What You Will Learn
1. Risk Assessment and Audit Planning
- IT threats, risks and exposures
- risk definition
- IT risk assessment
- IT infrastructure risks
- dealing with risks: cost/risk balance
- information classification
- tools for IT risk assessment

2. Compliance Management: Regulations, Standards, and Frameworks
- types of common laws
- regulatory compliance challenges
- US and international regulatory laws and standards
- data breach, encryption, and other important state statute topics
- identifying and leveraging IT, IT audit and security frameworks
- using COBIT®, ISO 27001/27002, ITIL, GAO/FISMA, and other standards as a foundation for your IT audit framework
- integrating compliance requirements in the audit plan

3. IT Governance
- IT governance risks, responsibilities, and components
- IT steering (oversight) committee
- information security governance
- information security policies, standards, and procedures
- IT organization structure/responsibilities
- separation of duties
- IIA and ISACA governance audit standards
- outsourced IT operations and development
- audit procedures and checklists

4. Logical Access Controls
- common access control issues
- logical access controls
-- user identification, authentication, and account management
-- authorization and user access controls
-- audit logs and monitoring
-- security administration
- access controls for distributed, multi-tiered applications
- mobile device and application security
- audit procedures and checklists

5. Encryption Demystified
- encryption concepts
- encryption key management
- digital signatures
- public key infrastructure (PKI) and certificate authorities (CAs)
- encryption applications
- audit scoping for encryption controls
- audit procedures and checklists

6. Network Infrastructure Security
- network terminology
- network security risks and strategies
- cloud computing
- OSI and TCP/IP network protocol models
- TCP/IP application risk analysis
- network address management
- firewalls, DMZ, and perimeter security
- intrusion detection/prevention systems (IDS/IPS)
- remote access and virtual private network (VPN) security
- wireless local area network (WLAN) security
- audit procedures and checklists
- sources of network security and audit tools

7. Operating System Software
- types of system software
- server and workstation operating systems
- virtualization and hypervisors
- system software integrity and risks
- logical access controls for operating system software
- auditing system security policies: software parameters
- software patch management
- controlling privileged users and programs
- audit procedures and checklists
- sources of operating system security and audit tools

8. Database Management Systems (DBMS)
- relational databases and DBMS Architectures
- Structured Query Language (SQL)
- data dictionary/master catalog and other key DBMS control points
- DBMS system and application roles and risks
- database management risks
- DBMS access controls and recovery tools
- audit procedures and checklists
- sources of DBMS security and audit tools

9. System Development and Change Management
- system development life cycle (SDLC) models
- system development: business risks
- audit’s role, project staffing, and SDLC audit strategies
- assessing project management
- system acquisition projects
- rapid application development (RAD) and end-user computing considerations
- reducing the attack surface: Web application security exposures and safeguards
- configuration management and change controls in a distributed computing environment
- audit procedures and checklists
- sources of secure software design and testing best practice references and tools

10. Business Continuity and Disaster Recovery Planning
- business continuity planning (BCP) vs. disaster recovery planning (DRP)
- business impact analysis (BIA)
-- application recovery prioritization
-- recovery point objectives (RPO)
-- recovery time objectives (RTO)
- recovery plans and testing methods
- recovery site and telecommunications alternatives
- off-site processing and data storage controls
- lessons learned from 9/11, Katrina, and other major disasters
- audit procedures and checklists

11. Executing IT Audits
- strategies in IT audit planning
- tools and techniques for testing IT controls
- sources of industry best practice checklists and other resources for IT audit