Format: Seminar |
The following provides course information and pricing information for the course you selected.
|
| Title: |
| Duration: |
3 days |
Description:
 |
In this 3-day seminar you will examine the IT general control areas that must be addressed to ensure the confidentiality, integrity, and availability of your information assets.
You will explore critical aspects of the IT environment, including IT governance, IT infrastructure controls, information security, physical security, disaster recovery, change management and network perimeter security.
You will learn how to develop strategies for assessing the key controls in your information systems infrastructure.
In addition, you will focus on the common elements of IT compliance challenges, paying particular attention to general computer controls.
You also will examine some of the common compliance requirements of Sarbanes-Oxley, the Model Audit Rule, the payment card industry, state privacy laws, and other familiar compliance regulations, as well as how general computer and other automated controls provide a foundation for compliance.
And because IT organizations are adopting IT governance frameworks such as ITIL at staggering rates, you will also cover ITIL v3, its components, and its objectives.
AGENDA
1. Risk-Based Audit Planning for IT General Controls - introduction to IT general controls
- the relationship between general and application controls
- risks/controls
- centralized vs. distributed environments
- Sarbanes-Oxley and IT Controls
2. The Role of Governance, Risk, and Compliance (GRC) - GRC defined
- evolution of governance
- common concepts of oversight
- approaches to risk management
- IT risk management
- history of compliance
- methodologies for addressing the “Regulators”
3. ITIL Version 3: An Introduction - what is ITIL
- the ITIL vocabulary
- ITIL components and their objectives
- Service Strategy
- Service Design
- Service Transition
- Service Operation
- Continual Service Improvement
4. COBIT 4.1 - where COBIT came from and its intent
- the current release of COBIT: an analysis
- impact of COBIT on IT
- uses of COBIT from a different perspective: IT, internal audit, external parties
5. Common Compliance Regulations - Sarbanes-Oxley (SOX)
- Model Audit Rule (MAR)
- Payment Card Industry (PCI)
- Health Insurance Portability and Accountability Act (HIPAA)
- state privacy laws
- reconciling IT general controls to compliance requirements
6. Hardware/Software Infrastructure - COBIT control objectives
- hardware infrastructure
- centralized vs. distributed
- hardware acquisition, contracts, and inventories
- equipment maintenance/utilization
- hardware audits
- software infrastructure: operating systems
- components
- risks/exposures
- patch management
- operating system audits
- software infrastructure: database management
- components
- restart/recovery/reliability
- database advantages/concerns
- distributed databases
- database administration controls
- database audits
- system software audit steps
7. Logical Access Controls- COBIT control objectives
- access control components
- authentication: passwords, tokens, biometrics
- authorization of user access rights
- managing user accounts
- access control systems
- audit trail
- security monitoring
- remote access
- sensitive data on PCs and workstations
- security administration
- single sign-on (SSO) authentication
- access control best practices
8. Physical and Environmental Controls - COBIT control objectives
- physical security objectives, risks, and exposures
- physical security controls
- environmental exposures and risks
- environmental controls
9. Network Perimeter Security- COBIT control objectives
- network security threat/risk analysis
- network security strategy
- data communication software
- OSI Model
- TCP/IP
- firewalls / DMZ
- intrusion detection systems
- remote access / wireless access
- Internet risks
10. Change Management - COBIT control objectives
- change management risks
- translation from source code to executable modules
- change management process
- change requests
- testing changes
- implementation approval
- program migration
- contingency plans
- system documentation
- executable and source code integrity
- emergency changes
- vendor-supplied source code
- library / change control software
- distribution systems version control
- audit steps
11. Disaster Recovery and Business Continuity Planning - COBIT control objectives
- disasters and disruptive events
- disaster recovery and business continuity planning
- business impact analysis (BIA)
- recovery time objectives (RTO)
- disaster recovery strategy
- business continuity strategy
- disaster recovery sites
- disaster recovery teams
- off-site storage
- data backup and recovery
- telecommunications networks
- testing the recovery plan
- continuity plan maintenance
- contract requirements
- audit steps
12. Automated Tools for IT and Testing- the significance of automated controls
- selected automated vendor tool sets
- leveraging solutions IT has already implemented
- using IT audit tools
- GRC tools
13. Planning and Executing General Control Reviews- risk assessment
- audit strategy and planning
- planning memo
- key documents needed for the audit
- audit programs
- testing controls
- audit workpapers
- audit report
Who Should Attend:
IT, Financial, Operational, Business Applications, and External Auditors; Audit Managers and Directors; others who have compliance responsibilities.
Prerequisite: None
Learning Level: Basic
Advance Preparation: None
Dates & Times
Classes start on the date(s) posted herein, and run from 8:30am to 5pm daily, except for the last day of class, which ends at 1pm.
|
| Licenses / Designations / Educational Credits: |
CPE
All US States: 22 |
| About The Provider: |
Founded in 1978, MIS Training Institute is the international leader in audit and information security training, with offices in the USA, UK, and Asia. MIS’ expertise draws on experience gained in training more than 200,000 delegates across five continents.
Helping audit and infosecurity professionals stay at the top of their game has always been at the core of MIS’ mission. To that end, MIS has developed and focused its seminars, conferences, and symposia on the wide-ranging needs of internal and IT auditors and information security practitioners who are charged with controlling complex systems and business environments.
MIS’ unparalleled course curriculum covers the most up-to-the-minute topics, provides proven audit and security practices, and delivers the information needed to be successful in today’s organizations.
All MIS programs are led by industry experts…hands-on pros who have been in the field and who practice what they teach. Attendees of MIS Training Institute events benefit from unbiased practices, proven strategies, and lessons learned in the real-world.
MIS Training Institute is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing education on the National Registry of CPE Sponsors. |
| Price: |
$1,950.00 |
| More Info: |
Contact Us For More Information |
|
|
| |
|
