall program with lots of helpful information. Instructor goes in-depth in many topics which is appreciated.”
-Cailin McDuffy, Business Systems Analyst, CA
From the EU Data Protection Act to Sarbanes-Oxley, regulations require organizations to provide appropriate levels of protection for their critical information assets. To be sure, the common thread through these mandates is the requirement for security, individual privacy, and effective controls at all levels of the enterprise. In addition, frequent reports of data leakage and data theft, by insiders and outsiders, further punctuate the need for better information controls and protection.
In this practical, four-day seminar you will immerse yourself in a risk and compliance approach to IT auditing to protect the confidentiality, integrity, and availability of your information assets throughout the enterprise. You will learn how to apply COBIT® and ISO-27002 as an overall framework for your IT audits. To help you arrive at organization-specific risk and compliance IT auditing benchmarks, you will identify authoritative sources for audit program requirements associated with major US and international government and industry legislation, standards, and frameworks, including SOX, HIPAA, GLBA, GAO/FISMA, PCI DSS, ITIL, OWASP. You will concentrate on determining risk and compliance levels in such critical management and technical areas of the IT environment as IT governance, information security, operating systems, database management systems, network infrastructure security, application software design and change controls, physical security, and business continuity planning. Each topic will be accompanied by summary checklists of key audit procedures and audit points, representing IT controls best practices.
NOTE: This seminar covers topics found in all chapters of the CISA Review Manual, and is continually updated to keep pace with evolving technologies, trends, and techniques.
Prerequisite: IT Auditing and Controls, or IT Audit School, or equivalent experience. Familiarity with basic IT controls terminology and concepts is assumed.
Advance Preparation: None Learning Level: Intermediate
Delivery Method: Group-Live Field: Auditing
Bonus: You will receive the MIS Swiss Army Knife Reference Guide listing hundreds of valuable information security and IT audit resources.