Technology Systems Auditing

Name: Technology Systems Auditing
Rating: 4.0 (19 reviews)

Technology Systems Auditing Training Course

Created byStone River eLearning

Last updated 6/2021

English

What you'll learn

Understand the IS audit process
Plan audit and Perform risk analysis
Put in place internal controls
Learn about different phases of IS audit
Understand the role of governance in IT/IS
Make policies, procedures and identify risks
Create information security policy document
Conduct management reviews of the policy document
Perform risk management
Create insourcing and outsourcing strategy
Perform organizational quality management
Create project management structure
Introduce application development best practices
Plan IS operations and business resiliency plans
Define RPO/RTO
Develop disaster recovery plan
Protect information assets
Identify exposures and vulnerabilities
Understand role of encryption in data protection
Learn the basics of computer forensics

Course content

5 sections • 183 lectures • 10h 5m total length

The IS Audit Process1:52
Topic A: The Auditing Process and Auditors0:41
Definitions4:46
Types of Auditors5:33
The Auditing Process (1)1:46
The Auditing Process (2)2:05
The Auditing Process (3)4:15
Audit Planning Process12:58
Topic B: Risk Analysis0:50
Risk Analysis Defined9:30
Assessing Countermeasures14:28
Steps of Assessment2:18
Motivations for Risk Analysis2:59
Topic C: Internal Controls0:44
Internal Controls: Objectives & Procedures6:25
Internal Control Types5:28
Internal Controls (Preventative)0:47
Internal Controls (Detective)1:09
Internal Controls (Corrective)3:30
Goals of Internal Controls1:09
Goals of Internal Controls2:10
General Control Methods/Types2:41
The IS Audit Process1:26
Audit Classifications0:47
Audit Classifications4:51
Phases of the Audit Process (Page 1)0:58
Phases of the Audit Process (Page 2)4:05
Inherent Risks During Audits0:57
A Risk-Based Audit Approach1:46
Evidence1:58
Evidence Gathering Techniques1:04
Computer Assisted Audit0:39
Control Self-Assessment (CSA)1:14
Chapter 1 Review1:47
Quiz 1

Chapter 2 - Governance and Management of IT1:16
Topic A: The Role of Governance0:33
IT Governance5:17
IT Governance4:20
Governance Defined2:15
Relationship Structure1:07
Role of Auditor2:28
Role of Auditor4:57
Practices & Procedures1:33
Practices & Procedures3:08
Information Security Governance2:15
Information Security Governance5:23
Information Security Governance3:44
Information Security Governance0:30
Results of Security Governance0:28
Goals of Security Governance0:40
Topic B: Policies, Procedures, and Risk0:43
IT Governance1:27
Policies6:30
Policies5:13
Information Security Policy Document8:30
Information Security Policy Document2:56
Management Reviews3:19
Management Reviews1:11
Procedures5:46
Procedures2:53
Risk Management - Approaches4:57
Risk Management1:32
IT Risk Management - Levels0:22
Topic C: IT Governance & Personnel Management0:24
IS Management Practices4:32
Personnel Management7:10
Sourcing IS Functions8:52
Insourcing and Outsourcing Strategy3:09
Insourcing and Outsourcing Strategy10:43
Change Management3:01
Change Management6:49
Organizational Quality Management2:34
Quality Management4:42
Organizational Quality Management3:20
Performance Management9:46
Organizational Quality Management4:08
Chapter 2 Review4:18
Quiz 2

IS Operations, Maintenance, and Support2:35
Topic A: Project Management0:57
Project Management Structure10:26
Project Management Structure9:23
Example Organizational Chart7:13
Practical Project Management5:20
Practical Project Management – 5 Steps3:08
Topic B: Software Development and Acquisition0:24
Business Application Development2:59
Business Application Development1:30
Traditional SDLC Approach9:07
Software Development Risks5:32
Alternative Development Methods1:19
Explore alternative development methods beyond the waterfall model and learn how newer software models address evolving modern development challenges, sometimes outperforming traditional approaches in specific situations.
Alternative Development Methods0:25
Agile Development5:09
Prototyping1:22
Prototyping1:16
R.A.D. – Rapid Application Deployment1:48
R.A.D. – 4 Stages1:10
Other Alternative Development Methods2:03
Topic C: Infrastructure Development and Acquisition1:02
Infrastructure Development and Acquisition9:44
Analysis of Physical Infrastructures2:48
4 Steps to Planning Infrastructure Implementation1:38
Hardware / Software Acquisition9:03
Maintaining Information Systems1:39
Change Management Standards0:39
Change Management Standards0:57
Application Controls2:10
Auditor Tasks1:30
Input Controls2:58
Data Validation Checks1:32
Data Validation Checks0:17
Explore data validation checks by inspecting a database for table contents and potential duplicates, illustrating how validation ensures data quality and consistency.
Output Controls2:36
Chapter 3 Review3:49
Quiz 3

IS Operations and Business Resilience1:47
Topic A: Networking Models0:40
Networking Models1:07
Advantages of Reference Models2:14
The OSI Model0:55
Reliability0:58
Topic B: IS Network Infrastructure1:04
Network Types9:37
Network Topology11:16
VPN Defined7:29
Wireless Specifications5:01
Topic C: Business Continuity & Disaster Recovery1:27
BCP/DR2:39
Definitions5:33
BCP/DR - 7 Steps to Recovery7:45
BCP/DR Incident Classification2:16
Business Impact Analysis - BIA4:50
RPO and RTO5:08
Recovery Strategies6:14
Topic D: Recovery0:08
Categories of Recovery Strategies5:17
Business Recovery1:48
Facilities, Materials, and Supplies5:18
Facilities, Materials, and Supplies0:50
Data Recovery4:51
Topic E: Disaster Recovery0:30
Disaster Recovery Plan (DRP) Development3:12
Prepare for disasters by staging equipment, training, and drills to ensure readiness. Define the disaster declaration process, assign responsibilities, and formalize service level agreements with outside providers and internal teams.
BCP & DR - Teams1:56
Identify who should join the disaster recovery team by mapping skills, leadership, and department stakeholders, and predefine roles through incident modeling and staffing.
BCP Components6:34
R.A.I.D.4:55
Insurance1:41
Business Continuity Plan (BCP) Testing1:22
Types of BCP/DR Testing Strategies4:24
Auditing BCP/DR1:33
Business Continuity Management (BCM) Institutes and Organizations1:16
Business Continuity Management (BCM)1:04
Chapter 4 Review1:28
Quiz 4

Protection of Information Assets1:16
Topic A: Protecting Data0:20
Key Elements, Roles, and Responsibilities2:13
Key Elements, Roles, and Responsibilities2:46
Classifying Information Assets2:39
System Access Permission1:42
Topic B: Threats and Vulnerabilities0:32
4 Categories of Attacks3:53
Exposures and Vulnerabilities7:57
Exposures and Vulnerabilities1:08
Exposures and Vulnerabilities3:08
Topic C: Access Controls0:47
Logical Access Paths1:21
Identification and Authentication Mechanisms7:18
Strong Password Policy6:07
Identification and Authentication Mechanisms3:09
Authorization3:18
Dealing with Data3:45
LAN Security1:12
Client-Server Security5:26
Firewall3:19
Intrusion Prevention Service (IPS)1:40
Honeypot (HP)1:36
Topic D: Encryption1:04
Encryption Mechanisms3:57
Encryption Mechanisms1:47
Symmetric vs. Asymmetric6:12
Topic E: Auditing Practices0:13
Auditing IS Management Framework2:23
Auditing Logical Access1:39
Penetration Testing3:59
Penetration Testing1:21
Computer Forensics5:20
Chapter 5 Review1:33
Quiz 5

Requirements

It is expected that the candidates taking part in this course have a basic know-how of the information security management, business critical information, cyber security, data loss protection and other technologies. However, this course comprehensively covers the topics related to information systems auditing and policy making.

Description

Information systems have become a crucial component of modern organizations, with many business processes relying heavily on these systems. The data contained within these systems is critical for any enterprise's operations. As the usage of information systems grows, so does the need to protect and secure them. With this increased reliance, the risks of cyberattacks and security threats—such as ransomware, data theft, hacking, forgery, and brute-force attacks—are also on the rise. Attackers are increasingly targeting organizations with inadequate control and protection mechanisms. This course equips candidates with the knowledge and tools necessary to implement effective controls and policies to safeguard their information systems and assets from unauthorized access and data breaches.

The Information Systems Auditor course is a comprehensive program designed to familiarize candidates with the IS audit process, governance, IT management, and the maintenance and support of information systems. It covers key aspects such as business resilience and the protection of information assets. These assets can take various forms, including databases, files, documents, images, and software. The course emphasizes techniques and methods for protecting data, regardless of its format within the organization.

The course covers all essential areas required to become an effective information systems auditor, providing participants with the skills and knowledge to perform audits efficiently. Additionally, the course serves as valuable preparation for relevant certifications, enhancing candidates’ professional qualifications in the field of information systems auditing.

Who this course is for:

Information systems auditors
Chief information security officers
Manager information security
Manager cyber security
Information system managers
Candidates aspiring for CISA certification

Technology Systems Auditing

What you'll learn

Explore related topics

Course content

The IS Audit Process34 lectures • 1hr 50min

Chapter 2 - Governance and Management of IT43 lectures • 2hr 39min

Chapter 3 - IS Operations, Maintenance, and Support35 lectures • 1hr 55min

Chapter 4 - IS Operations and Business Resilience37 lectures • 2hr 6min

Chapter 5 - Protection of Information Assets34 lectures • 1hr 36min

Requirements

Description

Who this course is for: