Internal Audit Training, IT Audit Training Courses, Information Security Training - CPE Interactive

Continuing Professional Education for Audit, Assurance, & Info Security

Course Description

TCP/IP networking is the lifeblood of modern business applications, but its ancient design and fundamentally insecure network services carries a lot of important risks. As more critical business applications move from centralized legacy systems to distributed systems, the open peer-to-peer architecture concept and poorly tested software leave organizations open to a wide array of CyberSecurity and control risks. In this information-packed workshop, you will review the CyberSecurity and CyberAudit implications of local-area network (LAN) and wide-area area network (WAN) infrastructures, uncover the risks in the technologies, and identify cost‑effective tools for preventing and detecting serious CyberSecurity loopholes.

Learning Objectives

  • Understand how networks work and where important CyberSecurity control points are located in different network scenarios
  • Utilize the OSI and TCP/IP protocol stack models to position different types of CyberSecurity controls and IT audit objectives
  • Understood key risks and security controls for TCP/IP applications and network appliances
  • Identify tools and techniques for performing useful CyberSecurityrisk assessment of network applications on internal and external networks

Course Outline

Developing a Framework for Network CyberSecurity Audits

  • Network terminology
  • Locating key network CyberSecurity control points
  • Major risks to network CyberSecurity
  • Overview of network communications standards and protocols
  • Open Systems Interconnection (OSI) reference model
  • Transmission Control Protocol/Internet Protocol (TCP/IP)
  • Network addressing fundamentals
  • Leveraging network utilities and services as CyberAudit tools

Defining the Physical/Media Access Network Technologies

  • Common network transmission media: copper wire, fiber optics, wireless
  • Common LAN topologies: Ethernet, FDDI, WLAN
  • WAN and Internet connections: analog dial-up, leased lines, residential broadband, wireless broadband
  • Switched WAN network service operation and security: Frame Relay, ATM, MPLS

Managing Network Application Services Security Risks

  • TCP/IP applications (ports) and associated CyberSecurity risks
  • Voice over IP (VoIP) CyberSecurity risks and safeguards
  • Host-based and network-based tools for locating and assessing active network services CyberSecurity
  • Developing a TCP/IP application risk analysis and management methodology

Enterprise Network Address Management and Directory Services

  • IP Address management (DHCP)
  • Domain Name System (DNS)
  • Lightweight Directory Access Protocol (LDAP) directories
  • Tools and techniques for auditing address management and directory services servers

Network Appliances: Functionality, Management, CyberSecurity, and CyberAudit*

  • Positioning network interconnection devices in the OSI Reference Model
  • Network domains and segmentation
  • Network device maintenance/management port access security
  • Simple Network Management Protocol (SNMP)
  • Authentication, Authorization, and Accounting (AAA): TACACS+, RADIUS, Diameter
  • Networked printers, print servers, and multi-function office devices
  • Wireless LAN access points
  • Firewall fundamentals
  • Review of sample network device configurations
  • Best practices for network interconnection device security and audit and how to correct them

*Included in 3-day lecture/demo and 5-day hands-on courses only

Additional Information

Who Should Attend

IT Auditors
Information Security Managers, Analysts, and Architects
IT Management
IT Architects
System Administrators
Compliance Officers

Learning Level






Advanced Preparation


Recommended Prerequisites

How to Perform an IT General Controls Review (AA03) or equivalent training. A basic understanding of IT audit controls and terminology is assumed.

Session Duration

Online: N./A

On Site: Lecture: 2 or 3 days; Hands-on: 5 days

CPE Credits: Lecture: 16 or 24; Hands-on: 40