|
This seminar, designed specifically for government
and private-sector IT Auditors, will provide the tools and techniques
needed to effectively understand and audit modern distributed
and web-based applications. The control techniques that
are used to address risk in distributed and web-based systems
are substantially different from the traditional techniques
used in legacy mainframe environments. Unlike many generic
Application Auditing seminars, this seminar will focus specifically
on distributed system control techniques and the unique risks
of the supporting technologies. This seminar addresses
infrastructure controls (network security, electronic communications,
etc.) as well as application and middleware controls (transactional
integrity, application recoverability, etc.) that protect the
reliability and integrity of critical data. Every module
of this seminar will outline “best practice” control
techniques and include suggested audit procedures. The
seminar incorporates standard auditing control objectives such
as GAO’s FISCAM, ISACA’s COBIT, and ISACF’s
Objectives for NetCentric Technology. The lectures and
seminar materials will complement these established guidelines
by providing practical steps for performing effective audits
of modern network-based and web applications.
Outline:
-
Information Technology Risk
-
Auditing Change Management
-
Auditing Network Security Management
-
Auditing Operating System Security
-
Auditing Data Management
-
Auditing Application Security Management
-
Auditing Input/Output Controls
-
Auditing Transactional Integrity
-
Auditing Application Recoverability
-
Auditing Object-Oriented and Java Applications
-
Auditing
Systems Management
-
Auditing Electronic Communications
-
Auditing Encryption & VPNs
-
Auditing Database Management
-
Application Security Architectures
-
Auditing Data Accuracy & Validation
-
Auditing Balancing & File Version Controls
-
Auditing Tuxedo
-
Auditing Web-based Applications
|
