Internal Audit Training, IT Audit Training Courses, Information Security Training - CPE Interactive

Continuing Professional Education for Audit, Assurance, & Info Security

Course Description

TCP/IP networking is the lifeblood of modern business applications, but its ancient design and fundamentally insecure network services carries a lot of important risks. As more critical business applications move from centralized legacy systems to distributed systems, the open peer-to-peer architecture concept and poorly tested software leave organizations open to a wide array of CyberSecurity and control risks. In this information-packed workshop, you will review the CyberSecurity and CyberAudit implications of local-area network (LAN) and wide-area area network (WAN) infrastructures, uncover the risks in the technologies, and identify cost‑effective tools for preventing and detecting serious CyberSecurity loopholes.

Learning Objectives

  • Understand how networks work and where important CyberSecurity control points are located in different network scenarios
  • Utilize the OSI and TCP/IP protocol stack models to position different types of CyberSecurity controls and IT audit objectives
  • Understood key risks and security controls for TCP/IP applications and network appliances
  • Identify tools and techniques for performing useful CyberSecurityrisk assessment of network applications on internal and external networks

Course Outline

Developing a Framework for Network CyberSecurity Audits

  • Network terminology
  • Locating key network CyberSecurity control points
  • Major risks to network CyberSecurity
  • Overview of network communications standards and protocols
  • Open Systems Interconnection (OSI) reference model
  • Transmission Control Protocol/Internet Protocol (TCP/IP)
  • Network addressing fundamentals
  • Leveraging network utilities and services as CyberAudit tools

Defining the Physical/Media Access Network Technologies

  • Common network transmission media: copper wire, fiber optics, wireless
  • Common LAN topologies: Ethernet, FDDI, WLAN
  • WAN and Internet connections: analog dial-up, leased lines, residential broadband, wireless broadband
  • Switched WAN network service operation and security: Frame Relay, ATM, MPLS

Managing Network Application Services Security Risks

  • TCP/IP applications (ports) and associated CyberSecurity risks
  • Voice over IP (VoIP) CyberSecurity risks and safeguards
  • Host-based and network-based tools for locating and assessing active network services CyberSecurity
  • Developing a TCP/IP application risk analysis and management methodology

Enterprise Network Address Management and Directory Services

  • IP Address management (DHCP)
  • Domain Name System (DNS)
  • Lightweight Directory Access Protocol (LDAP) directories
  • Tools and techniques for auditing address management and directory services servers

Network Appliances: Functionality, Management, CyberSecurity, and CyberAudit*

  • Positioning network interconnection devices in the OSI Reference Model
  • Network domains and segmentation
  • Network device maintenance/management port access security
  • Simple Network Management Protocol (SNMP)
  • Authentication, Authorization, and Accounting (AAA): TACACS+, RADIUS, Diameter
  • Networked printers, print servers, and multi-function office devices
  • Wireless LAN access points
  • Firewall fundamentals
  • Review of sample network device configurations
  • Best practices for network interconnection device security and audit and how to correct them

*Included in 3-day lecture/demo and 5-day hands-on courses only

Additional Information

Who Should Attend

IT Auditors
Information Security Managers, Analysts, and Architects
IT Management
IT Architects
System Administrators
Compliance Officers
Consultants

Learning Level

Intermediate

Delivery

Group-Live

Field

Auditing

Advanced Preparation

None

Recommended Prerequisites

How to Perform an IT General Controls Review (AA03) or equivalent training. A basic understanding of IT audit controls and terminology is assumed.

Session Duration

Online: N./A

On Site: Lecture: 2 or 3 days; Hands-on: 5 days

CPE Credits: Lecture: 16 or 24; Hands-on: 40