Internal Audit Training, IT Audit Training Courses, Information Security Training - CPE Interactive

Continuing Professional Education for Audit, Assurance, & Info Security

Course Description

The road to reliable internal control and CyberSecurity compliance can be very treacherous, full of potholes and rocks…and many forks to ponder. Compliance requirements come from all directions, shapes, and sizes…not to mention heightened attention to the protection of payment card data, personally identifiable information (PII), identity theft, and security breach disclosure legislation. Logical access controls represent the single most significant security safeguard to protect valuable data from unauthorized access…and the most common area of important audit findings by internal and external auditors.

In this widely applicable workshop, we will provide a framework for consistent and effective auditing of logical access controls. Case studies will be used to demonstrate real examples of common access controls and data collection methods for operating systems, database servers, and other software environments, emphasizing free and/or low-cost audit software procedures. Attendees will receive sample work programs and checklists that can be used to perform effective logical access audits in any context.

Learning Objectives

  • Key risks and compliance requirements associated with logical access control
  • Key building blocks of logical access control
    Locating typical logical access control points in infrastructure and applications
  • Industry best practices for logical access controls
  • Tools and techniques for auditing logical access controls

Course Outline

Planning Identity & Access Control Management I&ACM) Audits

  • Identity & Access Control Management (I&ACM) Concepts
  • I&ACM CyberSecurity Architectures
  • Documenting and Analyzing I&ACM in Distributed Applications
  • I&ACM Audit Planning

Governance, Risk, and Compliance for I&ACM

  • Risk and Compliance Management
  • CyberSecurity Risk Assessment and Information Classification
  • I&ACM Policies for CyberSpace

I&ACM CyberSecurity Services – Host & Enterprise

  • User Identification and Authentication
  • Access Control Authorization & Protection
  • Audit Logging & Monitoring
  • Single Sign-On Authentication Systems
  • Network Authentication Services
  • Enterprise Directory Services
  • Application Path Access Path Analysis
  • Digital Signatures and Public Key Infrastructure (PKI)

I&ACM Audit Data Collection*

  • Collecting I&ACM Audit Data from Server Operating Systems: Windows, Unix/Linux
  • Collecting I&ACM Audit Data from Database Management Systems: Microsoft SQL Server, Oracle

*Included in 3 –day lecture/demo and 5 –day hands-on courses only

Additional Information

Who Should Attend

IT Auditors
Information Security Managers, Analysts, and Architects
IT Management
IT Architects
Consultants

Learning Level

Intermediate

Delivery

Group-Live

Field

Auditing

Recommended Prerequisites

Introduction to IT Auditing (AA01) or equivalent training. A basic understanding of IT audit controls and terminology is assumed.

Session Duration

Online: N/A

On Site: Lecture 2 or 3 days; Hands-on: 5 days

CPE Credits: Lecture: 16 or 24; Hands-on: 40