Internal Audit Training, IT Audit Training Courses, Information Security Training - CPE Interactive

Continuing Professional Education for Audit, Assurance, & Info Security

Course Description

Businesses and government operations live and die by their software. Regardless of the size of your organization, lethal IT supply chain risks can come at you from all directions and can severely impact your business continuity, get you in court, and possibly even put you out of business. The compromise of SolarWinds software reported in late 2020 and Colonial Pipeline computing in 2021 has put IT and software supply chain security in the spotlight. The US Federal Government has been directed by President Biden’s Executive Order 14028 to step up the nation’s CyberSecurity, including supply chain security. Auditors must be prepared to assist management to aggressively identify and reduce serious IT and software supply chain risks. In this timely and practical seminar, we will explore IT technical supply administrative and technical CyberSecurity targets and will cover best practices for securing and auditing an organization’s software supply chain.

Learning Objectives

  • Identify IT and software supply chain control points/attack surfaces and attack methods
  • Gain familiarity with industry best practices for IT and software supply chain security and secure software design and testing
  • Evaluate different methods of CyberSecruity testing of software throughout different types of software development lifecycles (SDLCs)
  • Develop comprehensive plans to perform end-to-end audits of IT and software supply chains

Course Outline

Surveying the IT Supply Chain Landscape

  • Supply chain definitions
  • Identifying your IT supply chain
  • Notable software supply chain attacks
  • Software supply chain risk management and countermeasures

Auditing Secure Software Design and Testing

  • Application software development lifecycles (SDLCs)
  • Software configuration management (SCM), version management, and change control
  • Common software flaws and exploits
  • Open source software (OSS) risks and safeguards
  • Commercial off-the-shelf software (COTS) rewards and risks
  • End-user computing and Shadow IT risks and controls
  • Software assurance and testing throughout the SDLC

Wrap-up

  • End-to-end software supply chain security and audit checklist
  • Sources of information, checklists, and tools

Additional Information

Who Should Attend
  • IT Auditors
  • Information Security Managers, Analysts, and Architects
  • IT Management, IT Architects
  • Web Site Administrators, System Administrators
  • Application Architects, Developers and Analysts
  • Consultants
Learning Level

Intermediate

Delivery

Group-Live and Group-Internet

Field

Auditing

Recommended Prerequisites

Auditing IT Application Systems or equivalent training. A basic understanding of IT audit controls and terminology is assumed.

Session Duration

On Site: 1 day

CPE Credits: 8

Questions? Contact us

Phone: +1 (781) 784-4390
Fax: +1 (781) 705-2327
Email: fill out form below

    [recaptcha size:compact class:captcha]