IT Audit Fundamentals | ITGC – Logical Security Testing

Instructional Goal

Upon completion of this course, students will be able to identify several Logical
Security controls and perform testing for IT audits by properly evaluating the design
and operating effectiveness of each control. This course also teaches students how to identify and perform testing for Physical Security controls.

Performance Objectives

During IT audit projects based on selected Logical Security controls, the IT auditor (course student) should be able to:

  • Identify Logical Security controls to test,
  • Evaluate the design and operating effectiveness of Logical Security controls by identifying and performing adequate testing procedures, and
  • Evaluate the need for compensating controls, if applicable.
What you will learn
  • Recognize Information Technology (IT) risks.
  • Explore the primary types of IT Controls
  • Identify IT Controls that mitigate specific risks
  • Explore practices to assist with IT control implementation
  • ITGC Audit Templates
  • ITGC System Summary
  • ITGC Overview Diagram
  • ITGC SOD (Segregation of duties)
  • ITGC Questionnaire
  • ITGC Report

Information Assurance Training

IT Audit/ ITGC Framework/ SOX 404 Testing

Risk Management Framwork-RMF(NIST)

SOC1, SOC2, SOC3 (SSAE 18) Compliance Training

ERP - SAP Audit Framework (End To End Testing Training)

ERP - JDE Audit Framework (End To End Testing Training)

Non ERP Audit Framework Trainings (End To End Testing Training)

On Job Support For All Audits

Domains (Syllabus)

Domain 1: Risk Management

  1. Risk Assessment
  2. Risk Treatment
  3. Risk Mitigation
  4. Threat/Vulnerability/Impact
  5. What is Control Testing?

Domain 2: Governance

  1. Policy
  2. Procedure
  3. Guidelines
  4. Standards

Domain 3: Change Management Business Process

  1. Change Authorization
  2. Change Approval
  3. Risk Control Matrix (RCM) of Change Management
  4. Critical/Emergency Changes and how to handle those?
  5. SoD – Segregation of Duties
  6. Version Management/Source Code Management
  7. What is Production, test and development environments? What is the difference?
  8. UAT/System testing/Integrated testing
  9. Post Implementation Review

Domain 4: Identity and Access Management Business Process

  1. Provisioning Controls
  2. De-Provisioning Controls
  3. Privilege Controls testing
  4. SoD – Segregation of Duties
  5. Fire fighter user accounts
  6. SSO – Single sign-on
  7. Password Management
  8. Authentication vs Authorization
  9. How governance play a role?
  10. Enterprise Management
  11. Logical Access
  12. Remote Access Management
  13. Direct Database Access
  14. SoD – Segregation of Duties
  15. Access Recertified

Domain 5: Project Management

  1. Unapproved Projects and the risk associated with it.
  2. Project Charter
  3. SoW – Statement of Work
  4. Ineffective Project Planning
  5. Ineffective Project Monitoring
  6. Project plans and risk associated with it.

Domain 6: Physical and Environmental Security

  1. Site Facility design consideration.
  2. Perimeter Security
  3. Internal Security
  4. Facilities Security
  5. Data Centre Security
  6. Unmitigated Environmental Threats
  7. Inappropriate Access
  8. Inappropriate Environmental Controls
  9. Access Recertification

Domain 7: IT Service Operations

  1. ITSCM Objectives
  2. BIA
  3. IT Service Continuity Planning
  4. Availability Monitored
  5. Backup Management
  6. Back up Integrity Verification
  7. Offsite Storage
  8. BCP and DR Plan
  9. BCP Training
  10. Batch jobs/job scheduler
  11. Handing of failed jobs
  12. Incident Management
  13. Problem Management

Domain 8: ERP Applications General Security Settings

  1. General Security Aspects
  2. Objectives
  3. CIA – Confidentiality, Integrity and Availability
  4. General Security Threats
  5. Network Security  Breaches
  6. Handling of Electronic Media
  7. Security Requirements / Configurations
  8. Malicious Code  Monitored
  9. Data Classification
  10. Hard Copy Management
  11. Patch Management

Domain 9: IT Service Delivery

  1. Robust IT Service Delivery Model
  2. Governance
  3. Organization
  4. Operational Process
  5. Performance Management
  6. Service Delivery Model Process
  7. SLA – Service Level Agreements

$3,000.00

Overview:

  • This course is for those that are interested in a career in IT Audit, Compliance,
    Governance, Risk and Controls (GRC), or Cybersecurity. This course teaches the
    foundational principles that are needed to successfully complete Logical Security
    testing during IT Audits.
  • This course is for those that are new to IT Audit but understand the general concepts
    around IT controls and testing. This course is also valuable for those looking to
    refresh their basic knowledge about IT Audits, specifically Logical Security Testing.
    This course teaches the practical aspects of conducting testing for Logical Security
    controls and is not focused on the CISA certification. CISA aspirants can still benefit
    from taking this course because they will learn and better understand basic IT Audit
    concepts in preparation for the exam.
  • The focus of the course is to teach concepts around testing Logical Security controls
    and does not focus on technologies or platforms. The reason is because the
    foundational principles are what new auditors really need. When you understand the
    auditing concepts, you can apply them to any technology or platform that is being
    audited.