Day 1 - Tuesday 05 July, 2022
Opening Session (11:00 To 11:10)
Opening Remarks & Introduction
Session One (11:10 To 13:10)
IT Governance
- Understand IT Governance
- How Digital Transformation is Impacting Governance
- Understand audit’s role in supporting IT Governance
- Develop and analyze a risk management program
- Identify Information Security roles and responsibilities
IT Governance Frameworks: the case of COBIT 2019
IT Resource Planning & Optimization
IT Benefits Realization
Quiz & Break
Session Two (13:30 To 15:30 )
IT Audit and Assurance Standards
- IT Audit Framework
- External Standards & Frameworks
- Privacy & Regulatory Compliance
IT Systems Development Life Cycle
- Identify and determine controls around a project management plan
- Understand traditional and modern SDLC approaches to business application development
- DevOps and DevSecOps
- Continuous Development & Continuous Integration (CI/CD)
- Understand key risks and controls relevant to application development
Quiz & Lunch Break
Session Three ( 16:20 To 18:20)
IT General Controls: Logical Security
- Identity and Access Management
- User Behaviour Analytics
- Privileged Account Management
- Multi Factor Authentication
IT General Controls: Resiliency
- Business Continuity Planning (BCP)
- Disaster Recovery (DR)
- Cyber Resilency
- End of Day Group Interactive Discussion
- 30 mins Take-Home Exercise
Day 2 - Wednesday 06 July, 2022
Recap of Day 1 (11:00 To 11:10)
Session One (11:10 To 13:10)
IT Risk Management
- Overview of Enterprise Risk Management
- Principles of IT Risk Management
- Frameworks & Standards
- Develop and analyze a risk management program
- Responsibilities and Accountability for IT Risk
IT Risk Identification
- Collect event data, monitor risk and report exposures and opportunities
- Understand organizational risks and how to mitigate them to provide assurance
IT Risk Assessment
- Develop a risk assessment process and related mitigation strategies
- Develop an audit or internal assessment plan
Risk Response and Mitigation
- Risk Response Strategies
- A consultative approach to developing effective risk response
- Selection of appropriate, effective controls
Quiz & Break
Session Two (13:30 To 15:30)
“Planning and Executing a Risk - based IT General Controls Review” for a typical enterprise.
The following tasks will be carried out:
- Perform a Risk Assessment
- Determining the Audit Scope
- Testing IT General Controls
Cloud & Virtualized Infrastructure Walkthrough
- Amazon: AWS
- Google: GCP
- Controls: Governance & IAM
- AWS Cloud Audit Certification
Quiz & Lunch Break
Session Three ( 16:20 To 18:20)
Continuation of “Planning and Executing a Risk‐based IT General Controls Review”
The following tasks will be carried out:
- Testing cybersecurity controls on a sample web application and Active Directory using technical tools such as Nmap, Metasploit and Mimikatz
- Documenting findings
API – Walkthrough against the OWASP API Security Top 10
End of Day Group Interactive Discussion
Closing Remarks