NORTH AMERICA EMEA ASIA
All programs BankAudit 2013 InfoSec World Conference & Expo 2013 SuperStrategies Conference & Expo 2013 The Conference on Big Data Security
All programs The Audit Directors & Managers Symposium The MIS Audit Leadership Institute The MIS CAE Master's Program
ABOUT MIS INTERNAL AUDIT IT AUDIT INFO SECURITY IN-HOUSE TRAINING  
 
     Conferences            >      Seminars            >      Symposia            >      Webinars      Online Self Study      Training Weeks      In-House Training      Certificate Programs>      Exhibiting Info      Ways to Save      Request Info      Event Downloads      White Papers      Call for Instructors      Contact MIS      Site Map
Internal Audit IT Audit Info Security
Internal Audit IT Audit Info Security
A Risk-Based Road Map to IT Infrastructure Controls - ITP361  NEW! 
Focusing on Risk to Improve the Efficiency and Effectiveness of Your IT Audits
Learning Level: Intermediate
CPEs: 24 Fee: $2,050.00
Focus and Features Who Should Attend Agenda Register
Agenda

What You Will Learn

1. Effective IT Audit Coverage Through Risk-Based Planning
  - risk definitions: threat, vulnerability, exposure, safeguard
  - effects of risk
  - COSO ERM risk definitions
  - cost/risk balance
  - COSO Risk Assessment
  - IIA/ISACA standards on risk assessment
  - linking IT risks to business risks
  - IT risk assessment and audit planning strategies
  - IT infrastructure risks
  - integrated audits: enterprise risk coverage
  - ISACA Standards/Guidelines: Risk Assessment

2. Developing an IT Risk Assessment Framework
  - IT risk assessment steps
  - information asset integrity, confidentiality, and availability risks
  - developing the IT audit universe
  - establishing IT risk criteria
  - performing IT risk and impact/probability analyses
  - IT risk assessment guidelines

3. COSO Enterprise Risk Management
  - definition of enterprise risk management (ERM)
  - why use COSO ERM?
  - ERM objectives and components
  - COSO vs. COSO ERM
  - risk definitions
  - COSO ERM and technology

4. Using Risk-Based IT Standards and Frameworks 
  - IIA GTAG
  - ISO-27002 Security Controls
  - NIST 800-30 IT Systems Risk Management
  - NIST 800-39 Managing Information Security Risks
  - FIPS 199 Security Risk Categorization
  - NIST 800-53 Security Controls
  - NIST 800-53A Assessment Guide
  - OCTAVE Risk Evaluation 

5. Establishing Enterprise IT Risk Management
  - using COBIT® 5 for risk management enabling processes
  - evaluating, directing, monitoring IT risk management
  - ISO-27001 Establishing Information Security Management System
  - ISO-27005 Information Security Risk Management

6. Managing IT Governance Risks
  - defining IT governance within enterprise governance
  - why IT governance is critical to the enterprise
  - IT governance risks, responsibilities, and components
  - IT oversight committee
  - information security governance
  - COBIT® IT governance risks
  - IIA and ISACA governance audit standards

7. Information Security Risk Management
  - linking information risks to confidentiality, integrity, availability
  - determining information security risks
  - insider risks
  - user access management
  - information classification
  - privacy risks
  - user authentication and single sign-on risks
  - authorization risks
  - conflict matrix
  - privileged access
  - audit trail
  - managing user accounts
  - security monitoring
  - remote access
  - sensitive data on PCs and workstations
  - social engineering risks

8. IT Infrastructure Risks
  - system software
  - database management systems 
  - physical security
  - environmental controls
  - change management
  - disaster recovery planning
  - network perimeter security

9. System Development and Acquisition Risks
  - business risks of development projects
  - determining system development and acquisition risks
  - assessing project management
  - IT audit’s role in system development projects
  - IT audit independence issues

10. Outsourced IT: Identifying the Risks
  - outsourcing risks
  - offshore outsourcing risks
  - ensuring strong contractual agreements
  - how to obtain a right to audit
  - risks associated with SAS-70 reports
  - relationship monitoring risks


 

 
REGISTRATION QUESTIONS?
For questions about your registration, government and team discounts, or multiple registrations, please call Linda Ronconi at (508) 879-7999, ext. 501 or e-mail mis@misti.com.

IN-HOUSE SEMINARS
This seminar is available in-house. For more information about bringing this or other MIS seminars to your organization, please call Mimi Hatch at (410) 692-2465 or e-mail mhatch@misti.com.

 


Dates/Locations
August 5 - 7, 2013
Chicago
September 18 - 20, 2013
San Francisco
November 6 - 8, 2013
New York