NORTH AMERICA EMEA ASIA
All programs BankAudit 2013 InfoSec World Conference & Expo 2013 SuperStrategies Conference & Expo 2013 The Conference on Big Data Security
All programs The Audit Directors & Managers Symposium The MIS Audit Leadership Institute The MIS CAE Master's Program
ABOUT MIS INTERNAL AUDIT IT AUDIT INFO SECURITY IN-HOUSE TRAINING  
 
     Conferences            >      Seminars            >      Symposia            >      Webinars      Online Self Study      Training Weeks      In-House Training      Certificate Programs>      Exhibiting Info      Ways to Save      Request Info      Event Downloads      White Papers      Call for Instructors      Contact MIS      Site Map
Internal Audit IT Audit Info Security
Internal Audit IT Audit Info Security
How to Perform an IT General Controls Review - ITG201 
IT Controls for Governance, Risk, and Compliance
Learning Level: Basic
CPEs: 24 Fee: $2,150.00
Focus and Features Who Should Attend Agenda Register
Agenda

What you Will Learn
1. Risk-Based Audit Planning for IT General Controls
- introduction to IT general controls
- the relationship between general and application controls
- risks/controls
- centralized vs. distributed environments
- Sarbanes-Oxley and IT Controls

2. The Role of Governance, Risk, and Compliance (GRC)
- GRC defined
-evolution of governance
-common concepts of oversight
-approaches to risk management
-IT risk management
-history of compliance
-methodologies for addressing the “Regulators”

3. ITIL Version 3: An Introduction
- what is ITIL
- the ITIL vocabulary
- ITIL components and their objectives
- Service Strategy
- Service Design
- Service Transition
- Service Operation
- Continual Service Improvement

4. COBIT 4.1
- where COBIT came from and its intent
- the current release of COBIT: an analysis
- impact of COBIT on IT
- uses of COBIT from a different perspective: IT, internal audit, external parties

5. Common Compliance Regulations
- Sarbanes-Oxley (SOX)
- Model Audit Rule (MAR)
- Payment Card Industry (PCI)
- Health Insurance Portability and Accountability Act (HIPAA)
- state privacy laws
- reconciling IT general controls to compliance requirements

6. Hardware/Software Infrastructure
- COBIT control objectives
- hardware infrastructure
-- centralized vs. distributed
-- hardware acquisition, contracts, and inventories
-- equipment maintenance/utilization
-- hardware audits
- software infrastructure: operating systems
-- components
-- risks/exposures
-- patch management
-- operating system audits
- software infrastructure: database management
-- components
-- restart/recovery/reliability
-- database advantages/concerns
-- distributed databases
-- database administration controls
-- database audits
- system software audit steps

7. Logical Access Controls
- COBIT control objectives
- access control components
- authentication: passwords, tokens, biometrics
- authorization of user access rights
- managing user accounts
- access control systems
- audit trail
- security monitoring
- remote access
- sensitive data on PCs and workstations
- security administration
- single sign-on (SSO) authentication
- access control best practices

8. Physical and Environmental Controls
- COBIT control objectives
- physical security objectives, risks, and exposures
- physical security controls
- environmental exposures and risks
- environmental controls

9. Network Perimeter Security
- COBIT control objectives
- network security threat/risk analysis
- network security strategy
- data communication software
- OSI Model
- TCP/IP
- firewalls / DMZ
- intrusion detection systems
- remote access / wireless access
- Internet risks

10. Change Management
- COBIT control objectives
- change management risks
- translation from source code to executable modules
- change management process
-- change requests
-- testing changes
-- implementation approval
-- program migration
-- contingency plans
-- system documentation
-- executable and source code integrity
-- emergency changes
- vendor-supplied source code
- library / change control software
- distribution systems version control
- audit steps

11. Disaster Recovery and Business Continuity Planning
- COBIT control objectives
- disasters and disruptive events
- disaster recovery and business continuity planning
- business impact analysis (BIA)
- recovery time objectives (RTO)
- disaster recovery strategy
- business continuity strategy
- disaster recovery sites
- disaster recovery teams
- off-site storage
- data backup and recovery
- telecommunications networks
- testing the recovery plan
- continuity plan maintenance
- contract requirements
- audit steps

12. Automated Tools for IT and Testing
- the significance of automated controls
- selected automated vendor tool sets
- leveraging solutions IT has already implemented
- using IT audit tools
- GRC tools

13. Planning and Executing General Control Reviews
- risk assessment
- audit strategy and planning
- planning memo
- key documents needed for the audit
- audit programs
- testing controls
- audit workpapers
- audit report

 
REGISTRATION QUESTIONS?
For questions about your registration, government and team discounts, or multiple registrations, please call Linda Ronconi at (508) 879-7999, ext. 501 or e-mail mis@misti.com.

IN-HOUSE SEMINARS
This seminar is available in-house. For more information about bringing this or other MIS seminars to your organization, please call Mimi Hatch at (410) 692-2465 or e-mail mhatch@misti.com.

 


Dates/Locations
May 6 - 8, 2013
Orlando
October 21 - 23, 2013
New York