Opening Remarks  & Introduction

IT Governance

• Understand IT Governance
• How Digital Transformation is Impacting Governance
• Understand audit’s role in supporting IT Governance
• Develop and analyze a risk management program
• Identify Information Security roles and responsibilities

IT Audit and Assurance Standards

• IT Audit Framework
• External Standards & Frameworks
• Privacy & Regulatory Compliance

Quiz

IT Systems Development Life Cycle

• Identify and determine controls around a project management plan
• Understand traditional and modern SDLC approaches to business application development
• DevOps and DevSecOps
• Continuous Development & Continuous Integration (CI/CD)
• Understand key risks and controls relevant to application development

IT General Controls: Logical Security

• Identity and Access Management
• User Behaviour Analytics
• Privileged Account Management
• Multi Factor Authentication

IT General Controls: Resiliency

• Business Continuity Planning (BCP)
• Disaster Recovery (DR)

Quiz

End of Day Group Interactive Discussion

IT General Controls: Change and Patch Management

• Application Code Version Control
• Release Management: System Upgrades
• Managing Infrastructure & Application Changes
• Balancing the need to patch software and the potential for incidents arising from patches

IT Application & Interface Controls

• Authentication & Authorisation
• APIs
• Encryption
• Logging
• Fraud & Anomaly Detection

Quiz

End of day whiteboard working session
This will be a practical, interactive group exercise on “Planning and Executing a Risk - based IT General Controls Review” for a typical enterprise. The following tasks will be carried out:

• Perform a Risk Assessment
• Determining the Audit Scope
• Testing IT General Controls on a sample web application using technical tools such as Nmap, Metasploit and Mimikatz
• Documenting findings

Cloud Computing

• Cloud Computing Architecture
• Cloud Computing Security
• Cloud Computing Audit & Assurance
• Shadow IT

Group Practical Exercise: Introduction to Amazon AWS Infrastructure

Cyber Security Auditing

• Perimeter
• Database
• Web Applications

Quiz
Group Practical Exercise: Auditing Amazon AWS Infrastructure
Cyber Security: Case Study
End of day whiteboard working session with case study of a prominent organization which has suffered two serious privacy breaches that leaked citizens’ medical data. We shall review the incident management and remedial measures.

IT Risk Management

• Overview of Enterprise Risk Management
• Principles of IT Risk Management
• Frameworks & Standards
• Develop and analyze a risk management program
• Responsibilities and Accountability for IT Risk

IT Risk Identification

• Collect event data, monitor risk and report exposures and opportunities
• Understand organizational risks and how to mitigate them to provide assurance

Quiz

IT Risk Assessment

• Develop a risk assessment process and related mitigation strategies
• Develop an audit or internal assessment plan

Risk Response and Mitigation

• Risk Response Strategies
• A consultative approach to developing effective risk response
• Selection of appropriate, effective controls
• Case Study

Quiz