Course Description
Remote access has long been a way of life for many in the auditing, sales, and IT support professions, but the advent and implications of global pandemics has dramatically expanded the population to include everyday remote, work from home workers. The increased use of remote access and mobility has brought a lot of realized risks including: reduced employee supervision, ransomware attacks, phishing and identity theft, and data compromise. In this timely and highly relevant workshop, we will identity major control points and the significant risks associated with remote access and mobile computing. CyberSecurity best practices and practical audit techniques associated with remote access and mobile computing will be presented.
You will:
- Define control points and significant risks associated with remote access and mobile device security
- Identify best practices for controlling and securing remote access and mobile devices
- Develop practical procedures for auditing the control and security of remote access and mobile device security
- Locate sources of additional information and tools associated with remote access and mobile device security
Learning Objectives
- Key risks and compliance requirements associated with logical access control
- Key building blocks of logical access control
- Locating typical logical access control points in infrastructure and applications
- Industry best practices for logical access controls
- Tools and techniques for auditing logical access controls
Course Outline
Auditing Remote Access and Virtual Private Networks (VPNs)
- Remote access and mobility security risks
- Remote access protocols, services, and applications
- VPN endpoint configurations—remote access, network-to-network
- VPN controls and safeguards
- VPN configuration audits
- Wireless access considerations
- Network encryption testing
Auditing Enterprise Security Services)
- User identification and authentication credentials
- Network authentication services (RADIUS, TACACS+)
- Enterprise directory services
Auditing Mobile Device Security
- Mobile device risks
- Device and data ownership issues and responsibilities
- Mobile device controls and safeguards
- End-point security
- Mobile device management (MDM) / Enterprise mobility management (EMM)
Wrap-Up Summary
Additional Information
Who Should Attend
- IT Auditors
- Information Security Managers, Analysts, and Architects and administrators
- IT Management, IT Architects, Network Engineers
- Consultants
Learning Level
Intermediate
Delivery
Group Live or Group Internet-Based
Field
Auditing
Advanced Preparation
None
Recommended Prerequisites
Introduction to IT Auditing (AA01) or equivalent training. A basic understanding of IT audit controls and terminology is assumed.
Session Duration
On Site: 1 day
CPE Credits: 8