Course Information
CyberAudits of Remote Access and Mobile Computing
Parking for SAO, Professional Development courses is in Garage B (1511 San Jacinto Blvd.). The Garage signage may read 1511 San Jacinto or Garage B. The elevator in Garage B is not reliable. If you are unable to walk the stairs, please contact the professionaldevelopment@sao.texas.gov for alternate parking arrangements. Handicapped parking is free at the meters around the downtown area.
A course coordinator will Email you a parking permit prior to the course start date. A permit must be displayed or you will be ticketed.
Course Description
Remote access has long been a way of life for many in the auditing, sales, and IT support professions, but the advent and implications of global pandemics has dramatically expanded the population to include everyday remote, work from home workers. The increased use of remote access and mobility has brought a lot of realized risks including: reduced employee supervision, ransomware attacks, phishing and identity theft, and data compromise. In this timely and highly relevant workshop, we will identity major control points and the significant risks associated with remote access and mobile computing. CyberSecurity best practices and practical audit techniques associated with remote access and mobile computing will be presented. In this seminar, we will discuss:
• Define control points and significant risks associated with remote access and mobile device security
• Identify best practices for controlling and securing remote access and mobile devices
• Develop practical procedures for auditing the control and security of remote access and mobile device security
• Locate sources of additional information and tools associated with remote access and mobile device security
Course Objectives
Upon completion of this course, participants will be able to:
• Identify and analyze key risks and compliance requirements associated with logical access control
• Determine the key building blocks of logical access control
• Locate typical logical access control points in infrastructure and applications
• Implement industry best practices for logical access controls
• Identify tools and techniques for auditing logical access controls
Detailed Course Outline
• Auditing Remote Access and Virtual Private Networks (VPNs)
o Remote access and mobility security risks
o Remote access protocols, services, and applications
o VPN endpoint configurations—remote access, network-to-network
o VPN controls and safeguards
o VPN configuration audits
o Wireless access considerations
o Network encryption testing
• Auditing Enterprise Security Services
o User identification and authentication credentials
o Network authentication services (RADIUS, TACACS+)
o Enterprise directory services
• Auditing Mobile Device Security
o Mobile device risks
o Device and data ownership issues and responsibilities
o Mobile device controls and safeguards
o End-point security
o Mobile device management (MDM) / Enterprise mobility management (EMM)
• Wrap-Up Summary
Prerequisites
Introduction to IT Auditing or equivalent training. A basic understanding of IT audit controls and terminology is assumed.
Y, 4.23(k)
Instructors
Ken Cutler is a Senior Teaching Fellow with CPEi, specializing in Technical Audits of IT Security and related IT controls. He is the President and Principal Consultant for Ken Cutler & Associates (KCA) InfoSec Assurance, an independent consulting firm delivering a wide array of Information Security and IT Audit management and technical professional services. He is also the Director – Q/ISP (Qualified Information Security Professional) programs for Security University. An internationally recognized consultant and trainer in the Information Security and IT audit fields, he is certified and has conducted courses for: Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) and CompTIA Security+. In cooperation with Security University, he recently was featured in two full length training videos on CISSP and Security+.
Ken was formerly Vice-President of Information Security for MIS Training Institute (MISTI), Chief Information Officer of Moore McCormack Resources, a Fortune 500 company. He also directed company-wide IS programs for American Express Travel Related Services, Martin Marietta Data Systems, and Midlantic Banks, Inc. Ken has been a long-time active participant in international government and industry security standards initiatives.
He is a prolific author on information security topics and has been frequently quoted in popular trade publications, including Computerworld, Information Security Magazine, Infoworld, Information Week, CIO Bulletin, and Healthcare Information Security Newsletter, and has been interviewed in radio programs My Technology Lawyer and Talk America.
Ken received Bachelor of Science degree in Business Administration and Computer Science degree from SUNY Empire State College. He received a Bachelor’s of Science in economics from the University of Massachusetts and a Masters in Public Administration (MPA) with a major in Finance from Suffolk University. Ken is a Certified Governmental Financial Manager, Certified Information Systems Auditor, Certified Information Security Manager, Certified Fraud Examiner, Certified Quality Assurance specialist, and Certified in the Governance of Enterprise IT.
Additional Information
TAC Rule 523.142(g) requires the CPE Sponsor to monitor individual attendance and assign the correct number of CPE credits. Participants will be asked to document their time of arrival and departure in compliance with this Rule. Additionally, attendance will be monitored throughout the day and CPE certificates will reflect actual attendance of each participant.
If you are making travel plans to come to Austin, we recommend making "refundable" air and hotel reservations or waiting until 14 days before the class to actually book your reservations. Courses are occasionally canceled or rescheduled due to low enrollment. We determine whether a course has enough participants 16 days prior to the course date. If we cancel or reschedule, we will email the participant and his or her billing contact no later than 14 days before the original class date.
Vending machines with Coca-Cola products and various snack items are available. There is also a refrigerator and microwave in our coffee bar area. Feel free to bring in your own drinks and food if you prefer.
You might want to bring a light sweater or jacket, as room temperatures vary.
To see answers to our Frequently Asked Questions, visit http://www.sao.texas.gov/training/faq.html.