Course Information
Intermediate IT Audit School
Parking for SAO, Professional Development courses is in Garage B (1511 San Jacinto Blvd.). The Garage signage may read 1511 San Jacinto or Garage B. The elevator in Garage B is not reliable. If you are unable to walk the stairs, please contact the professionaldevelopment@sao.texas.gov for alternate parking arrangements. Handicapped parking is free at the meters around the downtown area.
A course coordinator will email you a parking permit prior to the course start date. A permit must be displayed or you will be ticketed.
Course Description
This course will reinforce and enhance the principles of assessing IT risks. Participants will examine ways to incorporate and implement the elements of risk assessment and audit planning; identify and apply pertinent audit and security resources; utilize tools of evaluating logical security; evaluate risks within database management systems; monitor risks within change management; test network perimeter security and cloud computing; evaluate threats within the internet of things, and add value in the IT auditor’s organization regarding business continuity and disaster recovery planning and IT governance. The participant will also emerge with increased skills regarding effective communication and presentation of the results of the IT audit to various levels of leadership within the organization. The participant will be engaged through case studies of real-life examples and scenarios and acquire a wealth of resources, templates, and guides that can be adapted to and incorporated into any industry.
Course Objectives
Upon completion of this course, participants will be able to:
List key characteristics, advantages, and disadvantages of virtualization.
Assess key considerations when preparing audit programs of virtualized environments.
Outline key considerations when preparing audit programs of virtualization disaster recovery programs.
List key risks and controls related to virtualized environments.
Detailed Course Outline
Lecture format due to volume of content. Agenda items can be removed or deprioritized to allow for a more interactive learning experience.
Risk Assessment and Audit Planning
IT risk definition
IT threats and risks
Building the IT audit program
Audit and Security Resources
NIST cybersecurity framework
Center for Internet Security (CIS)
COSO
COBIT
IIA GTAGs
ISO 27000 Security Standards
FISMA – NIST SP800-53 R5
Logical Security
Logical security concepts
Social engineering
Malware
User identification and authentication
User authorization
Privileged access monitoring
Log management
Vulnerability assessments
Middleware
Virtualization
Audit considerations
Database Management Systems (DBMS)
Database management system concepts
Relational databases
Non-relational databases
DBMS audit considerations
Change Management
Change management
Patch management
Security configuration management (SCM)
Network Perimeter Security
Network perimeter security concepts
OSI network protocol model
Network ports and services
Network addressing
Firewalls
Demilitarized zone (DMZ)
Intrusion detection systems (IDS/IPS)
Zero-trust models
Endpoint security
Virtual private networks (VPNs)
Wireless
Cloud Computing
Cloud characteristics
Cloud service models
Cloud deployment models
Cloud security
Cloud security organizations
Cloud SOC reports
Cloud risks
Audit considerations – contract
Audit considerations – ongoing
Internet of Things (IoT)
Defining the internet of things (IoT)
IoT Improvement Act
Code of Practice for Consumer IoT Security
NIST considerations for IoT
IoT security foundation
OWASP Top 10 Risks
Business Continuity and Disaster Recovery Planning
Disaster recovery planning (DRP) concepts
Disaster recovery planning (DRP) components
Disaster recovery planning (DRP) audit considerations
IT Governance
Defining IT governance
IT governance – ISACA Guidance
IT governance – IIA Guidance
Organization and Presentation of Information
Key components and strategies
Prerequisites
IT Audit School or equivalent experience.
Instructors
Rob Clark, Jr., Chief Audit & Compliance Officer for Howard University, is a nationally recognized authority in internal audit, risk management, compliance and with over 30 years of industry experience. He is a highly rated and engaging speaker and instructor with a gift of being able to connect with his audience in an impactful way. He has created numerous audit classes through ACI Learning and is frequently requested instructor.
He joined Howard in July 2020 and has been leading the internal audit and compliance team to implement best practices. Prior to HU, he served as the Chief Audit & Compliance Officer at Clark Atlanta University. Prior to that he served as the Chief Audit Executive at Georgia Tech and the University of Nebraska, and Audit Manager at Massachusetts Institute of Technology.
He has held leadership positions as President of the Association of College and University Auditors (ACUA); President and now Board Member of the Institute of Internal Auditors (IIA)- Atlanta Chapter. He has served as a teaching faculty member of the IIA, the College Business Management Institute (CBMI), ACI Learning, and has been a highly sought-after speaker for dozens of organizations such as ACUA, The IIA, AGA, DCSHRM, NACUBO, EDUCAUSE, The Chronicle of Higher Education, Office of Inspectors General, SACUBO, Federal Reserve, and many others.
He holds professional designations as a Certified Internal Auditor, Certified Compliance and Ethics Professional, Certified Information Systems Auditor, and Certified Business Manager.? He is a Board Member of the National Speakers Association – GA; a Certified Virtual Presenter through eSpeakers; a CTM through Toastmasters; and has performed stand-up comedy at the Punchline Comedy Club, Laughing Skull, and numerous other engagements.
Although he spent over 20 years in Georgia, he still never developed a taste for grits.