Internal Audit Training, IT Audit Training Courses, Information Security Training - CPE Interactive

Continuing Professional Education for Audit, Assurance, & Info Security

Course Description

TCP/IP networking is the foundation and conduit for modern business applications, but its ancient design and fundamentally insecure network services carries a lot of important risks. The open peer-to-peer architecture concept and poorly tested software leave organizations open to a wide array of CyberSecurity and control risks. In this information-packed workshop, you will review the CyberSecurity and CyberAudit implications of TCP/IP network security and identify cost‑effective tools for identifying, preventing and detecting serious CyberSecurity loopholes.

Learning Objectives

  • Understand how networks work and where important CyberSecurity control points are located in different network scenarios
  • Utilize the OSI and TCP/IP protocol stack models to position different types of CyberSecurity controls and IT audit objectives
  • Understood key risks and security controls for TCP/IP applications and network appliances
  • Identify tools and techniques for performing useful CyberSecurityrisk assessment of network applications on internal and external networks

Course Outline

Developing a Framework for Network CyberSecurity Audits

  • Network terminology
  • Locating key network CyberSecurity control points
  • Major risks to network CyberSecurity
  • Overview of network communications standards and protocols
  • Open Systems Interconnection (OSI) reference model
  • Transmission Control Protocol/Internet Protocol (TCP/IP)
  • Network addressing fundamentals
  • Leveraging network utilities and services as CyberAudit tools

Managing Network Application Services Security Risks

  • TCP/IP applications (ports) and associated CyberSecurity risks
  • Tools for locating and assessing active network services and associated risks
  • Developing a TCP/IP application risk analysis and management methodology

Network Devices: Functionality, Management, CyberSecurity, and CyberAudit

  • Network device audit targets
  • Network device maintenance/management port access security
  • Network user authentication: multi-factor authentication, RADIUS, TACACS+, Extensible Authentication Protocol (EAP)
  • Network segmentation for performance and security: virtual LANs (VLANs), access control lists (ACLs), port security
  • Internet of Things (IOT) risks and countermeasures
  • Best practices for network device CyberSecurity and CyberAudit

Planning and Scoping Out CyberSecurity Network Audits – Internal and External

  • Developing a CyberSecurity Audit plan for your intranet
  • Developing a CyberSecurity Audit plan for your DMZ and other public facing network connections
  • Sources of additional information and tools

Additional Information

Who Should Attend

IT Auditors
Information Security Managers, Analysts, and Architects
IT Management
IT Architects
System Administrators
Compliance Officers
Consultants

Learning Level

Intermediate

Delivery

Group-Live

Field

Auditing

Advanced Preparation

None

Recommended Prerequisites

How to Perform an IT General Controls Review (AA03) or equivalent training. A basic understanding of IT audit controls and terminology is assumed.

Session Duration

Online: N./A

On Site: 1 day

CPE Credits: 8