IT Audit Fundamentals | ITGC – Logical Security Testing
Upon completion of this course, students will be able to identify several Logical
Security controls and perform testing for IT audits by properly evaluating the design
and operating effectiveness of each control. This course also teaches students how to identify and perform testing for Physical Security controls.
During IT audit projects based on selected Logical Security controls, the IT auditor (course student) should be able to:
- Identify Logical Security controls to test,
- Evaluate the design and operating effectiveness of Logical Security controls by identifying and performing adequate testing procedures, and
- Evaluate the need for compensating controls, if applicable.
- Recognize Information Technology (IT) risks.
- Explore the primary types of IT Controls
- Identify IT Controls that mitigate specific risks
- Explore practices to assist with IT control implementation
- ITGC Audit Templates
- ITGC System Summary
- ITGC Overview Diagram
- ITGC SOD (Segregation of duties)
- ITGC Questionnaire
- ITGC Report
Information Assurance Training
IT Audit/ ITGC Framework/ SOX 404 Testing
Risk Management Framwork-RMF(NIST)
SOC1, SOC2, SOC3 (SSAE 18) Compliance Training
ERP - SAP Audit Framework (End To End Testing Training)
ERP - JDE Audit Framework (End To End Testing Training)
Non ERP Audit Framework Trainings (End To End Testing Training)
On Job Support For All Audits
Domains (Syllabus)
Domain 1: Risk Management
- Risk Assessment
- Risk Treatment
- Risk Mitigation
- Threat/Vulnerability/Impact
- What is Control Testing?
Domain 2: Governance
- Policy
- Procedure
- Guidelines
- Standards
Domain 3: Change Management Business Process
- Change Authorization
- Change Approval
- Risk Control Matrix (RCM) of Change Management
- Critical/Emergency Changes and how to handle those?
- SoD – Segregation of Duties
- Version Management/Source Code Management
- What is Production, test and development environments? What is the difference?
- UAT/System testing/Integrated testing
- Post Implementation Review
Domain 4: Identity and Access Management Business Process
- Provisioning Controls
- De-Provisioning Controls
- Privilege Controls testing
- SoD – Segregation of Duties
- Fire fighter user accounts
- SSO – Single sign-on
- Password Management
- Authentication vs Authorization
- How governance play a role?
- Enterprise Management
- Logical Access
- Remote Access Management
- Direct Database Access
- SoD – Segregation of Duties
- Access Recertified
Domain 5: Project Management
- Unapproved Projects and the risk associated with it.
- Project Charter
- SoW – Statement of Work
- Ineffective Project Planning
- Ineffective Project Monitoring
- Project plans and risk associated with it.
Domain 6: Physical and Environmental Security
- Site Facility design consideration.
- Perimeter Security
- Internal Security
- Facilities Security
- Data Centre Security
- Unmitigated Environmental Threats
- Inappropriate Access
- Inappropriate Environmental Controls
- Access Recertification
Domain 7: IT Service Operations
- ITSCM Objectives
- BIA
- IT Service Continuity Planning
- Availability Monitored
- Backup Management
- Back up Integrity Verification
- Offsite Storage
- BCP and DR Plan
- BCP Training
- Batch jobs/job scheduler
- Handing of failed jobs
- Incident Management
- Problem Management
Domain 8: ERP Applications General Security Settings
- General Security Aspects
- Objectives
- CIA – Confidentiality, Integrity and Availability
- General Security Threats
- Network Security Breaches
- Handling of Electronic Media
- Security Requirements / Configurations
- Malicious Code Monitored
- Data Classification
- Hard Copy Management
- Patch Management
Domain 9: IT Service Delivery
- Robust IT Service Delivery Model
- Governance
- Organization
- Operational Process
- Performance Management
- Service Delivery Model Process
- SLA – Service Level Agreements
$3,000.00
Overview:
- This course is for those that are interested in a career in IT Audit, Compliance,
Governance, Risk and Controls (GRC), or Cybersecurity. This course teaches the
foundational principles that are needed to successfully complete Logical Security
testing during IT Audits. - This course is for those that are new to IT Audit but understand the general concepts
around IT controls and testing. This course is also valuable for those looking to
refresh their basic knowledge about IT Audits, specifically Logical Security Testing.
This course teaches the practical aspects of conducting testing for Logical Security
controls and is not focused on the CISA certification. CISA aspirants can still benefit
from taking this course because they will learn and better understand basic IT Audit
concepts in preparation for the exam. - The focus of the course is to teach concepts around testing Logical Security controls
and does not focus on technologies or platforms. The reason is because the
foundational principles are what new auditors really need. When you understand the
auditing concepts, you can apply them to any technology or platform that is being
audited.