Overview
An IT auditor with the skills, knowledge, and competencies to help organizations navigate the complex environment of IT risks has never been in higher demand. Every organization in every industry has become aware of the importance of proactively identifying, evaluating, and monitoring IT risks.
This course will reinforce and enhance the principles of assessing IT risks. Participants will examine ways to incorporate and implement the elements of risk assessment and audit planning; identify and apply pertinent audit and security resources; utilize tools of evaluating logical security; evaluate risks within database management systems; monitor risks within change management; test network perimeter security and cloud computing; evaluate threats within the internet of things, and add value in the IT auditor’s organization regarding business continuity and disaster recovery planning and IT governance. The participant will also emerge with increased skills regarding effective communication and presentation of the results of the IT audit to various levels of leadership within the organization. The participant will be engaged through case studies of real-life examples and scenarios and acquire a wealth of resources, templates, and guides that can be adapted to and incorporated into any industry.
Learning Options
Below are the available learning options for this course:
AuditPro
Online On-Demand
This course is available through AuditPro — a subscription-based, on-demand learning platform. As a subscriber, you will have access to an ‘all you can watch’ library of courses that are built in alignment with the National Association of State Boards of Accountancy (NASBA) standards.
Learn more & subscribeEnterprise Solutions
Tailored Experience
Bring this course to your organization at your convenience. ACI Learning can deliver this instructor-led course for your team at a chosen location or virtually. Alternatively, choose the topic(s) you need and ACI will craft a training solution to keep your team future-proof.
Customize your trainingNASBA Certified CPE
Auditing
Why you should take this course
For users with an introductory knowledge of this topic, and are searching for additional information and its application.
Who should take this course
Senior IT Auditors, Technologists, and Information Security Managers and Analysts with 2+ years of experience looking to increase their ability to move into a position of IT audit leadership.
Prerequisites
- IT Audit School
- or equivalent experience
1. Risk Assessment and Audit Planning
• IT risk definition
• IT threats and risks
• Building the IT audit program
2. Audit and Security Resources
• NIST cybersecurity framework
• Center for Internet Security (CIS)
• COSO
• COBIT
• IIA GTAGs
• ISO 27000 Security Standards
• FISMA – NIST SP800-53 R5
3. Logical Security
• Logical security concepts
• Social engineering
• Malware
• User identification and authentication
• User authorization
• Privileged access monitoring
• Log management
• Vulnerability assessments
• Middleware
• Virtualization
• Audit considerations
4. Database Management Systems (DBMS)
• Database management system concepts
• Relational databases
• Non-relational databases
• DBMS audit considerations
5. Change Management
• Change management
• Patch management
• Security configuration management (SCM)
6. Network Perimeter Security
• Network perimeter security concepts
• OSI network protocol model
• Network ports and services
• Network addressing
• Firewalls
• Demilitarized zone (DMZ)
• Intrusion detection systems (IDS/IPS)
• Zero-trust models
• Endpoint security
• Virtual private networks (VPNs)
• Wireless
7. Cloud Computing
• Cloud characteristics
• Cloud service models
• Cloud deployment models
• Cloud security
• Cloud security organizations
• Cloud SOC reports
• Cloud risks
• Audit considerations – contract
• Audit considerations – ongoing
8. Internet of Things (IoT)
• Defining the internet of things (IoT)
• IoT Improvement Act
• Code of Practice for Consumer IoT Security
• NIST considerations for IoT
• IoT security foundation
• OWASP Top 10 Risks
9. Business Continuity and Disaster Recovery Planning
• Disaster recovery planning (DRP) concepts
• Disaster recovery planning (DRP) components
• Disaster recovery planning (DRP) audit considerations
10. IT Governance
• Defining IT governance
• IT governance – ISACA Guidance
• IT governance – IIA Guidance
11. Organization and Presentation of Information
• Key components and strategies
- List key characteristics, advantages, and disadvantages of virtualization.
- Assess key considerations when preparing audit programs of virtualized environments.
- Outline key considerations when preparing audit programs of virtualization disaster recovery programs.
- List key risks and controls related to virtualized environments.
ACI Learning is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website: www.nasbaregistry.org.