the industry calendar
Course/Product Description

Intermediate IT Audit School

Format: In-Person Seminar
Find A Class Near You: View Dates And Locations For This Seminar

Intermediate IT Audit School
From the EU Data Protection Act to Sarbanes-Oxley, recent regulations require organizations to ensure appropriate levels of protection for their critical information assets.

In this practical, four day seminar you will immerse yourself in a blended risk- and compliance-based approach to IT auditing that will ensure the confidentiality, integrity, and availability of your information assets throughout the enterprise.

Learning Objectives:

  • How to apply COBIT® and ISO-27002 as an overall framework for your IT audits
  • Identify authoritative sources for audit program requirements associated with major US and international government and industry legislation, standards, and frameworks, including SOX, HIPAA, GLBA, FFIEC, GAO/FISMA, PCI DSS, ITIL, OWASP
  • Determine risk and compliance levels in such critical management and technical areas of the IT environment as governance, information security, operating systems, database management systems, network infrastructure security, application software design and change controls, physical security, and business continuity planning

Each topic will be accompanied by summary checklists of key audit procedures and audit points, representing IT controls best practices. (Note: This seminar covers topics found in all chapters of the CISA Review Manual.)


1. Risk Assessment And Audit Planning
  • IT Threats, Risks And Exposures
  • Risk Definition
  • IT Risk Assessment
  • IT Infrastructure Risks
  • Information Classification
  • Building The IT Audit Universe
  • Establishing Risk Criteria
  • IT Risk Assessment Resources
2. Compliance Management: Regulations, Standards And Frameworks
  • Regulatory Compliance Challenges
  • Us And International Regulatory Laws And Standards
  • Identifying And Leveraging IT, IT Audit And Security Frameworks
  • Using COBIT®, ISO 27002, ITIL, GAO/FISMA, And Other Standards As A Foundation For Your IT Audit Framework
  • Integrating Compliance Requirements Into The Audit Plan
3. IT Governance
  • Defining IT Governance
  • IT Governance Risks And Responsibilities
  • IT Governance Components
  • Information Security Governance
  • Separation Of Duties
  • Audit Procedures
4. User Access Controls
  • Common Access Control Issues
  • Social Media And Social Engineering
  • User Access Controls
  • User Identification And Authentication
  • Authorization
  • Log Management
  • Privileged Access Monitoring
  • Distributed Web Applications
  • Mobile Computing
  • User Access Audit Procedures
5. Encryption Demystified
  • Encryption Concepts And Key Management
  • Symmetric Key Encryption
  • Asymmetric Key Encryption
  • Digital Signatures
  • Public Key Infrastructure (PKI)
  • Certificate Authorities (CAS)
  • Encryption Key Management Audit Steps
6. Network Perimeter Security
  • Network Terminology And Risk Analysis
  • OSI Network Protocol Model
  • Threat And Vulnerability Management
  • Firewalls
  • Intrusion Detection Systems (IDS/IPS)
  • Virtual Private Networks (VPNS)
  • Wireless
  • Cloud Computing
  • Audit Procedures
7. Operating System Software
  • Types Of System Software
    Virtualization And Hypervisors
  • Patch Management
  • Privileged Administrative Access
  • Vulnerability Assessments (Health Checks)
  • Log Management
  • Audit Procedures
8. Database Management Systems (DBMS)
  • Database Management System Concepts
  • Database Terminology
  • Relational Databases
  • Structured Query Language (SQL)
  • DBMS Risks And Controls
  • Audit Procedures
9. System Development And Change Management
  • System Development Business Risks
  • Audit’s Primary Objectives On Systems Development Projects
  • Systems Development Methodologies
  • Assessing Project Management
  • Audit As A Value Added Service
  • Configuration And Change Management
  • Web Application Development Risks And Controls
  • End User Computing Risks And Controls
  • Audit Procedures
10. Business Continuity And Disaster Recovery Planning
  • Disaster Recovery Planning (DRP)
  • Business Continuity Planning (BCP)
  • Business Impact Analysis (BIA)
  • Recovery Point Objectives (RPO)
  • Recovery Time Objectives (RTO)
  • Application Recovery Priority
  • Continuity Plans And Procedures
  • Audit Procedures
11. Auditing Outsourced IT Operations
  • Outsourcing Risks
  • Ensuring Strong Contractual Agreements
  • Right To Audit
  • SSAE-16, SOC1, SOC2, SOC3 Reports
  • Relationship Monitoring
  • Audit Focus Areas
12. Executing IT Audits
  • IT Audit Planning
  • Testing IT Controls
  • Integrated Auditing
  • IT Audit Resources
You will receive the Standard Edition of the MIS Swiss Army Knife Reference listing hundreds of valuable information security and IT audit resources.

Prerequisite: IT Auditing and Controls, IT Audit School, or equivalent experience. Familiarity with basic IT controls terminology and concepts is assumed.

Learning Level: Intermediate

Dates & Times
Classes start on the date(s) posted herein, and run from 8:30am to 5pm daily, except for the last day of class, which ends at 3pm.
About The Provider: Founded in 1978, and with offices in the USA, UK, and Asia, MIS Training Institute - aka MISTI - is the international leader in audit and information security training.

Helping audit and infosecurity professionals stay at the top of their game has always been at the core of MISTI's mission. To that end, MISTI has developed and focused its seminars, conferences, and symposia on the wide-ranging needs of auditors and information security practitioners who are charged with controlling complex systems and business environments.

All MISTI training classes are led by industry experts. MISTI training classes are delivered by professionals who have been in the field and practice what they teach. Additionally, MISTI training's unparalleled course curriculum covers the most up-to-the-minute topics, provides proven audit and security practices, and delivers the information needed to be successful in today's organizations.

MIS Training Institute is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing education on the National Registry of CPE Sponsors. NASBA Sponsor Number: 103321

Cancellation/Refund Policy: MIS Training Institute

A full refund less a $100 administrative fee will be given for cancellations received 15 days or more before the event. Tuition is non-refundable for cancellations made 14 days or less before the event. You may, however, transfer your tuition to another MIS Training Institute event, less a $195 administrative fee. Transfers are valid for 12 months from the time of initial cancellation. Substitutions are welcome at any time.

Those who do not cancel before the MISTI event date and who do not attend are responsible for the full non-refundable, non-transferable tuition.
Price: $2,063.00
More Info: Contact Us For More Information
Share This: Share on Facebook

Share on Twitter

Keywords For This Course:


Currently Scheduled Dates For This Seminar
There currently are no scheduled dates for this seminar. Please click here to search for another course.
Webinars HR Payroll Safety Workers' Comp Bank/Mortgage CPA/Accounting In-Person Seminars HR Payroll Safety Workers' Comp Bank/Mortgage CPA/Accounting Online/Self-Study HR Payroll Safety Workers' Comp Bank/Mortgage CPA/Accounting
The Industry Calendar | 5755 North Point Parkway, Suite 228
Alpharetta, GA 30022
Copyright 2020
Web site development by OTAU