Internal Audit Training, IT Audit Training Courses, Information Security Training - CPE Interactive

Continuing Professional Education for Audit, Assurance, & Info Security

Course Description

Fueled by a growing number of PII data breach laws, Payment Card Industry Data Security Standard (PCI DSS), and alarming frequency of Cyberdata leakage, cryptography is becoming a necessary safeguard in many applications. In the down-to-earth workshop, we will build on the basic cryptography knowledge required for a CISA and expand the playing field to systematically cover the use cryptography as a major CyberSecurity safeguard for a variety of essential modern-day business applications. Highlighted will be a wide array of common CyberSecurity applications of encryption and key audit points covering “data at rest” as well as “data in motion” traveling over the Internet and other untrusted network connections. We focus only on the practical, operational aspects of cryptography for CyberSecurity, NOT on the related complex mathematics and formulas. Numerous diagrams, information worksheets, references, and checklists will be provide to equip auditors with the necessary tools and know-how to effectively assess the prudent and secure use of the often mystifying area of cryptography

Learning Objectives

  • Understanding the operation and use of cryptographic algorithms: symmetric, asymmetric, message digest/hashing, message authentication codes
  • Identifying important security services provided by cryptography: data confidentiality, digital signatures, secure key exchange, authentication, data integrity
  • Identifying key control points and associated safeguards for Public Key Infrastructure (PKI)
  • Learning how to audit practical applications of cryptography

Course Outline

Demystifying Cryptography

  • Identifying applications and risks requiring the use of cryptography
  • Identifying important security services provided by cryptography: data confidentiality, digital signatures, secure key exchange, authentication, data integrity
  • Operating characteristics, applications, and trade-offs associated with the major cryptographic algorithm families:
    • Symmetric (shared key)
    • Asymmetric (public key/private key)
    • Hashing (message digest)
    • Message authentication codes (MACs)

Public Key Infrastructure (PKI)

  • Digital certificates and Certificate Authorities (CA)
  • Public key infrastructure (PKI) workflow and control points: Registration Authority, (RA), Root Certificate Authority, Intermediate Certificate Authority, Validation Authority
  • Auditing key management, key escrow, key recovery, and PKI controls

Auditing Practical Applications of Cryptography

  • Assessing the use of cryptography for workstation security
  • Auditing the use and implementation of encryption in TLS/SSL applications
  • Auditing IPSec and SSL VPNs
  • Analyzing secure e-mail systems

Additional Information

Who Should Attend
  • IT Auditors
  • Information Security Managers, Architects, and Analysts
  • IT Management and Architects
  • System Administrators/Software Engineers
  • Network Administrators/Engineers
  • Consultants
Learning Level

Intermediate

Delivery

Group-Live

Field

Auditing

Recommended Prerequisites

Planning and Conducting IT General Control Reviews (AA03) or equivalent training. A basic understanding of IT audit controls and terminology is assumed.

Session Duration

Online: N/A

On Site: 1 day

CPE Credits: 8