Internal Audit Training, IT Audit Training Courses, Information Security Training - CPE Interactive

Continuing Professional Education for Audit, Assurance, & Info Security

Course Description

Businesses and government operations live and die by their software. Regardless of the size of your organization, lethal IT supply chain risks can come at you from all directions and can severely impact your business continuity, get you in court, and possibly even put you out of business. The compromise of SolarWinds software reported in late 2020 and Colonial Pipeline computing in 2021 has put IT and software supply chain security in the spotlight. The US Federal Government has been directed by President Biden’s Executive Order 14028 to step up the nation’s CyberSecurity, including supply chain security. Auditors must be prepared to assist management to aggressively identify and reduce serious IT and software supply chain risks. In this timely and practical seminar, we will explore IT technical supply administrative and technical CyberSecurity targets and will cover best practices for securing and auditing an organization’s software supply chain.

Learning Objectives

  • Identify IT and software supply chain control points/attack surfaces and attack methods
  • Gain familiarity with industry best practices for IT and software supply chain security and secure software design and testing
  • Evaluate different methods of CyberSecruity testing of software throughout different types of software development lifecycles (SDLCs)
  • Develop comprehensive plans to perform end-to-end audits of IT and software supply chains

Course Outline

Surveying the IT Supply Chain Landscape

  • Supply chain definitions
  • Cyber supply chains (build vs buy)and their risks
  • Notable software supply chain attacks
  • Planning audits of software supply chains

Programming Concepts and Software Management

  • Computer programming and software sourcing concepts
  • Software testing and security assurance
  • Software configuration management (SCM) and version control systems (VCS)
  • Software bill of materials (SBOM)

Auditing BUILD Software Supply Chains

  • Software development lifecycles (SDLCs)
  • Application Programming Interfaces (APIs) integration
  • Open-Source Software (OSS) integration
  • Content management systems (CMS) – WordPress and beyond
  • Low code-No code
  • End-user computing and shadow IT

Auditing BUY Software Supply Chains

  • Commercial off-the-shelf software (COTS)
  • Software as a service (SaaS)


  • End-to-end cyber supply chain security and audit checklist
  • Sources of information, checklists, and tools

Additional Information

Who Should Attend
  • IT Auditors
  • Information Security Managers, Analysts, and Architects
  • IT Management, IT Architects
  • Web Site Administrators, System Administrators
  • Application Architects, Developers and Analysts
  • Consultants
Learning Level






Recommended Prerequisites

Auditing IT Application Systems or equivalent training. A basic understanding of IT audit controls and terminology is assumed.

Session Duration

On Site: 1 day

CPE Credits: 9

Questions? Contact us

Phone: +1 (781) 784-4390
Email: fill out form below

    [recaptcha size:compact class:captcha]