Course Description
Remote access has long been a way of life for many in the auditing, sales, and IT support professions, but the advent and implications of global pandemics has dramatically expanded the population to include everyday remote, work from home workers. The increased use of remote access and mobility has brought a lot of realized risks including: reduced employee supervision, ransomware attacks, phishing and identity theft, and data compromise. In this timely and highly relevant workshop, we will identity major control points and the significant risks associated with remote access and mobile computing. CyberSecurity best practices and practical audit techniques associated with remote access and mobile computing will be presented.
Learning Objectives
- Define control points and significant risks associated with remote access and mobile device security
- Identify best practices for controlling and securing remote access and mobile devices
- Develop practical procedures for auditing the control and security of remote access and mobile device security
- Locate sources of additional information and tools associated with remote access and mobile device security
Course Outline
Defining the Remote Access / Mobile Computing Landscape
- Defining the cyberSecurity Technology landscape
- Remote access and mobility risk management
Network User Authentication
- Authentication credentials
- Multi-factor authentication (MFA)
- Point-to-point protocol (PPP)network authentication—PAP, CHAP, EAP
- Authentication, authorization, accounting (AAA) – RADIUS, TACACS+
- Port security / network access control (NAC)
- Zero trust network access (ZTNA)
- Enterprise directory services
Securing Remote Access
- Remote access technologies
- Network protocols and security services
- Jump boxes and privileged access workstations (PAWs)
- Virtual private networks (VPNs)
- Remote desktop virtualization —VDI, RDP/RDS, desktop as a service (DaaS)
- Virtual conferencing
- Wireless risks and Safeguards
- Internet of things (IoT) risks
- Remote access security technical audits
Mobile Computing Security
- Defining the mobile device landscape
- Mobile device policies and deployment models
- Mobile device endpoint security
- Media security and data loss prevention (DLP)
- Auditing mobile computing security
Wrap-up Summary
- Top 10 remote access security safeguards
- Sources of additional information and tools
Additional Information
Who Should Attend
- IT Auditors
- Information Security Managers, Analysts, and Architects and administrators
- IT Management, IT Architects, Network Engineers
- Consultants
Learning Level
Intermediate
Delivery
Group Live
Field
Auditing
Advanced Preparation
None
Recommended Prerequisites
Introduction to IT Auditing (AA01) or equivalent training. A basic understanding of IT audit controls and terminology is assumed.
Session Duration
On Site: 2 day
CPE Credits: 16