Opening Remarks  & Introduction

IT Governance

• Understand IT Governance
• How Digital Transformation is Impacting Governance
• Understand audit’s role in supporting IT Governance
• Develop and analyze a risk management program
• Identify Information Security roles and responsibilities

IT Governance Frameworks: the case of COBIT 2019
IT Resource Planning & Optimization
IT Benefits Realization

IT Audit and Assurance Standards

• IT Audit Framework
• External Standards & Frameworks
• Privacy & Regulatory Compliance

IT Systems Development Life Cycle

• Identify and determine controls around a project management plan
• Understand traditional and modern SDLC approaches to business application development
• DevOps and DevSecOps
• Continuous Development & Continuous Integration (CI/CD)
• Understand key risks and controls relevant to application development

IT General Controls: Logical Security

• Identity and Access Management
• User Behaviour Analytics
• Privileged Account Management
• Multi Factor Authentication

IT General Controls: Resiliency

• Business Continuity Planning (BCP)
• Disaster Recovery (DR)
• Cyber Resilency
• End of Day Group Interactive Discussion
• 30 mins Take-Home Exercise

Recap of Day 1

IT Risk Management

• Overview of Enterprise Risk Management
• Principles of IT Risk Management
• Frameworks & Standards
• Develop and analyze a risk management program
• Responsibilities and Accountability for IT Risk

IT Risk Identification

• Collect event data, monitor risk and report exposures and opportunities
• Understand organizational risks and how to mitigate them to provide assurance

IT Risk Assessment

• Develop a risk assessment process and related mitigation strategies
• Develop an audit or internal assessment plan

Risk Response and Mitigation

• Risk Response Strategies
• A consultative approach to developing effective risk response
• Selection of appropriate, effective controls

“Planning and Executing a Risk - based IT General Controls Review” for a typical enterprise.
The following tasks will be carried out:

• Perform a Risk Assessment
• Determining the Audit Scope
• Testing IT General Controls

Cloud & Virtualized Infrastructure Walkthrough

• Amazon: AWS
• Google: GCP
• Controls: Governance & IAM
• AWS Cloud Audit Certification

Continuation of “Planning and Executing a Risk‐based IT General Controls Review”
The following tasks will be carried out:

• Testing cybersecurity controls on a sample web application and Active Directory using technical tools such as Nmap, Metasploit and Mimikatz
• Documenting findings

API – Walkthrough against the OWASP API Security Top 10
End of Day Group Interactive Discussion