INFORMATION TECHNOLOGY SECURITY AUDIT
Jakarta | 03 – 05 Maret 2015 | Rp 5.000.000
Jakarta | 27 – 29 Mei 2015 | Rp 5.000.000
Jakarta | 28 – 30 Juli 2015 | Rp 5.000.000
Jakarta | 09 – 11 September 2015 | Rp 5.000.000
Jakarta | 10 – 12 November 2015 | Rp 5.000.000
Descriptions
The IT Security Audit course is designed to provide practical view in conducting IT audit and assurance in one organization. The course is designed to support professional staffs to expand their understanding of information technology (IT) audit.
The course presents a more in-depth view on the fundamentals of IT auditing by highlighting on topics such as: IT audit and control analysis, examination of control evidence in conducting IT audit, application control, Operating System and IT Infrastructure audit, and management of IT audit.
The course will include discussion and exercises related to general control examinations and application system auditing. The course will alsofocus on control research and analysis for IT-related topic areas. In addition, through discussion and exercises, participants will gain a workingunderstanding of the process of developing audit work programs encompassing all elements of IT infrastructures.
Participants will be expected to gain a working understanding of how to identify, reference and implement IT management and control policies, standardsand related auditing standards. Regarding the latter, the objective is to learn how to identify and interpret the requirements of the standards and. implement the standards in auditing process.
ITSecuity Auditingcovers the latest auditing tools alongside real-world examples, ready-to-use checklists, and valuable templates.
Each class session will include discussion on an ITaudit management, security, control or audit issues that participants should be familiar with.
Objectives
At the completion of this course, the participants should be able to :
- Participants shall obtain an expanded understanding on the role of IT auditors in evaluating IT-related operational and control risk and in assessing theappropriateness and adequacy of management control practices and IT-related controls inside participants’ organization, with the focus on IT infrastructures
- The partipants shall obtain the capabilityon how to analyze Windows,UNIX, and Linux systems; secure databases; examine wireless networks and devices; and audit applications. Plus, participants get up-to-date information on legal standards and practices,privacy and ethical issues, and the CobiT standard.
- Participants shall obtain the capability in conducting IT audit and implement techniques in performing assurance, attestation, and audit engagements
- Capability to build and maintain an IT audit function within the organization with maximum effectiveness and value
- Participants shall obtain an expanded familiarity with the principle references in IT governance, control and security as related to IT audit
- Participants shall obtain the working ability to plan, conduct, and report on information technology audits with specific focus on infrastructure vulnarability assesment and assurance, and drill down upon application vulnarabilities
- Participants shall obtain an understanding of the role of IT auditors regarding IT-related compliance and regulatory audits, such as evaluatingcontrol standards
- Capability to use best prractices and methodologies such as: COSO, CobiT, ITIL, ISO, and NSA INFOSEC
Target Audience
- IT Managers
- Security Managers
- Auditing Staffs
- IT Operation Staffs
Course Contents and Descriptions
Audit Overview
The class session will focus on IT audit concepts and processes, which includes: review of some of the key fundamentals ofIT auditing, including general auditing standards, risk-based auditing, pre-audit objectives, determining scope and audit objectives, and the processof performing an IT audit. The class session will include discussion on IT performance, controls, control self-assessment, risk analysis, and theobjectives of the ITaudit or assurance report.
Building an Effective Internal IT Audit Function
The class session will focus on management issues regarding how to manage IT audit andassurance functions. The class material will include developing and assessing staff knowledge and skills, competency measurement, assignment ofstaff, documentation and continuing education requirements.
The Audit Process
Perform ITauditinaccordancewithITauditstandards,guidelinesandbest practicesto assisttheorganizationsinensuringthatits informationtechnologyand business systemareprotectedand controlled.
Auditing Techniques
Describing all techniques which are available to implelemented for IT infrastructure auditing
Auditing Entity-Level Controls
Describing all entities control level which encompassing embedded controls in the areas such as:
- Operating system control in UNIX-, Linux-, and Windows-based operating systems
- Controls in network routers, switches, firewalls, WLANs, and mobile devices
- Entity-level controls, data centers, and disaster recovery plans
- Controls in Web servers, platforms, and applications
- Database critical controls
Auditing Data Centers and Disaster Recovery
Describe how to conduct data center as disaster recovery site with all supporting infrastructures
Auditing Switches, Routers, and Firewalls
Describe how to perform auditing on network infrastructure and networkappliances
Auditing Windows Operating Systems
Describe how to conduct auditing on operating system using effective and control-piercing methodology within the Windows operating system environment
Auditing Unix and Linux Operating Systems
Describe how to conduct auditing on operating system using relia and control-focus methodology within the Unix operating system environment
Auditing Web Servers
Describe how to perform auditing on Web Servers infrastructure and net DMZ devices
Auditing Databases
Describe how to perform auditing on organization’s Database and all operating support elements
Auditing Applications
Describe how to perform auditing on organization’s Enterprise Applications and the supporting modules
Auditing WLAN and Mobile Devices
Describe how to perform auditing on Wide Area Network infrastructure and interfaceable mobile devices
Trainer :
Dr. Ir. Fauzi Hasan, MM, MBA
Dr. Fauzi Hasan Pada saat ini adalah President American Academy untuk Chapter Indonesia yang melingkupi American Academy of Project Management dan American Academy of Finance Management yang berpusasat di Colorado Spring, Colorado USA.
Pengalaman Dr. Fauzi Hasan diperkaya dengan keterlibatannya pada beberapa proyek terkait Business Process Modeling dan Improvement yang selaras dengan standard dan metodologi CMMI (Capability Maturity Model and Integration), dimana dalam akhir dekade ini banyak membantu organisasi Pemerintah dan Bank dalam membangun dan mengimplementasi Crisis Management Strategy seperti pembuatan BCP (Business Continuity Plan) dan DRP (Disaster Recovery Plan).
Dr. Fauzi Hasan telah memberikan kontribusi langsung untuk penyelesaian dan keberhasilan penerapan Frameworks dan Best Practices seperti: ITIL, COBIT, PMBOK, Prince2, TOGAF, ISO 20000, ISO 27000, ISO 38500, COSO dan yang lain diberbagai bidang industri. Sebagai seorang profesioal yang kompeten di bidang teknologi informasi, manajemen proyek dan proses bisnis ini dibuktikan dengan dimilikinya sejumlah sertifikat Internasional terkait tata kelola teknologi informasi dan industri (IT and Industrial Goverannce).
Dr. Fauzi Hasan dalam karirnya sebagai executive telah bekerja di beberapa perusahaan lokal maupun internasional seperti: Philips Netherlands, Sony , Warner Lambert, Singapore Technology Logistics, Hewlett-Packard, EMTEK Group, Intergraph, Jatis eCom-Sumitomo Group, dan ERESHA Group.
Duration :
3 Days
Investasi :
- Rp 5.000.000,-
- termasuk ( Souvenir, Flash disk, materi hand-out dan CD modul, 2x coffee break, makan siang dan sertifikat )
Tempat :
Hotel Harris Tebet, Jl. Dr. Sahardjo No. 191 – Jakarta Selatan