Internal Audit Training, IT Audit Training Courses, Information Security Training - CPE Interactive

Continuing Professional Education for Audit, Assurance, & Info Security

Course Description

Data network infrastructures provide the highways of accessibility to modern business applications; however, these high speed data highways, if improperly safeguarded, can also open avenues of external and internal attack and abuse. Over the years, for a variety of reasons, the topic of auditing networks has often been misunderstood and viewed as a technical mystery. In this down-to-earth, no nonsense workshop, we will clearly identify and demonstrate practical methods to discover, document and audit the critical control points, risks, and safeguards in numerous forms of common network technologies, both internal and external, Internet facing infrastructures used in most modern organizations.

In addition to control issues common to both internal and external network infrastructure security controls and audit procedures, such as network device security and change control, we identify the main IT audit focal points for public/Internet connections including: firewalls and proxy servers, virtual private networks

Learning Objectives

  • Understand how networks work and where important CyberSecurity control points are located in different network scenarios
  • Utilize the OSI and TCP/IP protocol stack models to position different types of CyberSecurity controls and IT audit objectives
  • Understood key risks and security controls for TCP/IP applications and network appliances
  • Identify tools and techniques for performing useful CyberSecurity risk assessment of network applications on internal and external networks

Course Outline

Developing a Framework for Network CyberSecurity Audits

  • Network terminology
  • Locating key network CyberSecurity control points
  • Major risks to network CyberSecurity
  • Overview of network communications standards and protocols
  • Open Systems Interconnection (OSI) reference model
  • Transmission Control Protocol/Internet Protocol (TCP/IP)
  • Network addressing fundamentals
  • Leveraging packet analyzers, and command-line utilities and web site services as CyberAudit tools

Managing Network Application Services Security Risks

  • TCP/IP applications (ports) and associated CyberSecurity risks
  • NMAP, Netstat, and other tools for locating and assessing active network services and associated risks
  • Developing a TCP/IP application risk analysis and management methodology

Network Devices: Functionality, Management, CyberSecurity, and CyberAudit

  • Network device audit targets
  • Network segmentation for performance and security: virtual LANs (VLANs), access control lists (ACLs), port security
  • Network device maintenance/management port access security
  • Network user authentication: multi-factor authentication, RADIUS, TACACS+, Extensible Authentication Protocol (EAP)
  • Internet of Things (IOT) risks and countermeasures
  • Examining sample network device configuration files for risk and compliance

DMZ Security and Audit

  • Identifying key DMZ CyberSecurity control points and their security roles
  • Reviewing and assessing firewall and proxy server configurations
  • Evaluating VPN security configurations
  • Cloud Access Security Brokers (CASBs) and other web connection devices and services

Planning and Scoping Out CyberSecurity Network Audits – Internal and External

  • Developing a CyberSecurity Audit plan for your intranet
  • Developing a CyberSecurity Audit plan for your DMZ and other public facing network connections
  • Sources of additional information and tools

Additional Information

Who Should Attend

IT Auditors
Information Security Managers, Analysts, and Architects
IT Management
System Administrators
Compliance Officers
Consultants

Learning Level

Intermediate

Delivery

Group Live

Field

Auditing

Advanced Preparation

None

Recommended Prerequisites

How to Perform an IT General Controls Review (AA03) or equivalent training. A basic understanding of IT audit controls and terminology is assumed.

Session Duration

On Site: 3 days

CPE Credits: 27

Questions? Contact us

Phone: +1 (781) 784-4390
Email: fill out form below

    [recaptcha size:compact class:captcha]