Day 1 - Tuesday 06 April, 2021
Opening Session (10:40 To 11:00)
Opening Remarks & Introduction
Session One (11:00 To 13:15)
IT Governance
- Understand IT Governance
- How Digital Transformation is Impacting Governance
- Understand audit’s role in supporting IT Governance
- Develop and analyze a risk management program
- Identify Information Security roles and responsibilities
IT Audit and Assurance Standards
- IT Audit Framework
- External Standards & Frameworks
- Privacy & Regulatory Compliance
Quiz
Break
Session Two (13:45 To 16:00)
IT Systems Development Life Cycle
- Identify and determine controls around a project management plan
- Understand traditional and modern SDLC approaches to business application development
- DevOps and DevSecOps
- Continuous Development & Continuous Integration (CI/CD)
- Understand key risks and controls relevant to application development
IT General Controls: Logical Security
- Identity and Access Management
- User Behaviour Analytics
- Privileged Account Management
- Multi Factor Authentication
IT General Controls: Resiliency
- Business Continuity Planning (BCP)
- Disaster Recovery (DR)
Quiz
End of Day Group Interactive Discussion
Day 2 - Wednesday 07 April, 2021
Session One (11:00 To 13:15)
IT General Controls: Change and Patch Management
- Application Code Version Control
- Release Management: System Upgrades
- Managing Infrastructure & Application Changes
- Balancing the need to patch software and the potential for incidents arising from patches
IT Application & Interface Controls
- Authentication & Authorisation
- APIs
- Encryption
- Logging
- Fraud & Anomaly Detection
Quiz
Break
Session Two (13:45 To 16:00)
End of day whiteboard working session
This will be a practical, interactive group exercise on “Planning and Executing a Risk - based IT General Controls Review” for a typical enterprise. The following tasks will be carried out:
- Perform a Risk Assessment
- Determining the Audit Scope
- Testing IT General Controls on a sample web application using technical tools such as Nmap, Metasploit and Mimikatz
- Documenting findings
Day 3 - Thursday 08 April, 2021
Session One (11:00 To 13:15)
Cloud Computing
- Cloud Computing Architecture
- Cloud Computing Security
- Cloud Computing Audit & Assurance
- Shadow IT
Group Practical Exercise: Introduction to Amazon AWS Infrastructure
Break
Session Two (13:45 To 16:00)
Cyber Security Auditing
- Perimeter
- Database
- Web Applications
Quiz
Group Practical Exercise: Auditing Amazon AWS Infrastructure
Cyber Security: Case Study
End of day whiteboard working session with case study of a prominent organization which has suffered two serious privacy breaches that leaked citizens’ medical data. We shall review the incident management and remedial measures.
Day 4 - Friday 09 April, 2021
Session One (11:00 To 13:15)
IT Risk Management
- Overview of Enterprise Risk Management
- Principles of IT Risk Management
- Frameworks & Standards
- Develop and analyze a risk management program
- Responsibilities and Accountability for IT Risk
IT Risk Identification
- Collect event data, monitor risk and report exposures and opportunities
- Understand organizational risks and how to mitigate them to provide assurance
Quiz
Break
Session Two (13:45 To 16:00)
IT Risk Assessment
- Develop a risk assessment process and related mitigation strategies
- Develop an audit or internal assessment plan
Risk Response and Mitigation
- Risk Response Strategies
- A consultative approach to developing effective risk response
- Selection of appropriate, effective controls
- Case Study
Quiz
Feedback And Closing Remarks